Niobia AI logoNiobia AI
Security

Security at Niobia AI

Security is not an add-on. It is built into every tier of Niobia AI. Whether you are an individual researcher or a global enterprise, your data is protected by design.

This page is for developers, IT teams, buyers, and enterprise security teams evaluating Niobia AI. It covers our encryption standards, infrastructure isolation, data privacy commitments, compliance posture, and incident response practices.

Starter & Student Plans

Free & $20/month

Every Niobia AI account, including free Starter and Student plans, is protected with strong encryption. All data in transit is protected with TLS 1.3, and all data at rest is encrypted using AES-256.

Starter and Student plans run on shared-cloud infrastructure hosted on Google Cloud Platform (GCP). Inherited protections include default encryption at rest for all data written to storage, infrastructure-level isolation through physically secured data centers with layered access controls, and encrypted inter-service communication throughout the platform.

We do not use your data to train foundation models or any general-purpose models offered to other customers or third parties. When Niobia uses third-party model providers, those providers are not permitted to train on your data. Starter and Student plans run on shared infrastructure, so Niobia may process customer data on those plans to operate, secure, support, and troubleshoot the shared service. Each user and workspace remains logically isolated from other users.

Professional Plan

$50/user/month

The Professional plan includes everything in Starter and Student, plus security features designed for collaborative teams handling sensitive R&D data.

Team workspaces are encrypted in transit (TLS 1.3) and at rest (AES-256), with workspace-level logical isolation that keeps shared formulations, experimental results, and analysis workflows confidential within your organization. Audit logs and activity tracking provide full visibility into who accessed what data and when, supporting internal compliance requirements.

Organization-level roles and permissions enforce least-privilege access. Team members only see what they need. Organization boundaries are logically isolated within the shared platform, ensuring strict separation between different customer workspaces.

Professional also includes a stronger data-use boundary for platform improvement: Niobia does not use raw customer data or raw prompts from Professional accounts to improve the platform. Platform improvement for Professional is limited to aggregated, de-identified, or higher-level service telemetry derived from operating the Service.

Enterprise - Dedicated Single-Tenant

Custom pricing

For organizations handling export-controlled materials, proprietary formulations, or data subject to strict regulatory requirements, Niobia AI offers fully dedicated, single-tenant infrastructure on isolated Niobia-managed GCP infrastructure. No compute or storage is shared with any other customer.

Where provisioned, you hold the encryption keys. With Customer-Controlled Keys (BYOK), Niobia AI cannot decrypt your data without your explicit permission. Your data is stored and processed only in the geographic region you specify.

The architecture is secure by design. Niobia AI controls only the control plane: application logic, orchestration, and updates. The customer controls the data plane: where data lives, who can access it, and, where provisioned, the encryption keys. Niobia AI does not use raw customer data from this deployment model for platform improvement.

Enterprise - Platform-Native

Databricks & Snowflake · Custom pricing

This is the customer-controlled deployment option: Niobia AI runs as a compute workload inside your existing cloud or data platform environment. Data stays in that environment unless you explicitly choose otherwise. Niobia AI does not use raw customer data from this deployment model for platform improvement.

Niobia can deploy this model into customer-controlled platforms such as Snowflake, Databricks, or other approved cloud environments. Where the platform provides native governance and networking controls, Niobia runs inside that control boundary rather than requiring data movement into Niobia-managed infrastructure.

  • Customer-controlled access policies including RBAC, ABAC, or row-level controls where supported by the customer platform
  • Customer networking boundaries so platform traffic follows the customer’s approved network architecture
  • Customer-selected encryption and key-management posturewhere the platform supports it
  • Explicit support-access controls so Niobia engineers only access deployed systems or data when the customer grants permission

In this model, the customer controls the environment and grants Niobia the permissions needed to deploy, operate, and support the platform. Niobia AI engineers do not access customer data unless the customer explicitly grants support permissions.

