NetScaleA Canadian Company
Trust center
Security by default, not by exception

Real security practices. Operated by senior engineers.

NetScale Technologies takes a practical, engineering-led approach to security, covering data, infrastructure, access, people, AI systems, and incident response. This page summarizes what we do and how to request the underlying documentation.

Request documentsReport a vulnerability
Encrypted
In transit (TLS 1.2+) and at rest (AES-256)
Least-privilege
SSO + MFA access model on every system
Client-owned
100% of IP, code, prompts, and fine-tunes
Under 24h
Vulnerability triage SLA from report

Core security practices

The things we do on every engagement, by default.

We take a practical, engineering-led approach to security. These are the controls we apply on every engagement, independent of contract size or industry.

  • Encryption everywhere

    All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Secrets are managed in dedicated vaults, never in source control or environment files.

  • SSO, MFA, least-privilege

    Single sign-on with MFA enforced on every internal and client system. Access is scoped to the engagement, time-bound where possible, and revoked the day a project ends.

  • Tenant & client isolation

    Engagements run in isolated environments and accounts. Client data, repos, and infrastructure are kept separate end-to-end, no shared databases, no shared service accounts.

  • You own your IP

    All code, models, prompts, fine-tunes, and artifacts we build for you are owned by you and assigned on delivery. We don't reuse client IP across engagements.

  • No training on client data

    We never use client data to train models, neither our own nor third-party models, and we never use it to deliver work for any other client. Full stop.

  • Audited change & access logs

    Every production change runs through reviewed PRs and CI gates. Access to client environments is logged and retained for the engagement lifetime, available to your team on request.

How we operate

Six pillars. Each one engineered, audited, and continuously improved.

  • Data protection

    Client data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Tenant isolation is enforced by default. We never use client data to train models or to deliver work for other clients, full stop.

  • Infrastructure security

    Workloads deploy into the client's cloud (AWS, Azure, GCP) by default. Hardened baselines, network segmentation, vulnerability scanning, and continuous monitoring across every environment we operate.

  • Access & identity

    Least-privilege IAM, SSO with MFA enforced on all internal and client systems, just-in-time elevation for production access, and a fully audited access log retained for the engagement lifetime.

  • People & culture

    Background checks on every engineer. Annual security training, secure-coding refreshers, and role-based access tied to engagement scope. Confidentiality clauses on every employment and contractor agreement.

  • AI & model safety

    Enterprise tiers of major model providers with contractual no-training guarantees. Self-hosted open models for sensitive workloads. Evaluation harnesses, guardrails, and human-in-the-loop where mistakes are costly.

  • Incident response

    24/7 on-call for managed services. Documented runbooks, post-incident reviews, and proactive client notification of any confirmed security event affecting client data.

Documentation

What we can share and how to request it.

Send a short note describing your role, company, and what you're evaluating. We'll route the request to our security team and respond within two business days. Sensitive documents are shared under NDA via a secure data room.

Email info@netscaleteck.com
  • Standard MSA & DPA

    Master Services Agreement and Data Processing Addendum templates for review.

  • Sub-processor list

    Maintained list of vendors and sub-processors we use on engagements.

  • Security questionnaire responses

    Pre-filled responses to common procurement and vendor security questionnaires.

  • Data flow diagram template

    Per-engagement data flow diagrams capturing where data lives and moves.

  • Business continuity overview

    Our continuity and disaster-recovery posture for managed services engagements.

  • Architecture review summary

    High-level summary of how we approach secure architecture on a typical engagement.

Responsible disclosure

Found something? Tell us, we'll act fast.

We welcome reports from security researchers, customers, and the broader community. If you believe you've found a vulnerability in NetScale systems or any system we operate on behalf of a client, please disclose it to us privately first.

info@netscaleteck.com

Use this address for all security reports. Include a clear description, reproduction steps, and any supporting material. We acknowledge reports within one business day and provide a triage update within 72 hours.

We commit to working in good faith with researchers who follow this policy, refrain from privacy-violating or service-disrupting activity, and give us a reasonable window to remediate before public disclosure.

Talk to security

Need a deeper review? Our team can walk procurement and security teams through controls in detail.

Architecture reviews, sub-processor lists, data flow diagrams, and standard responses to common security questionnaires, all available on request.

Contact usView FAQ