Skip to content
Trust

Security

EntropyX runs in industrial environments where downtime, data loss, and regulatory exposure are not acceptable. The platform is engineered, audited, and operated to that standard.

SOC 2 Type II
ISO 27001
GDPR
HIPAA-aligned
Encryption at rest
TLS 1.2+ in transit

Compliance

EntropyX maintains controls aligned with SOC 2 Type II and ISO 27001. Our control set covers access management, change control, incident response, vendor risk, business continuity, and physical security of underlying cloud infrastructure.

Reports and questionnaires are available under NDA to qualified buyers — request via info@entropyx.co.

Data isolation

Every workspace is isolated at the row level. A query that omits the workspace identifier cannot return rows; we enforce this in the data layer, not just in application code.

For regulated and high-sensitivity customers we run dedicated tenants with separate keys and separate compute, including the Shelby AI agent.

Encryption

  • TLS 1.2 or above for all data in transit.
  • AES-256 for data at rest.
  • Customer-supplied keys (BYOK) available on dedicated tenants.
  • Field-level encryption for sensitive workspace metadata.

Access control

  • SAML SSO and SCIM provisioning on Business plans.
  • Role-based access control for Operator, Planner, Engineer, and Admin.
  • Just-in-time staff access with full audit trail.
  • Mandatory MFA for all internal access.

Shelby (AI assistant)

Shelby is scoped to your workspace data and the documents you upload. We do not use customer workspace content to train shared AI models. Outbound calls from Shelby do not leave our infrastructure boundary except where explicitly opted in (e.g. integrations).

Reliability

  • Multi-region active-active for the Business tier.
  • Daily encrypted backups with point-in-time recovery.
  • Tested incident response and business continuity plan.
  • Public status page tracks uptime and incident history.

Deployment options

Most customers run on the EntropyX cloud. For regulated or air-gapped operators we offer dedicated single-tenant cloud and, for select cases, an on-prem deployment with the same guarantees.

Responsible disclosure

If you believe you have found a security issue, email security@entropyx.co. We acknowledge reports within two business days and work in good faith with researchers who follow safe-harbour practices.

Contact

Security questionnaires, DPAs, and procurement: info@entropyx.co.