New pricing: More AI power, less cost!
Learn more

Book a call with our team to learn more about compliance at RunPod
Book a call

Compliance at RunPod

Welcome to RunPod's Compliance and Security Documentation. As a leading GPU cloud services provider dedicated to supporting businesses in constructing AI-enabled applications, our commitment to transparency, security, and adherence to industry standards remains unparalleled.

1. Introduction

The purpose of this document is twofold:
  1. To offer an overview of our security protocols, measures, and strategies, ensuring our clientele and stakeholders understand the lengths we go to in safeguarding their data and workloads.
  2. To present an overview of the compliance certifications and standards upheld by our network of data centers. Given the varied compliance levels across our partner data centers, this document aims to shed light on what our clients can expect, irrespective of where their data resides.
Scope and Applicability
This document serves as a general guide for all current and prospective clients of RunPod, particularly for those who emphasize compliance and security in their choice of a GPU cloud services provider. RunPod, as a cloud orchestrator, partners with a diverse range of data centers, each with its unique compliance and security standards. Therefore, the information provided here primarily offers an overview of the security and compliance certifications prevalent across our partnered data centers. However, it's important to note that these standards can vary significantly from one data center to another, depending on their location. We encourage stakeholders seeking detailed, region-specific information about compliance and security standards to schedule a call with our team here. Such a discussion will provide a more precise and tailored understanding of the measures in place at the specific data center of interest, ensuring alignment with your specific requirements and expectations.

2. Executive Summary

Brief on Security and Compliance Commitment
In the fast-evolving realm of AI application development, security and compliance aren't mere checkboxes; they're foundational pillars. At RunPod, our commitment to these pillars isn't a byproduct of regulatory necessity—it's an integral aspect of our ethos. We understand the magnitude of trust our clients place in us, and it is our pledge to consistently uphold, if not surpass, that trust.
AI-enabled applications are at the forefront of technological advancement, and the data they process is often sensitive and proprietary. Recognizing the importance of this data, RunPod ensures that, from data ingress to processing and storage, every interaction point is bolstered by robust security measures.
Moreover, our collaborations with data centers around the world mandate a stringent review of their compliance certifications. Our aim is to offer a platform where businesses, irrespective of their size or domain, can confidently build, knowing they're backed by a security-first GPU cloud services provider.
High-Level Security Measures Overview
RunPod's security framework is built upon three core tenets:
  • Proactive Defense: Our systems are designed not just to respond, but to preempt. Regular vulnerability assessments, penetration testing, and continuous monitoring ensure we stay ahead of potential threats.
  • End-to-end Encryption: Data in transit and at rest is encrypted using industry-leading protocols. This ensures that your AI workloads and associated data remain confidential and tamper-proof.
  • Operational Integrity: Our staff undergo rigorous security training, and access to client data is governed by strict role-based controls. Furthermore, disaster recovery plans and incident response protocols are perpetually at the ready, ensuring business continuity and data integrity.
In the subsequent sections, we delve deeper into the intricate layers of our security fabric and shed light on the compliance certifications of our partner data centers. We invite you to journey with us through this document, gaining insights into why RunPod remains the trusted choice for AI application developers worldwide.

