Skip to main content

Security & Compliance


Shaped was built from the ground-up with security as a top priority. We operate as a cloud software-as-a-service (SaaS) platform, and only retrieve from your connected datastores when necessary to build your ranking algorithms. After training, most of your data is discarded, other than specific non-identifiable encoded features that are used at inference. We only require read access to your datasets and customer data never has to be persisted within Shaped. Furthermore, Shaped works on encrypted data if you need an added layer of security.

Shaped uses best physical, virtual, network and operational security practices. We rely on role-based authentication for all data access and records audit logs for every action. We avoid data replication and have clear multi-tenant isolation policies to ensure sensitive and critical systems are separated. Shaped uses isolated VPCs for all production deployments. Data is encrypted at rest using AES-256 encryption or higher and all ingress and egress traffic is encrypted via TLS 1.2+.


Shaped is SOC 2 Type 1 and GDPR compliant. We follow best security and governance best practices including using Vanta for real-time security and compliance monitoring, employee security training, device management, penetration testing, vulnerability scanning and secure software development practices. We have a data processing addendum on request if you require more information.

Subprocessor List

Third Party EntityLocationService Provided
Amazon Web Services Inc.United States (us-east-2)Cloud hosting
ClickHouse, Inc.United StatesDatabase Hosting