Security at Variance

    Variance is committed to protecting our customers and their data. Security is foundational to our platform and is tested by a team of security experts.

    Ownership

    You stay in control of your data

    We do not train models across customers by default

    You control how long data is retained based on your workspace configuration

    You control which internal systems and sources are connected

    Control

    Access, permissions, and deployment on your terms

    Enterprise authentication and SSO support

    Fine-grained permissions and role-based access controls

    Dedicated environments and deployment options

    Security

    Built for regulated teams and sensitive workflows

    SOC 2 Type II certified

    Data encrypted at rest (AES-256) and in transit (TLS 1.3)

    Penetration testing by Calif, trusted by Anthropic and Google

    Visit our Trust Center for more information.

    Flexible deployment, your way

    Choose the deployment model that fits your security and compliance requirements.

    Cloud

    Fully managed SaaS deployment with automatic updates, scaling, and zero infrastructure overhead.

    Private VPC Peering

    Deploy Variance within a dedicated VPC peered with your own network. Your data stays in your network, and we manage the application.

    On-Premise / Air-Gapped

    For the most sensitive environments. Run Variance entirely on your own infrastructure with no external connectivity.

    How we protect your data

    24/7 SIEM Monitoring

    We employ 24/7 monitoring with US-based analysts for real-time threat detection and alerting.

    Penetration Testing

    We work with Calif, the same penetration testing firm trusted by Anthropic and Google, with regular white-box penetration testing.

    Zero Data Retention

    We offer zero-data-retention configurations so that customer data is never persisted beyond the scope of a single request.

    AI Guardrails

    Purpose-built controls for AI systems including prompt injection defenses, output validation, and model behavior boundaries. We are pursuing AIUC-1 certification.

    Every action, fully auditable

    Audit logs are available for every agent or human decision.

    SIEM Export

    Export Variance decisions and audit logs directly into your SIEM.

    Audit Logs

    Immutable, timestamped records of every agent action, decision, and configuration change ready for review.

    Ready to see Variance in action with your data?

    Get in touch