3. RunPod’s Cloud Orchestrator Platform

Overview and Architecture
At its core, the RunPod platform orchestrates a symphony of secure, powerful, and reliable GPU resources to empower AI application developers. We have meticulously built architecture that bridges the gap between our clients' demands and the world-class resources offered by our data center partners.
Our platform acts as an intermediary, taking on the role of intelligently allocating resources, monitoring data and hardware integrity, and ensuring the smooth execution of AI workloads. This architecture not only allows us to scale effortlessly but also provides a flexible framework, accommodating the diverse requirements of our clientele.
Core Features and their Security Implications
RunPod's security framework is built upon three core tenets:
  • Intelligent Resource Allocation: At the heart of RunPod is an advanced allocation algorithm that ensures optimal resource distribution. By continually analyzing workloads, we prevent system overloads and potential breaches from exploitation of resource gaps.
  • Real-time Monitoring: We vigilantly monitor hardware performance and data integrity. This continuous oversight allows us to instantly detect anomalies, ensuring both the security and reliability of the services we offer.
  • End-to-end Encryption: Data handling, in terms of physical storage, is under the purview of our data center partners. That said, we have implemented robust encryption protocols to ensure that all data, whether in transit between our platform and the data centers, or during processing, is kept confidential and secure.
  • Automated Workload Management: Our platform can automatically scale and manage workloads, reducing human intervention and, by extension, the potential for human-induced vulnerabilities.
Interactions with Data Centers
Partnering with some of the most secure and reputable data centers globally is a point of pride and a testament to our commitment to excellence. However, it's crucial for our clients to understand the nature of this partnership.
While we oversee and guarantee the integrity and security of data when it's within our platform's domain, the physical hardware, and by extension, its security and compliance, is managed by our data center partners. This means that:
  1. Physical Security: Measures like surveillance, access controls, and onsite security personnel are managed directly by our data center partners. They have the expertise and infrastructure to ensure the physical sanctity of the hardware.
  2. Compliance Adherence: Different data centers might have varying compliance certifications. While we ensure that all our partners uphold stringent standards, the specifics of each compliance are directly managed by the respective data center.
  3. Data Handling: While we encrypt and secure data during transit and processing, the physical storage and its associated security protocols are under the purview of the data centers.
It's a relationship built on trust, specialization, and a shared vision of offering unparalleled services. By focusing on what we excel at – orchestrating and monitoring – and letting our data center partners concentrate on their strengths, we offer our clients a platform that's both powerful and secure.
The Four Pillars of the RunPod Platform
At RunPod, we pride ourselves on offering a platform that's both versatile and tailored to the multifaceted needs of AI application developers. Rooted in this philosophy, our platform stands on four pillars, each catering to specific requirements and designed to offer unparalleled performance, security, and ease-of-use.
  1. Secure Cloud
    On-demand GPU instances at your fingertips. Whether you're scaling an application or working on cutting-edge AI research, our Secure Cloud offers the computational power you need, whenever you need it.
    • Location Filtering: Choose data center locations that align with your specific requirements, ensuring both performance optimization and compliance adherence.
    • Enterprise Discounts: Reserve Secure Cloud GPUs and avail enterprise-grade discounts, optimizing both performance and cost.
    • Tailored Solutions: We understand that one size doesn't fit all. Contact us for a deeper dive into how the Secure Cloud can be tailored to your unique needs.
  2. Serverless
    Serverless computing reimagined for AI. With autoscaling API endpoints, large-scale inference workloads are not only feasible but incredibly efficient.
    • Autoscaling: Forget about resource management. Our endpoints scale seamlessly based on your workload demands.
    • Multi-data Center Resources: By default, our serverless endpoints utilize resources from various data centers, ensuring optimal performance.
    • Compliance-Driven Scaling: Have stringent compliance requirements like SOC2? We've got you covered. Your endpoints can be isolated to run exclusively on data centers that tick every box on your compliance checklist.
  3. Bare Metal
    For those who need more than just containerization. With our Bare Metal offering, you can run large-scale training workloads, k8s, or VMs, providing that extra layer of customization and control.
    • Off-Platform Servers: Direct access to the raw power of off-platform servers for tasks that need it.
    • Diverse Workloads: Whether it's large-scale training, k8s, or VMs, our Bare Metal supports it.
    • Container Exclusivity: Please note that our Secure Cloud and Serverless offerings support only Docker containers. For other requirements, Bare Metal is your go-to.
  4. Private Cloud
    Truly make the platform yours. With our Private Cloud offering, you can bring your own hardware or rent a large-scale cluster, leveraging RunPod as the orchestration maestro.
    • Hardware Flexibility: Use your own trusted hardware or rent from our partners.
    • RunPod Orchestration: License RunPod as the orchestrating layer, ensuring you get our expertise, security, and performance optimization, all on your own infrastructure.
By rooting our platform in these four pillars, RunPod offers a diverse range of solutions, ensuring that, irrespective of your needs, we have the perfect fit waiting for you. Whether you're a startup on the cusp of revolutionizing the AI space or an established enterprise looking to optimize, RunPod stands ready to amplify your potential.

4. Compliance Overview

Compliance Overview
At RunPod, we recognize the importance of compliance and have partnered with data centers that abide by some of the world's most stringent standards.Our approach to compliance is holistic, ensuring we align with data centers that prioritize stringent compliance protocols. We believe that by collaborating with certified data centers, we bring our clients the utmost in data security and compliance.
  • Partnered Compliance Management: While RunPod itself does not directly hold certain global certifications, we meticulously select data centers that do, ensuring your data benefits from industry-recognized best practices.
  • Transparent Reporting: Transparency is key. We make it clear which certifications our partner data centers hold, allowing you to make informed decisions about where your data resides.
List of Certifications
It's vital to understand that while RunPod does not directly hold certifications like SOC 2, ISO 27001, or GDPR, many of our partner data centers do. Here's a quick snapshot of many of the certifications our data centers hold:
  • ISO 27001
  • ISO 20000-1
  • ISO 22301
  • ISO 14001
  • NIST
  • PCI
  • SOC 1 Type 2
  • SOC 2 Type 2
  • SOC 3
  • GDPR compliant
It's essential for clients to review the specific certifications of their chosen data center on our platform. This ensures alignment with your compliance needs. Should you require further clarity or detail on any certification or wish to understand the compliance profile of a specific data center, our dedicated compliance team is always here to assist. Please schedule a time to chat with a member of our team here.

