Trust & Security
Security & Compliance
A secure platform with total data control. We ensure the confidentiality, integrity and availability of company and customer data through industry-leading security practices.
Data Governance
Hopsworks' unique multi-tenant project model enables sensitive data to be stored in a shared cluster, while providing fine-grained sharing capabilities for ML assets across project boundaries.
Project-based multi-tenant security model
Two user roles per project — data owner and data scientist — with all data assigned a responsible data owner. Granular access control across the entire organization.
Encryption
Data Encryption
Encryption at rest
All data at rest is encrypted to prevent unauthorized access and data breaches. Our platform is continuously monitored by dedicated, experienced Hopsworks staff.
Encryption in transit
Service-to-service communications employ industry standard encryption protocols to secure the transport layer such as HTTPS, RPC over TLS.
Development
Secure Software Development Lifecycle
Planning & Development
Security requirements are gathered during design of new features and continuously evaluated during development. Every patch is scanned against known vulnerabilities using the OWASP framework.
Testing & Deployment
Continuously tested using unit and integration tests. CI/CD pipelines eliminate human error. Key metrics are monitored throughout to ensure product quality and integrity.
Penetration testing
Periodically evaluated by external certified security professionals. Any findings are fed back to project management and incorporated into the planning phase.
Infrastructure
Availability
High Availability
Deployment patterns and best practices ensure individual component failures do not impact the availability of the Hopsworks cluster.
Disaster recovery
Configuration policies ensure a fresh copy of data and metadata in case of necessity. Established procedures enable restoration of previous backups.
Compliance Certifications
Contact us for compliance certificates.
ISO 27001
Certified according to the ISO 27001 framework — a globally recognized standard for establishing, implementing, and maintaining an information security management system.
Read more →SOC2 Type 2
Certified according to the SOC2 framework, based on Trust Services Criteria evaluating security, availability, processing integrity, confidentiality, and privacy.
Read more →GDPR
Full compliance with GDPR regulations. Data governance policies, usage monitoring, and data protection measures to safeguard user privacy at all times.
Read more →GDPR Compliance
Hopsworks is fully GDPR compliant. We provide a comprehensive security framework and safeguards for the most demanding regulatory standards.
Hopsworks as Data Processor
When customers use Hopsworks services to process personal data, Hopsworks acts as a data processor. The GDPR-compliant Data Processing Addendum (DPA) incorporates our commitments. A project-based multi-tenant security model provides two user roles — data owner and data scientist — with all data assigned a responsible owner.
Hopsworks as Data Controller
When processing account information for registration, administration, or customer support activities, Hopsworks acts as a data controller.
Security Standards
Data-in-motion encrypted — TLS 1.2 at the application layer
Data-at-rest encrypted — in object store (S3 / ADLS containers)
Multi-layered access control — using Projects for data owners, admins, and users
Authentication — password, 2FA, SSO with LDAP/AD/Kerberos, or OAuth-2
Session management — JWT-based automatic logout
Audit logs — for all operations performed via REST API
Right to portability — open standards (SQL, Parquet) for data export
Data breach notification — within 72 hours
HIPAA Compliance
Hopsworks enables HIPAA compliance by enforcing administrative, technical and physical safeguards to prevent unauthorized access to or disclosure of protected health information (PHI).
| HIPAA Requirement | Hopsworks Support |
|---|---|
| Access Control | Data-in-motion encrypted using TLS 1.2; data-at-rest encrypted in object store. Multi-layered project-based access control. SSO (Kerberos/AD/OAuth-2) and JWT session-based logout. |
| Audit Control | All operations securely logged via REST API to distributed storage. Account admins have secured access to manage individual, group, or organization level management. |
| Data Integrity | Role-based access control within projects ensures only data owners modify PHI. Project-based multi-tenancy limits access to authorized individuals. |
| Integrity Mechanisms | Data integrity ensured through checksums and data replication. Only authorized users can alter or destroy data, and all actions are audited. |
| Authentication | Users authenticated using password, 2-factor authentication, SSO with LDAP/AD/Kerberos, or OAuth-2. |
| Transmission Security | Data connections leverage TLS 1.2 encryption and X.509 Certificates. Protects against passive and active attacks on confidentiality. |
Report a Security Vulnerability
If you have found a security vulnerability, please email us at security@hopsworks.ai with the details of your findings. We take security seriously and are grateful for your help in keeping our systems safe.