We take data security very seriously at proton.ai. Once your data enters our virtual private cloud environment it only leaves when it’s served back to you through our APIs or application. This document gives an overview of the services we use and the measures we take to ensure that your data is never exposed to other clients or the public.
The bulk of our technology stack runs on the largest cloud service providers, Google’s Cloud Compute platform and Amazon’s Amazon Web Services (AWS) platform. These providers are used by technology companies of all sizes, including large technology companies like Netflix and Snapchat.
These companies provide state-of-the-art security on the core infrastructure our services run on. More information can be found on the portals for the respective services:
These documents cover aspects of security ranging from the physical security of the hardware our services run on to the protections within their environments between their customers (e.g., between our systems and Netflix).
In addition, our system and information architecture partitions data from individual customers in isolated environments within our cloud computing environment. For example, order information for one company is stored in a distinct location from order information from another client, eliminating the risk of cross contamination or leaks between clients.
Once ingested, client data lives within what is known as a Virtual Private Cloud or VPC. VPCs offer strict guarantees on things like encryption of data in transit, and isolation of data and traffic from the open internet. VPCs and equivalent abstractions are relied upon by some of the largest corporations in the world as well as government entities, and using them allows us to offer a high degree of data protection to our clients.
Our compute jobs running on top of Google and Amazon infrastructure provide further protections by running as containerized services within the compute environments they run on adds a second layer of protection and stability — think of it as building a sort of second rampart on a castle — and also makes it easier for us to deploy security patches when we or our vendors’ software does indeed have bugs.
We constantly monitor all our systems for performance as well as security vulnerabilities through our centralized auditing and alerting system for security and other system failure points.