Most of our MLOps solutions are open source and thereby subject to public review. Security related to our open source tools would be managed by the user as our tools are downloaded locally. Users manage their own credentials and security policies across resources like clouds, storage, and Git service. There are logging functionality that send anonymized usage data back to Iterative. Users may opt out of this logging. We'll promptly address any security issues that are brought up by the community. Please let us know at https://github.com/iterative.
We're in the process of achieving SOC2 compliance and will be able to provide relevant documentation in the next 1-2 months.
As part of our GitOps philosophy, Studio only takes as much information as necessary from your Git service to display experiments, data sets used, metrics, and hyper parameters. Studio only has access to repositories that customer Git services allow. By default, Studio does not access any of the actual data used across your models. Your data remains protected by your cloud credentials (e.g., AWS login, etc.). You may allow Studio access to storage for additional information to be displayed by Studio, but this is optional. Access controls to repositories may be granularly managed directly through a customer's respective Git service (GitHub app, GitLab admin settings, etc.).