Skip to main content
At Fireworks, protecting customer data is at the core of our platform. We design all of our systems, infrastructure, and business processes to ensure customer trust through verifiable security & compliance. This page provides an overview of our key security measures. For documentation and audit reports, see our Trust Center.

Zero Data Retention

Fireworks does not log or store prompt or generation data for open models, without explicit user opt-in. See our Zero Data Retention Policy.

Secure Data Handling

Data Ownership & Control: Customers maintain ownership of their data. Customer data stored as part of an active workflow can be permanently deleted with auditable confirmation, and secure wipe processes ensure deleted assets cannot be reconstructed. Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Bring Your Own Bucket: Customers may integrate their own cloud storage to retain governance and apply their own compliance frameworks. Access Logging: All customer data access is logged, monitored, and protected against tampering.

Workload Isolation

Dedicated workloads run in logically isolated environments, preventing cross-customer access or data leakage.

Technical Safeguards

  • Device Trust: Only approved, secured devices with strong authentication can access sensitive Fireworks systems.
  • Identity & Access Management: Fine-grained access controls are enforced across all Fireworks environments, following the principle of least privilege.
  • Network Security
    • Private network isolation for customer workloads.
    • Firewalls and security groups prevent unauthorized inbound/outbound traffic.
    • DDoS protection is in place across core services.
  • Monitoring & Detection: Real-time monitoring and anomaly detection systems alert on suspicious activity
  • Vulnerability Management: Continuous scanning and patching processes keep infrastructure up to date against known threats.

Operational Security

  • Security Reviews & Testing: Regular penetration testing validates controls.
  • Incident Response: A formal incident response plan ensures swift containment, customer notification, and remediation if an issue arises.
  • Employee Access: Only a minimal subset of Fireworks personnel have access to production systems, and all access is logged and periodically reviewed.
  • Third-Party Risk Management: Vendors and subprocessors undergo rigorous due diligence and contractual security obligations.

Compliance & Certifications

Fireworks aligns with leading industry standards to support customer compliance obligations:
  • SOC 2 Type II (certified)
  • ISO 27001 / ISO 27701 / ISO 42001 (in progress)
  • HIPAA Support: Firework is HIPAA compliant and supports healthcare and life sciences organizations in leveraging our rapid inference capabilities with confidence.
  • Regulatory Alignment: Controls are mapped to GDPR, CCPA, and other international data protection frameworks
Documentation and audit reports are available in our Trust Center.