5. Data Center Partners

The backbone of any cloud service provider is its infrastructure. At RunPod, we understand that our promise of superior cloud orchestration is only as good as the data centers we partner with. This section delves into our association with global data centers, shedding light on our selection criteria and their geographic spread.
Introduction to Data Centers
Data centers are the bedrock upon which digital services operate. These facilities house an organization's IT operations and equipment, safeguarding them from external threats and maintaining optimal operating conditions. Their role is pivotal in ensuring data integrity, availability, and security.
We have taken stringent steps to partner with data centers that exemplify the zenith of reliability and security. Our emphasis is on ensuring that while the orchestration happens on our platform, the actual data processing and storage are backed by the best infrastructure available globally.
Data Center Selection Criteria
When evaluating potential data center partnerships, RunPod adheres to a stringent selection process. Our criteria revolve around:
  • Security: From physical barriers to advanced cybersecurity measures, we ensure that the data center can protect against both physical and digital threats.
  • Reliability: We assess the data center's track record, ensuring it has redundancies in place to offer consistent uptime and can handle both expected and unexpected loads.
  • Compliance: Recognizing the importance of regulatory adherence, we prioritize data centers that are certified by globally-recognized standards.
  • Environmental Concerns: Sustainability is key. Our partner data centers should exhibit energy-efficient operations, reducing the carbon footprint while maintaining peak performance.
  • Innovation and Technology: We look for data centers that invest in cutting-edge technology and constantly evolve to keep up with the changing IT landscape.
Data Center Geographic Distribution
Clients can access a list of our data center locations through the Secure Cloud page in the RunPod console. Whatever your requirements, we have a data center location that meets them.
Please note that while the Secure Cloud page provides an overview of compliance certifications held by our partnered data centers, it's essential to request data center specific documentation from our team for more comprehensive information.

6. FAQs

At RunPod, we prioritize transparency and believe that informed clients are empowered clients. In this section, we address some of the most frequently asked questions regarding data residency, backup procedures, and our contractual obligations.
Questions on Data Residency and Sovereignty
  • Where is my data physically stored?
    While RunPod orchestrates the GPU resources, the physical storage of data is managed by our partner data centers located globally. You have the option to filter and select specific data center locations based on your requirements, ensuring that data residency aligns with your operational and compliance needs.
  • How do you ensure data sovereignty compliance?
    We understand the importance of data sovereignty, especially with evolving global regulations. Our platform allows you to explicitly select data centers located in regions that comply with specific data sovereignty laws, ensuring you always remain compliant.
  • Do you offer compatibility with AWS PrivateLink connect?
    Currently, our platform does not offer support for AWS PrivateLink connect.
Backup and Redundancy Queries
  • How often is my data backed up?
    Data backup frequency varies depending on the specific service you're utilizing. However, standard practices include daily backups with periodic snapshots taken throughout the day. Specific backup schedules can be discussed and tailored based on your requirements.
  • In case of a data center failure, how do you ensure my data's availability?
    Redundancy is a cornerstone of our platform. We maintain multiple replicas of data across different data centers. In the unlikely event of a data center failure, our platform automatically redirects workloads and data access to an active, healthy data center, ensuring minimal disruption.
Contractual and SLA-related Questions
  • Can we negotiate terms in the Service Level Agreement (SLA)?
    While we have a standard SLA that caters to the broad needs of our clientele, we understand that specific requirements might necessitate adjustments. We're open to discussions to tailor the SLA to align more closely with your business needs.
  • What's your uptime guarantee?
    RunPod commits to an industry-leading uptime, typically guaranteeing 99.99% availability. Specific details, including potential compensations in the unlikely event of a deviation, are outlined in our Service Level Agreement (SLA).
  • In case of a dispute, how is it resolved?
    Our contracts detail a comprehensive dispute resolution mechanism. Typically, it involves escalating the matter through various levels of management and, if necessary, resorting to mediation or arbitration. We believe in resolving matters amicably and prioritize maintaining a strong relationship with our clients.
  • How does the reliability, redundancy, and security of Secure Cloud data centers on RunPod compare to other data centers?
    The Secure Cloud data centers integrated with the RunPod platform adhere to stringent standards and are classified either as Tier 3 or Tier 4. This classification places them among the most reliable, redundant, and secure data centers available in the industry.
This FAQ section provides a foundational understanding of key concerns. However, we always encourage open dialogue. If you have further questions or require more detailed explanations, please don't hesitate to schedule a time to chat with our team here.