Data Privacy Commitments

  • Niobia AI does not sell customer data.
  • Niobia AI does not use customer datasets, formulations, or experimental results to train foundation models or general-purpose models offered to others.
  • On Starter and Student, Niobia may process customer data to operate, secure, support, and troubleshoot the shared service.
  • On Professional, Niobia does not use raw customer data or raw prompts for platform improvement and limits improvement work to aggregated, de-identified, or higher-level service telemetry.
  • On Enterprise plans, Niobia does not use raw customer data for platform improvement. In platform-native deployments, Niobia access is only available when the customer explicitly grants support permissions.
  • Third-party AI providers are not permitted to train on customer data. Niobia minimizes retention and enables no-retention settings where supported by the provider contract and configuration.
  • Niobia AI personnel access to customer data is limited to operating, securing, supporting, and improving the Service, on a least-privilege, need-to-know basis.

Security Controls & Best Practices

Beyond platform-level protections, Niobia AI implements operational security controls across identity, networking, monitoring, and development practices.

Identity & Access Controls

Multi-factor authentication (MFA) is available on all plans and required for Enterprise. Role-based access controls (RBAC) enforce least-privilege access across workspaces. SSO integration is available for Professional and Enterprise plans.

Network & Encryption

All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256. Enterprise plans support private networking configurations where traffic never traverses the public internet, along with customer-managed encryption keys (BYOK).

Monitoring & Logging

Professional and Enterprise plans include audit logs that capture user activity, data access events, and configuration changes. Infrastructure monitoring detects anomalous behavior and generates automated alerts. Log retention policies are configurable for Enterprise.

Secure Development

Niobia AI follows a secure software development lifecycle (SDLC) that includes mandatory code reviews, automated static analysis, dependency scanning, and pre-deployment security checks. Vulnerability scans and penetration tests are conducted regularly.

Compliance & Assurance

Niobia AI is an early-stage company. We do not currently maintain formal third-party certifications (such as SOC 2 Type II or ISO 27001). That said, we design our security and privacy approach to be compatible with common enterprise requirements and can support customer due diligence through security questionnaires and architecture reviews.

  • Security practices: documented access controls, encryption practices, and operational procedures appropriate for our stage.
  • Privacy: we support reasonable requests related to access, deletion, and data handling obligations required under applicable privacy laws (e.g., CCPA/CPRA and, where applicable, GDPR obligations through customer agreements).
  • Enterprise deployment options: for enterprise plans, we can support deployment models that reduce data movement and increase isolation (e.g., dedicated environments or running inside customer-controlled platforms where applicable).

If your organization requires specific attestations (SOC 2, ISO 27001), a Data Processing Addendum (DPA), or contractual security commitments, contact us and we will outline what we can provide today and our roadmap for additional assurance.

Incident Response

Niobia AI maintains a documented incident response plan led by a dedicated security team. In the event of a security incident:

  • Detection & Containment: automated monitoring systems detect anomalies. The security team triages and contains the incident within hours.
  • Investigation: root cause analysis is conducted with full audit trail review. Affected systems are isolated and analyzed.
  • Customer Notification: affected customers are notified promptly with clear details on scope, impact, and remediation steps. Enterprise customers receive dedicated communication channels.
  • Remediation & Review: fixes are deployed and verified. A post-incident review is conducted to prevent recurrence.

FAQs

Security Escalation by Tier

Starter & Student

Shared GCP infrastructure, TLS 1.3 in transit, AES-256 at rest, logical workspace isolation

Foundational tier

Professional

Shared-cloud protections plus auditability, team controls, and no raw data or prompts used for platform improvement

Advanced shared-cloud

Dedicated Single-Tenant

Isolated Niobia-managed GCP deployment with optional BYOK and geographic isolation

Enterprise Option A

Platform-Native

Runs in your cloud or data platform, with support access only when you explicitly grant permission

Enterprise Option B

Terms of Service

Review our legal terms and data commitments

Read Terms

Pricing Plans

Find the right plan for your team or lab

View Plans