Hyperbolic is committed to protecting your data and maintaining the highest security standards across our platform. This page outlines our security measures, compliance status, and best practices for securing your account.
Infrastructure security
Hyperbolic’s infrastructure is designed with security as a foundational principle.
Data center security
- Geographically distributed data centers with physical access controls
- 24/7 monitoring and surveillance
- Redundant power and networking systems
- Environmental controls and fire suppression
Network security
- Network segmentation and isolation between tenants
- DDoS protection and traffic monitoring
- Encrypted communications between all internal services
- Regular security assessments and penetration testing
Data protection
Encryption
| Data State | Encryption |
|---|
| In transit | TLS 1.2+ for all API communications |
| At rest | AES-256 encryption for stored data |
- Each GPU instance runs in an isolated environment
- No shared memory or storage between tenant instances
- Network isolation between customer workloads
- Secure instance termination with data wiping
Access controls
Hyperbolic uses multiple layers of authentication and authorization:
- API key authentication - All API requests require valid API keys
- SSH key authentication - Public key authentication for GPU instance access
- No shared credentials - Each user has unique credentials
- Session management - Automatic session expiration and secure token handling
Compliance
Hyperbolic is actively working toward industry compliance certifications. Contact [email protected] for the latest compliance status and documentation. SOC 2
Hyperbolic is pursuing SOC 2 Type II certification, which evaluates:
- Security - Protection against unauthorized access
- Availability - System availability for operation and use
- Processing integrity - System processing is complete and accurate
- Confidentiality - Information designated as confidential is protected
- Privacy - Personal information is collected and used appropriately
GDPR
For customers processing data subject to GDPR, Hyperbolic provides:
- Data processing agreements (DPAs) upon request
- Data residency options for EU-based processing
- Support for data subject access requests
- Clear data retention and deletion policies
Contact [email protected] for GDPR-related inquiries and DPA requests.
HIPAA
Hyperbolic is not currently HIPAA-certified. Do not process Protected Health Information (PHI) on the platform without consulting our team first.
- Contact us to discuss your specific compliance requirements
- We can work with you on Business Associate Agreements (BAAs) for qualified use cases
- Enterprise customers may have access to dedicated, compliant infrastructure
Contact [email protected] for healthcare and HIPAA-related discussions.
Vulnerability reporting
Hyperbolic takes security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
How to report
Email [email protected] with:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any supporting evidence (screenshots, logs, etc.)
What to expect
- Acknowledgment - We’ll acknowledge receipt within 48 hours
- Investigation - Our security team will investigate the report
- Updates - We’ll keep you informed of our progress
- Resolution - We’ll work to resolve valid vulnerabilities promptly
- Recognition - With your permission, we’ll acknowledge your contribution
Responsible disclosure
We ask that you:
- Give us reasonable time to address the issue before public disclosure
- Avoid accessing or modifying other users’ data
- Act in good faith to avoid privacy violations and service disruptions
Best practices
Follow these recommendations to keep your Hyperbolic account secure.
API key security
Treat your API key like a password. Anyone with your key can make requests on your behalf and incur charges.
| Practice | Description |
|---|
| Use environment variables | Store keys in HYPERBOLIC_API_KEY, never hardcode |
| Never commit to repos | Add .env files to .gitignore |
| Rotate periodically | Generate new keys if you suspect compromise |
| Separate environments | Use different keys for development and production |
| Monitor usage | Review billing for unexpected charges |
# Set the environment variable
export HYPERBOLIC_API_KEY="your-api-key-here"
# Use in your application
import os
api_key = os.environ.get("HYPERBOLIC_API_KEY")
SSH key security
| Practice | Description |
|---|
| Use strong key types | Prefer Ed25519 or RSA with 4096 bits |
| Protect private keys | Set permissions to 600 (chmod 600 ~/.ssh/id_ed25519) |
| Use passphrases | Add a passphrase to your private key for extra protection |
| Don’t share keys | Each team member should have their own key pair |
| Audit regularly | Remove unused keys from your account |
# Generate a secure Ed25519 key with a passphrase
ssh-keygen -t ed25519 -C "[email protected]"
Account security
- Use a strong, unique password - Don’t reuse passwords from other services
- Enable 2FA when available - Two-factor authentication adds an extra layer of security
- Review active sessions - Log out of sessions you don’t recognize
- Monitor billing - Set up alerts for unusual spending patterns
- Keep contact info current - Ensure you can receive security notifications
Instance security
When using On-Demand GPU instances:
- Keep software updated - Apply security patches to your instance OS and applications
- Use firewalls - Configure instance firewalls to allow only necessary traffic
- Don’t expose unnecessary ports - Only open ports required for your application
- Secure your applications - Follow security best practices for any services you deploy
- Clean up sensitive data - Remove sensitive files before terminating instances
Support
For security-related questions or concerns:
| Contact | Purpose |
|---|
| [email protected] | Vulnerability reports, security questions |
| [email protected] | Compliance inquiries, DPAs, BAAs |
| [email protected] | General account security issues |
Next steps
