At SUPA, we are committed to ensuring the highest level of security and data privacy for our customers. We understand that the sensitive nature of our work requires the highest level of protection. As such, we have taken steps to ensure our security measures exceed industry standards. Our security program is designed to safeguard customer data and ensure the confidentiality, integrity, and availability of data across all our systems.
We have provisioned administrative roles and associated privileges based on the principle of ‘least privilege’ and ‘need-to-know’ basis. All stakeholders interacting with data are required to sign a non-disclosure agreement (NDA) to maintain confidentiality of all data. We maintain an audit trail of all actions on our proprietary image annotation platform for monitoring and accountability.
We are committed to protecting customer privacy and anonymity. We never disclose the name of our clients to our workforce, and only permit access to data for annotators who have successfully completed our assessments. Annotators’ access is further limited to prevent access of entire datasets, historical data, or backtracking functions.
All unlabeled and labeled data, metadata and private user information are encrypted at rest using AES-256. We use ISO/IEC 27001 certified AWS cloud storage, which provides server-side encryption using AWS’s default keys. Data is automatically decrypted when accessed by an authorized user. When in transit, data is encrypted via Transport Layer Security (TLSv1.2+) between customers and our servers, and via HTTPS and SSH within our internal network. We also support self-hosted assets on customers’ choice of cloud platform using signed urls or delegated access. In addition, we maintain data segmentation to keep each client's data separate, and we can provide dedicated hosts upon request.
If you have any questions or concerns about our security practices, please do not hesitate to contact us.
GDPR is a European privacy law that governs the collection, use, and processing of personal data of EU citizens. We have adopted and implemented core principles of GDPR to ensure the responsible handling of personal data: