Headed to ACS San Diego? Join us for Happy Hour!

Security Policy

Our products are covered in our SOC 2 Type 2 report and have been evaluated by an independent third-party auditor to confirm that our controls align with industry standards for security and confidentiality. Request access to our SOC 2 Report below to learn more about our security controls and compliance activities.

Data Security

Data Backups

Deep Origin captures backups on a regular basis to ensure internal and customer data is protected from loss according to our Business Continuity and Disaster Recovery procedures.  All backup materials are encrypted using AES-256.

Data Deletion / Data Retention

Deep Origin may securely retain API inputs and outputs at varying lengths to provide the services and to identify abuse. After their respective retention timeframe, API inputs and outputs are removed from our systems, unless we are legally required to retain them.

Encryption-at-rest

All customer data is encrypted at-rest using AES-256. Deep Origin is committed to following encryption best practices per industry guidelines and continually reviews the rigor of current encryption standards

Encryption-in-transit

All customer data is encrypted in-transit using TLS 1.2/1.3.

Physical Security

Physical security is managed by AWS.

Application Security

Code Analysis

Deep Origin utilizes peer review, automated testing, and static code analysis to proactively identify issues in our code and third party dependencies.

Credential Management

Deep Origin utilizes standard authentication and authorization mechanisms to securely salt, hash, and store all user credentials. Additionally, a secure key vault is used to manage infrastructure secrets.

Secure Development Policy

Deep Origin’s Secure Development Policy mandates peer review, automated testing, and static code analysis prior to deployment into production

Vulnerability & Patch Management

Deep Origin adheres to a formal vulnerability management process.

Web Application Firewall

Deep Origin utilizes WAF services on all points of ingress to monitor web traffic, detect anomalies, and deploy rulesets in service of our reliability commitments.

Data Privacy

AI Governance

Deep Origin captures backups on a regular basis to ensure internal and customer data is protected from loss according to our Business Continuity and Disaster Recovery procedures.  All backup materials are encrypted using AES-256.

AI Risk Management

Deep Origin’s teams are dedicated to developing a deep understanding of both known and potential unknown risks, integrating enhanced safety and ethical reasoning into our foundational models.

AI Security

Deep Origin's teams are dedicated to implementing system-level mitigations across our products. This comprehensive approach ensures that our AI systems are secured against evolving threats and privacy concerns, maintaining high standards of safety and compliance

AI Training Data and Bias

At Deep Origin, we recognize the importance of addressing AI safety challenges, particularly in the context of training data and potential biases.

Data Privacy

Data Breach Notifications

In the event of a data breach involving customer data, notifications will be sent in accordance with the terms of our MSA.

Employee Privacy Training

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, and Phishing.

Access Control

Data Access

Deep Origin internal system access is adherent to the principles of least privilege, separation of duties, subject to regular review by administrators, documented with clear rationales for provisioning and changes, and revoked according to termination policies.

Logging

The Deep Origin environment is subject to constant monitoring for anomalous activity. Logs are stored in our SIEM Tooling.

Password Security

Deep Origin has a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are required to meet industry standard complexity requirements and are stored in a company managed password manager.

Infrastructure

AWS

The Deep Origin infrastructure is hosted on Amazon Web Services in multiple regions.

Business Continuity & Disaster Recovery

Deep Origin maintains a Business Continuity and Disaster Recovery plan, which is tested, reviewed and approved annually. Deep Origin also conducts regular testing of critical services, backup systems and operational infrastructure to ensure business continuity requirements are met.

Infrastructure Security

Deep Origin employs infrastructure-as-code (IaC) techniques to securely deploy and manage resources within our operational environment. This enables rapid provisioning and scaling while ensuring that all deployments meet security standards.

Separate Production Environment

At Deep Origin, production, staging, and development environments are maintained as distinct entities to safeguard operational integrity and data confidentiality. In these separate environments, customer data is strictly prohibited from use in non-production settings, thus ensuring that developmental and testing activities do not compromise data security.

Endpoint Security

Disk Encryption

To protect the confidentiality and integrity of information stored on all employee endpoints, DeepOrigin mandates full-disk encryption. Additionally, we continuously monitor endpoint security to promptly identify and investigate any anomalous activity.

Endpoint Detection & Response

All employee endpoints are protected with an advanced EDR solution. Endpoint security signals
are monitored regularly for anomalous activity.

