Compliance & Data Protection
OpenBB Workspace operates on SOC 2 Type II attested infrastructure, enforcing strict controls over security, availability, and confidentiality. Data encryption uses TLS 1.3 in transit and AES-256 at rest across all deployment models. The platform adheres to a zero-data-training policy: user data, including prompts and proprietary files, is never ingested into model training pipelines or used to improve underlying AI systems.

Access Controls & Authentication
In the Pro tier granular RBAC are enforced with role-based permissions for dashboards, data connectors, and AI agents. MFA enforcement can be enabled for all user sessions. Authentication integrates with enterprise identity providers via SAML/OIDC, supporting Azure AD, Google Workspace, and custom IDPs through SSO configurations managed at build time or runtime.

Secure Deployment Options
In the Pro tier OpenBB Workspace supports client-managed deployments via Helm charts on Kubernetes or Docker Compose, enabling VPC, private cloud, or on-premise hosting. The architecture allows white-labeling and OEM integration, with Terraform code for infrastructure provisioning. Security policies are configurable to meet specific regulatory requirements, including network segmentation and secret management.

Compliance Oversight
Audit logs capture all critical user actions and system events, with centralized logging in managed deployments. OTEL integration enables forwarding logs to existing enterprise monitoring systems. Continuous compliance is maintained through regular third-party penetration testing and automated security scanning across the source code, containerized microservices and infrastructure.

On-prem or VPC
SOC2 II compliant
No data leakage
Run AI models locally
Security is built into OpenBB
From day one, we've made your protection our priority. Explore how we secure our platform, our users, and your data.
View Trust Center