Trust center

Trust is our product. Here is how we earn it ourselves.

AetherLab asks institutions to make decisions on our evidence, so our own data handling, security posture, and operational record need to hold up to the same scrutiny. This page consolidates security, privacy, and compliance in one place.

01Operational record

Measured continuity, stated plainly.

We publish what we measure and avoid dressing it up as something it isn't.

Every hour, 90 days

AetherLab has served production traffic every hour for the last 90 days. That is our measured continuity record. We state it as such, not as a formal SLA or uptime percentage.

150,000+ checks/day

Text and image checks, 17 billion+ tokens screened monthly, with every verdict logged alongside its rationale.

No single judge

Verdicts are adjudicated by multiple models with layered fallbacks, so one model failure or provider outage does not decide a check or stop the service on its own.

02Data

How your data is handled.

Your data never trains our models

Customer content is processed to produce verdicts and logs for you; it is not used to train models.

Encryption in transit and at rest

TLS for every connection; encryption at rest on AWS-managed infrastructure in us-east-1.

Customer isolation

Customer data is segregated per tenant, with access limited to what your engagement requires.

Retention & deletion

Log retention is configurable per engagement, and deletion requests are honored. Ask us about your requirements.

03Security

Access and controls.

API keys per environment

Separate keys for development and production, rotation supported, x-api-key authentication.

Least-privilege operations

Internal access to production systems is role-based and limited to operational need.

Auditable checks

Every guardrail check returns a verdict, threat level, and rationale, so your logs explain themselves.

Responsible disclosure

Found a vulnerability in AetherLab systems? Report it to security@aetherlab.co. We acknowledge reports promptly and keep reporters informed through remediation.

04Compliance

An honest compliance posture.

We would rather state our posture precisely than borrow badges.

Privacy regulations

Architecture designed to support customers' GDPR and CCPA obligations: data isolation, deletion support, and configurable retention.

AI frameworks

Assessment evidence structured for reference against NIST AI RMF functions and EU AI Act obligations. See the Evidence Pack.

Certifications

We run on AWS infrastructure that carries its own certifications. Where our customers need formal attestations from us, we address it directly in the engagement. Just ask.

Diligence us.

Security questionnaires, architecture reviews, data-flow questions: send them. Answering scrutiny is the business we chose.

Ask about the Evidence Pack

Leave your email and we'll walk you through what an Evidence Pack contains for your use case: severity-scored findings, business-impact mapping, and the approval record.