Security
We’re an early-stage team and we’d rather tell you what we actually do today than publish a glossy page full of certifications we haven’t earned yet. This page is the short, honest version. If you need more detail for a vendor review, write to security@antinude.io and we’ll answer directly.
The AntiNude SDK classifies images entirely on the user’s device. We do not run a cloud inference endpoint — there is no path in the product that uploads image bytes to our servers, and no opt-in to change that. The only thing we receive is a small telemetry event for each scan — verdict, category scores, a SHA-256 hash of the image, latency, and coarse device info — used for billing and abuse detection. The full list is in our Privacy Policy.
- TLS for all traffic to our API and dashboard.
- Encryption at rest for our primary database and backups.
- API keys are stored as hashes and can be rotated or revoked from the dashboard at any time.
- Two-factor authentication is available for all dashboard accounts.
- Production access is limited to a small number of engineers and protected by 2FA.
- Code changes go through pull-request review before reaching production.
- Dependencies are scanned for known vulnerabilities on every build.
- Backups are taken daily and tested periodically.
We want to be straightforward about this — we’d rather you ask us once than discover gaps during procurement:
- We don’t have a SOC 2 report yet. Enterprise customers can ask us for a security questionnaire response.
- We are not ISO 27001 certified.
- We have not yet commissioned a third-party penetration test. We plan to do so before we go to general availability.
- SSO (SAML/OIDC) and SCIM are on the roadmap but not in the product today.
If any of these are blockers for your team, please reach out — we’re happy to talk about timelines and what we can commit to contractually.
Production runs on managed cloud infrastructure in the EU. We can share specific regions and providers under NDA during a vendor review. Account data is deleted within 90 days of account closure. Images themselves are never sent to our servers, so there is nothing image-related to retain.
If you think you’ve found a security issue, please email security@antinude.io with a description and reproduction steps. We’ll acknowledge your report within a few business days and keep you updated as we triage. We won’t pursue legal action against researchers who report issues in good faith and give us a reasonable chance to fix them before disclosure.
If something goes wrong and it affects your account or data, we will tell you. For personal-data breaches we follow the notification timelines required by GDPR and other applicable laws.
- Security issues and disclosures: security@antinude.io
- Privacy and data requests: privacy@antinude.io
- General support: support@antinude.io