Security & trust
Built to clear security review.
lab358 runs entirely inside your own AWS account. Your data, your documents, and your indices never leave your perimeter — which is exactly what your security team needs to hear.
Security guarantees
Runs in your AWS account
Conversion, indexing, storage, and serving all happen inside your own VPC — not on our infrastructure.
Your data never leaves your perimeter
Prompts, documents, indices, and outputs stay in your account. Nothing is sent to a third-party API.
No per-token exfiltration or lock-in
Because inference runs in your cloud, there's no metered third-party endpoint seeing your content.
Procured through AWS Marketplace
Deploys into your account using your existing AWS agreement — fast security and procurement sign-off.
You own the keys and the instances
You control the IAM roles, encryption keys, networking, and the instance types it runs on.
Compliance roadmap
We're honest about where we are. Here's the current status.
- SOC 2 Type II
- In progress
- Data residency (in-account)
- Available today
- Penetration test
- Planned
Reference architecture
A deployment diagram, supported instance types, and a one-page security brief your team can take into review.
Bring us to your security team.
We'll walk through the architecture and answer the review questions directly.
Request a security review