<aside> 💡

Our up-to-date security policy lives in our Trust Center

Questions? [email protected]

</aside>

Last Updated: March 16, 2026

Contact: [email protected]

Overview

Isara Laboratories is an early-stage AI research company building autonomous systems. We are committed to protecting customer data and maintaining transparent security practices as we grow. This document outlines our current security posture, controls, and roadmap.

Current Security Maturity

Isara is a young startup without formal certifications at this time. We do not currently hold ISO 27001, SOC 2, or similar attestations. We have not yet completed formal penetration testing.

What we are doing about it: We are preparing to engage with a security consulting firm, to prepare for formal certification and harden both our platform and application security. We are currently in observation for our SOC2 Type II.

Infrastructure & Cloud Security

Cloud Provider

We use Amazon Web Services (AWS) as our primary cloud provider and leverage Google Cloud Platform (GCP) for select services.

For AWS security documentation, see: https://aws.amazon.com/security/

For GCP security documentation, see: https://cloud.google.com/security

Environment Separation

We maintain separate AWS accounts for production and development environments:

• Production account: Processes customer data
• Development/sandbox accounts: Used for testing, development, and internal experimentation; completely isolated from production data and networks

Access Control & Reviews

• Access to production accounts is gated behind approval and follows least-privilege principles
• Access permissions are reviewed monthly by our security team