Security is built in, not bolted on
Instructeer is designed so that your data never leaves the request cycle. No retention, no logging of content, no exposure beyond what the API response returns.
Encryption at rest and in transit
All data is encrypted in transit and at rest using managed encryption keys. Request content is never persisted — it exists only for the duration of the API call.
Data privacy by design
Instructeer collects only what is necessary to operate the service. Request content is never logged, retained, or shared. Usage metadata — request counts and timestamps — is retained solely for billing and quota purposes.
Network security and access controls
Services run in isolated private networks with strictly controlled ingress. Every API request requires authentication. Credentials can be revoked instantly. Internal service access follows least-privilege principles — each component has only the permissions it needs to operate.
High availability and resilience
Instructeer is deployed across two US regions on enterprise cloud infrastructure with a Tier 1 global network backbone, anycast routing, DDoS mitigation at the network edge, and automatic failover. Failed deployments roll back automatically to the last verified state.
Vulnerability management
Service images are scanned for known vulnerabilities before every deployment. Critical findings block release. Dependencies are reviewed and updated on a regular basis.
Auditable change management
All infrastructure and configuration changes are version-controlled, reviewed, and applied through automated pipelines. No manual changes to production environments. Every change is traceable and reproducible.
No training on customer data
Customer data is never used to train models, improve detection, or build datasets. It is never shared with third parties for any purpose. See the Data Processing Addendum for full details.
Coming next
Third-party penetration test
Scheduled before general availability.
Real-time status page
Current status is available. Automated uptime monitoring coming next.
SOC 2 Type 2
Targeted post general availability.