Skip to main content

Data Protection

We use a comprehensive set of technical controls to support general security needs as well as security for data we receive.

Authentication and Access Management#

End users may log in to WhyLabs using an Identity Provider, leveraging WhyLabs’ support for the Security Assertion Markup Language (SAML) or via the “Sign-in with Google” OpenID service. These services will authenticate an individual’s identity and may provide the option to share certain personally identifying information with WhyLabs, such as your name and email address to pre-populate our sign up form. WhyLabs’ SAML support allows organizations to control authentication to WhyLabs and enforce specific password policies, account recovery strategies and multi-factor authentication technologies.

All requests to the WhyLabs API must be authenticated. Requests that write data require at least reporting access as well as an API key. Requests that read data require full user access as well as an application key. These keys act as bearer tokens, allowing access to WhyLabs' service functionality.

Protection of Customer Data#

Data submitted to the WhyLabs service by authorized users is considered confidential. This data is protected in transit across public networks and encrypted at rest. Customer Data is not authorized to exit the WhyLabs production service environment, except in limited circumstances such as in support of a customer request.

All data transmitted between WhyLabs and WhyLabs users is protected using Transport Layer Security (TLS) with public certificates. If encrypted communication is interrupted, the WhyLabs application is inaccessible.

WhyLabs maintains data in the United States. Customer submitted service data never leaves the United States. WhyLabs utilizes encryption at various points to protect Customer Data and WhyLabs secrets, including encryption at rest (e.g. AES-256), asymmetric encryption (e.g. PGP) for system backups, and KMS-based protections for the protection of secrets (passwords, access tokens, API keys, etc.).

Access to Customer Data is limited to functions with a business requirement to do so. WhyLabs has implemented multiple layers of access controls for administrative roles and privileges. Access to environments that contain Customer Data requires a series of authentication and authorization controls, including Multi-Factor Authentication (MFA). WhyLabs enforces the principles of least privilege and need-to-know for access to Customer Data, and access to those environments is monitored and logged for security purposes. WhyLabs has implemented controls to ensure the integrity and confidentiality of administrative credentials and access mechanisms, and enforces full-disk encryption and unique credentials for workstations.

WhyLabs monitors critical infrastructure for security related events by using a custom implementation of open source and commercial technologies. Activity data such as API calls and operating system level calls are logged to a central point where the information is passed through a series of custom rules designed to identify malicious or unapproved behavior. The results of these rules are fed into an orchestration platform that triggers automated actions, which may include directly alerting the security team or triggering additional authentication requirements.

Multi-tenancy#

The WhyLabs platform is built with a multi-tenancy-first architecture. We employ multiple layers of separation to ensure that paid customers’ data never inter-mix. These layers include separate object key-prefixes, using customer’s Organization ID) as a primary key component in both the data and metadata layer, using separate encryption keys for different customers, and tagging all data access with customer ID. All access from both the application interface and the API key is tagged with the associated organization ID, and is checked against the target organization ID to prevent unauthorized access at multiple levels.

Prefooter Illustration Mobile
Run AI With Certainty
Get started for free
Prefooter Illustration