perit.ai
Security

Built for the highest-stakes training data.

Perit handles clinical records, legal documents, and proprietary research data for frontier AI labs. Our security program is designed for environments where a single data breach could compromise model training integrity or patient privacy.

SOC 2 Type IIISO 27001HIPAAGDPRCCPACross-account S3Customer-scoped KMSSigned provenancePenetration testedBackground checks
Security controls

Defense in depth.

Encryption at rest and in transit

All data encrypted with AES-256 at rest. TLS 1.3 for data in transit. Customer-scoped KMS keys with automatic rotation.

Customer-owned infrastructure

Training data delivered to customer-owned S3 buckets via cross-account IAM roles with external-ID and least-privilege scope. No shared storage.

Audit visibility

Independent CloudTrail logging for all data access events. Customers receive read-only audit access to their delivery pipeline.

Access control

Role-based access with MFA enforced for all internal systems. Expert credentials segregated from customer project data.

Compliance certifications

SOC 2 Type II and ISO 27001 attested annually. HIPAA compliant for medical-domain engagements. GDPR and CCPA-ready data processing with signed DPAs.

Incident response

Documented incident response plan with 24-hour customer notification for confirmed breaches affecting their data.

Responsible disclosure

Report a vulnerability

If you discover a security vulnerability in Perit's systems, please report it to security@perit.ai. We commit to acknowledging reports within 48 hours and providing a remediation timeline within 7 business days. We do not pursue legal action against good-faith security researchers.

For enterprise customers requiring a signed Data Processing Agreement, see our DPA page.