Trust center
Trust is our product. Here is how we earn it ourselves.
AetherLab asks institutions to make decisions on our evidence, so our own data handling, security posture, and operational record need to hold up to the same scrutiny. This page consolidates security, privacy, and compliance in one place.
Measured continuity, stated plainly.
We publish what we measure and avoid dressing it up as something it isn't.
Every hour, 90 days
AetherLab has served production traffic every hour for the last 90 days. That is our measured continuity record. We state it as such, not as a formal SLA or uptime percentage.
150,000+ checks/day
Text and image checks, 17 billion+ tokens screened monthly, with every verdict logged alongside its rationale.
No single judge
Verdicts are adjudicated by multiple models with layered fallbacks, so one model failure or provider outage does not decide a check or stop the service on its own.
How your data is handled.
Your data never trains our models
Customer content is processed to produce verdicts and logs for you; it is not used to train models.
Encryption in transit and at rest
TLS for every connection; encryption at rest on AWS-managed infrastructure in us-east-1.
Customer isolation
Customer data is segregated per tenant, with access limited to what your engagement requires.
Retention & deletion
Log retention is configurable per engagement, and deletion requests are honored. Ask us about your requirements.
Access and controls.
API keys per environment
Separate keys for development and production, rotation supported, x-api-key authentication.
Least-privilege operations
Internal access to production systems is role-based and limited to operational need.
Auditable checks
Every guardrail check returns a verdict, threat level, and rationale, so your logs explain themselves.
Responsible disclosure
Found a vulnerability in AetherLab systems? Report it to security@aetherlab.co. We acknowledge reports promptly and keep reporters informed through remediation.
An honest compliance posture.
We would rather state our posture precisely than borrow badges.
Privacy regulations
Architecture designed to support customers' GDPR and CCPA obligations: data isolation, deletion support, and configurable retention.
AI frameworks
Assessment evidence structured for reference against NIST AI RMF functions and EU AI Act obligations. See the Evidence Pack.
Certifications
We run on AWS infrastructure that carries its own certifications. Where our customers need formal attestations from us, we address it directly in the engagement. Just ask.
Diligence us.
Security questionnaires, architecture reviews, data-flow questions: send them. Answering scrutiny is the business we chose.
Ask about the Evidence Pack
Leave your email and we'll walk you through what an Evidence Pack contains for your use case: severity-scored findings, business-impact mapping, and the approval record.