Security & Trust
Twing.AI is a product of Twing Data, Inc.
Security is built into the core of our architecture and operations. We default to strict tenant isolation, least‑privilege access, and strong encryption, with options that meet enterprise requirements.
Single Sign‑On (SSO)
SAML 2.0 / OIDC with providers like Okta, Azure AD, and Google. Role‑based access control, short‑lived sessions, and device/browser session hygiene. Optional SCIM for automated provisioning.
Tenant Isolation (Default)
Isolation is the default. We do not share data across tenants. Each customer is deployed in a dedicated AWS account with per‑tenant infrastructure (VPC, container service, data stores, and S3 buckets). Network boundaries and IAM guardrails enforce separation; logs and metrics are partitioned by account.
Optional private networking, IP allow‑listing, and customer‑managed keys (AWS KMS) are available. Backups and disaster recovery are performed per tenant.
Encryption
TLS 1.2+ in transit; encryption at rest for all managed data stores and S3. Secrets are stored in a secure vault and never committed to source control. Support for customer‑ managed encryption keys and key rotation policies.
Foundation Models & Keys
We integrate with your foundation model of choice. Use Twing.AI’s secured model tokens or bring your own (BYOK). Prompts and outputs remain scoped to your tenant and are never used by us or model providers for training when data‑logging opt‑outs are available and enabled.
Observability & Compliance
Per‑tenant audit logs and access logs with export to your SIEM upon request. Principle of least privilege for internal access with just‑in‑time elevation and approvals. SOC 2 Type II program is in progress; we support customer security reviews and DPAs.
Frequently Asked Questions
Is data ever shared across customers?
No. Isolation is enforced by separate AWS accounts per customer and strict network/IAM policy.
Are prompts or outputs used to train models?
No. We configure providers to disable training/data retention where possible, and keep all prompts and outputs tenant‑scoped.
Can we use our own model keys?
Yes. You can use Twing.AI keys or supply your own. BYOK ensures billing and controls remain with you.
What about compliance?
SOC 2 Type II is in progress. We offer security questionnaires, architecture docs, and DPAs on request.