Trust Center

Security you can rely on

Your workloads run on infrastructure that is guarded, monitored and tested around the clock — by engineers who treat your uptime and your data as if they were our own.

Security by design

Controls are part of the blueprint, not an add-on. Every facility system, network segment and internal tool is planned with least privilege, access logging and failure isolation in mind. Changes go through review, and designs are revisited as threats evolve.

Security by default

The safest configuration is the one customers get out of the box: isolated networks, encrypted storage, hardened base images and logged administrative access — for every customer, on every tier.

Compliance

Compliance you can build on

We operate our facility and platform in alignment with internationally-recognized security and privacy frameworks. Formal third-party audits are in progress; current evidence packages are available to customers and prospects under NDA — contact us to request the latest package.

ISO/IEC 27001-aligned operations Tier III design principles Thailand PDPA-conscious hosting SOC 2-style controls

Framework alignment

Our policies and controls are built on widely-accepted industry security and privacy frameworks. Internal audits run on a fixed calendar, and findings are tracked to closure.

Privacy regulations

Hosting is designed around Thailand’s PDPA, with GDPR-aware data processing for international customers — including data processing agreements and residency options.

Regulated workloads

Healthcare and financial workloads get isolated environments, custom DPAs and evidence packs mapped to sector expectations (HIPAA-style safeguards, PCI DSS-aware operations).

Key management

Built-in key management with customer-managed keys on request — your encryption, your control, our operations.

Zero-retention inference

Token Factory dedicated endpoints support zero-retention mode: prompts and responses are never written to persistent storage.

Data residency

Data stays in Thailand by default. Residency commitments are contractual, not aspirational.

SLA reports on request Compliance documents under NDA Audit support for your assessors

How we protect you

Key security features

Data center security

Biometric access with anti-tailgating, CCTV coverage, 24×7 on-site guards and visitor escort — every entry is logged and reviewable.

Secure SDLC

Code review, dependency scanning and staged rollouts for the platform itself — the same discipline we ask of our customers.

Vulnerability management

Continuous scanning, risk-ranked remediation SLAs and scheduled penetration tests of infrastructure and platform services.

Monitoring & incident management

Our 24×7 NOC watches facility, network and platform telemetry in real time. Incidents follow a documented runbook with customer notification windows you define.

Third-party risk management

Vendors and contractors are assessed before access is granted, and reassessed periodically — including hardware supply-chain checks.

Access management

Role-based access, MFA everywhere, just-in-time elevation for administrative actions, and full audit trails.

Encrypted at rest and in transit

Customer data benefits from encryption on the wire and on disk. Managed services encrypt storage by default; private links and customer-facing control channels use modern TLS. Keys are managed under strict separation of duties, with customer-managed key options for private cages and regulated workloads.

  • Encrypted at rest on managed storage
  • TLS 1.2+ on all public and management channels
  • Optional customer-managed keys
Illustration of data encrypted in transit and at rest with a padlock

Isolation

Customer workload isolation

Network isolation

Every deployment gets its own segmented VLANs and routed prefixes — no shared broadcast domains, no uninvited neighbors.

Bare-metal isolation

Dedicated servers are single-tenant by definition — disks are wiped and firmware verified between customers.

Cluster isolation

GPU clusters use unique fabric partition keys, so tenant traffic never mixes even on shared InfiniBand.

Shared responsibility

Who is responsible for what

Security is a partnership. We secure the infrastructure layer; you secure what you put on it. The table below shows the default split — managed services can move more of the stack to our side.

LayerInfraeon responsibleCustomer responsible
Physical facilityPerimeter security, guards, biometric access, CCTVAuthorizing and escorting your own visitors
Power & cooling2N UPS & generators, N+1 cooling, environmental monitoring
Network fabricCore network availability, DDoS-filtered upstream, tenant isolationOwn routing, firewalls, VPN endpoints
Hypervisor & bare metalSecure provisioning, firmware updates, disk wiping between tenants
OS & applicationsPatching where managed services are contractedOS hardening, patching, secure application code
Data & accessEncryption options, access controls on infrastructure systemsIAM, credentials, encryption keys, backups

On top of the platform

Security services

Identity & access management

Centralized account control with MFA, role-based permissions and audit logs for customer accounts.

Audit logs

Administrative actions on managed services are logged and available to you — compliance evidence without the archaeology.

DDoS protection

Upstream filtering and rate-limiting absorbs common attacks before they reach your racks. Always on — included, not optional.

Data protection

Privacy and data protection

PDPA compliance

We process personal data in line with Thailand’s Personal Data Protection Act — see our Privacy Policy for details, and ask us about DPAs.

Data residency in Thailand

Customer data is hosted in our Bangkok facility by default. If your regulators care about where bytes sleep, the answer is simple: here, and only here.

Privacy by default and design

We collect the minimum, retain it only as needed, and never use customer data for advertising. Access is role-scoped and logged.

Responsible disclosure

Report a security issue

If you believe you’ve found a vulnerability in our infrastructure or services, we want to hear from you. Please give us a reasonable window to investigate and remediate before any public disclosure — we will keep you informed along the way.

Email our security team

Start your journey today

Tell us about your workload — an engineer, not a sales bot, will get back to you within one business day.