Secure unstructured data management
Trust Shelf to keep your data secure with enterprise-grade admin management, security integrations, data governance, compliance audits, and privacy protections.
Trust Shelf to keep your data secure and meet your compliance requirements with enterprise-grade security
- Logical tenant separation
- Encryption in transit (TLS1.2+)
- Encryption at-rest (AES-256)
- SSO and User lifecycle management (SCIM)
- Real-time activity and audit logs
- Hosted on leading cloud infrastructure
- Network and perimeter protection
- Web application firewall
- Distributed Denial of Service (DDoS) protections
- Regular vulnerability scanning
- Annual penetration testing
- Security Awareness & Training
- 24/7 Risk management
- Vendor Risk management
- Business continuity planning
- AI opt-out mechanisms
- AI models exclusively hosted on leading cloud infrastructure
- No data sharing across tenants for LLM training and finetuning
- OWASP Top 10 LLM Framework
- SOC2 Type II
- GDPR
- CCPA
- OWASP ASVS
- CAIQ Self-assessment
- VSA Self-assessment
- PCI Self-assessment
- OWASP GenAI Security & Governance Framework
Request documentation via Whistic
Shelf uses Whistic to securely share company and product security profiles as well as detailed documentation required for vendor security assessments.
Request DocumentationCertifications and frameworks
Security, availability and confidentiality trust
EU-compliant data protection protocols
Application Security & Governance Framework
Security FAQ
What kind of infrastructure supports your services?
Our services are hosted on leading cloud infrastructure with advanced network and perimeter protection.
How do you defend against web-based attacks?
We deploy a web application firewall and DDoS protections to safeguard against external threats.
What measures are in place for detecting vulnerabilities?
We conduct regular vulnerability scanning and annual penetration testing to identify and mitigate risks.
What certifications validate your security measures?
We are SOC2 Type II certified, reflecting our commitment to high security standards.
How do you ensure business continuity in case of an incident?
Our business continuity planning prepares us to maintain operations and security under various scenarios.
How do you manage organizational security?
We maintain a strong focus on security awareness, training, and 24/7 risk management to ensure our staff is prepared to identify and mitigate risks.
What is your approach to managing risks from vendors?
Vendor risk management processes are in place to ensure all third-party services meet our stringent security standards.
Data privacy FAQ
What measures are in place to protect customer data?
We use logical tenant separation, encryption in transit (TLS 1.2+), and encryption at-rest (AES-256) to ensure data protection.
How do you comply with GDPR and CCPA regulations?
We are compliant with GDPR and CCPA, ensuring all data handling respects privacy laws and user rights.
Can users opt out of AI-driven features?
Yes, users have the option to opt out of AI features to maintain control over their data usage.
What standards do you follow for data security compliance?
We adhere to SOC2 Type II and perform various self-assessments including CAIQ, VSA, and PCI.
How is AI data managed to ensure privacy?
AI models are hosted securely, with no data sharing across tenants for LLM training and fine-tuning.
What ongoing practices ensure continued data privacy compliance?
Regular audits, continuous monitoring, and updates to our practices ensure we remain compliant with evolving privacy laws.
What frameworks guide your AI security practices?
We follow the OWASP Top 10 LLM Framework and GenAI Security & Governance Framework to ensure the security and governance of our AI implementations.