Mobile Device Management

Deep Origin centrally manages and secures all employee endpoints through a Mobile Device
Management (MDM) solution. This systematic management allows us to enforce security
policies, distribute software and updates, and monitor endpoint integrity.

Threat Detection

Deep Origin's Security Team actively monitors the environment for known attacker tactics, techniques, and procedures (TTPs), as well as known malicious binaries and other suspicious activities. These regular activities are complemented by periodic reviews and investigations into anomalous activities to discover unknown threats.

Network Security

Firewall

Deep Origin utilizes a combination of traditional firewalls, AWS (N)ACLs, and KubeArmour (to provide specialized firewall capabilities for Kubernetes environments) policy to secure the infrastructure end-to-end. These tools allow us to monitor and control the flow of network traffic, preventing unauthorized access and ensuring data integrity and security.

IDS

Our network activity is logged to identify potential security threats such as unauthorized access or anomalous behavior. These systems are critical for the early detection of attacks, allowing us to identify attackers and other anomalous behavior and generate alerts for further investigation.

Security Information and Event Management

Deep Origin prioritizes the secure and centralized storage of crucial infrastructure logs. Our SIEM systems continuously monitor these logs, enabling real-time analysis to detect, alert, and mitigate potential threats promptly.

Corporate Security

Asset Management Practices

Deep Origin is committed to maintaining asset management practices that span both virtual and physical assets. Our asset management policy is designed to identify and catalog organizational assets and is updated annually.

Employee Training

Deep Origin is committed to maintaining a high level of security and privacy awareness among its personnel through comprehensive annual training programs. This training covers critical topics such as password management, mobile device security, social engineering tactics, physical security, phishing attacks, and compliance with regulations.

HR Security

To ensure the integrity and security of our operations, all new Deep Origin employees undergo a thorough background check and sign a non-disclosure agreement upon joining. These measures are part of our annually reviewed HR security policy, which mandates compliance with company policies and procedures.

Incident Response

Deep Origin maintains a documented Incident Response Plan. This plan is systematically reviewed, tested, and approved by appropriate stakeholders on an annual basis to ensure readiness and effectiveness in responding to security incidents.

Internal Assessment

Deep Origin engages in annual risk assessments. These assessments are designed to identify and address vulnerabilities within our operational environment. The findings from these assessments are reviewed and considered by an executive risk committee, which integrates these insights into broader organizational strategic planning.

Internal SSO

We utilize Single Sign-On (SSO) technology to simplify and secure the authentication process for our internal applications and to reduce the attack surface associated with multiple passwords and login credentials.

Penetration Testing

Deep Origin engages in third-party penetration testing annually and upon the release of new products to proactively identify and address security vulnerabilities within our systems. The outcomes of these tests are documented, and any findings are prioritized for remediation according to their severity.

Security Operations Center

Deep Origin operates an in-house Security Operations Center (SOC), managed by our security team. This center ensures continuous security monitoring as our activity logs are continually assessed by detection algorithms. All identified errors and anomalies are logged and analyzed through our centralized Security Information and Event Management (SIEM) system.

Policies

Acceptable Use Policy

Deep Origin requires all employees to adhere to an annually updated Acceptable Use Policy. This policy is crafted to prevent unauthorized disclosure, modification, removal, or destruction ofinformation stored across our media platforms.

Access Control Policy

Our Access Control Policy defines how access is provisioned for employees.

Code of Conduct

Employees are required to agree to our Code of Conduct during onboarding.

Cryptography Policy

We have an internal cryptography policy that defines key management and encryption standards and procedures.

Data Management Policy

All data in our platform is classified based on our Data Management Policy.

Incident Response Policy

We maintain an Incident Response plan in the event of a security related incident.

Information Security Policy

Our Information Security Policy defines the roles and responsibilities for all employees.

Operations Security Policy

We have an Operations Security Policy that defines how we log and monitor our network.

Risk Assessment/Management Policy

We have a Risk Management Policy to ensure that we conduct risk assessments on a regular basis.

Secure Development Policy

Developers are required to review and accept our Secure Development Policy annually.

Third Party Management Policy

We have a Third Party Management Policy that requires due diligence and NDAs for external parties.

Vulnerability Management Policy

We have documented Vulnerability Management policies.

We value your privacy

We use statistics cookies to help us improve your experience of our website. By using our website, you consent to our use of cookies. To learn more, read our Privacy Policy and Cookie Policy.