Zero Data Retention
Fireworks does not log or store prompt or generation data for open models, without explicit user opt-in. See our Zero Data Retention Policy.Secure Data Handling
Data Ownership & Control: Customers maintain ownership of their data. Customer data stored as part of an active workflow can be permanently deleted with auditable confirmation, and secure wipe processes ensure deleted assets cannot be reconstructed. Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Bring Your Own Bucket: Customers may integrate their own cloud storage to retain governance and apply their own compliance frameworks.- Datasets: External Google Cloud Storage Integration (AWS S3 coming soon)
- Models: External AWS S3 Bucket Integration
- (Coming soon) Encryption Keys: Customers may choose to use their own encryption keys and policies for end-to-end control.
Workload Isolation
Dedicated workloads run in logically isolated environments, preventing cross-customer access or data leakage.Technical Safeguards
- Device Trust: Only approved, secured devices with strong authentication can access sensitive Fireworks systems.
- Identity & Access Management: Fine-grained access controls are enforced across all Fireworks environments, following the principle of least privilege.
- Network Security
- Private network isolation for customer workloads.
- Firewalls and security groups prevent unauthorized inbound/outbound traffic.
- DDoS protection is in place across core services.
- Monitoring & Detection: Real-time monitoring and anomaly detection systems alert on suspicious activity
- Vulnerability Management: Continuous scanning and patching processes keep infrastructure up to date against known threats.
Operational Security
- Security Reviews & Testing: Regular penetration testing validates controls.
- Incident Response: A formal incident response plan ensures swift containment, customer notification, and remediation if an issue arises.
- Employee Access: Only a minimal subset of Fireworks personnel have access to production systems, and all access is logged and periodically reviewed.
- Third-Party Risk Management: Vendors and subprocessors undergo rigorous due diligence and contractual security obligations.
Compliance & Certifications
Fireworks aligns with leading industry standards to support customer compliance obligations:- SOC 2 Type II (certified)
- ISO 27001 / ISO 27701 / ISO 42001 (in progress)
- HIPAA Support: Firework is HIPAA compliant and supports healthcare and life sciences organizations in leveraging our rapid inference capabilities with confidence.
- Regulatory Alignment: Controls are mapped to GDPR, CCPA, and other international data protection frameworks
Documentation and audit reports are available in our Trust Center.