ImagePipeline

Security

Last updated: June 5, 2026

Model Pipeline AI Inc. is committed to protecting the security of the ImagePipeline platform and the data of our users. We apply industry-standard controls across our infrastructure, application layer, and data-handling processes. This page summarises our security posture; for security questionnaires, our subprocessor DPA, or further detail, contact security@imagepipeline.io.

1. Infrastructure Security

The ImagePipeline API runs on enterprise-grade cloud infrastructure (Amazon Web Services) with a hardened service layer that brokers requests between our API and a fleet of dedicated GPU compute nodes used for AI inference and image generation. Key controls include:

  • Encrypted communication over HTTPS/TLS for all data in transit
  • Network segmentation and strict access controls between the public API, internal message layer, and compute nodes
  • GPU inference runs on dedicated compute hosted in secure, access-controlled datacenters, managed as subprocessors under contract
  • API authentication and key-management systems with scoped credentials
  • Rate limiting and automated abuse detection
  • Continuous monitoring and alerting for suspicious activity

2. Data Protection

User data is protected through encryption in transit and at rest, secure storage practices, and role-based access controls that limit data access to authorised personnel only.

Inference runs on ephemeral GPU compute nodes that are recycled after use. Generated images and the prompts that produce them are processed transiently on these nodes and are not persistently retained there. Results are stored temporarily so users can retrieve them, and are automatically deleted from our primary systems within 30 days of creation, as described in our Privacy Policy. We do not use user-submitted content to train AI models.

3. Application Security

  • Authentication and session management handled by a dedicated identity provider with multi-factor authentication support
  • Code changes pass peer review and automated checks before release
  • Automated dependency scanning and secret detection on our source repositories
  • Least-privilege access to production systems, reviewed on personnel changes

4. Compliance & Frameworks

We align our controls with recognised industry frameworks, including the CIS Controls and the NIST Cybersecurity Framework. We maintain a published list of the third-party subprocessors that support the Service, and we offer a Data Processing Agreement for customers who require one.

We can complete standard security questionnaires (for example SIG, CAIQ, or VSA) on request. SOC 2 Type II is on our compliance roadmap. For current documentation, reach out to security@imagepipeline.io.

5. Responsible Disclosure

If you discover a security vulnerability in ImagePipeline, please report it responsibly. Do not exploit the vulnerability or share details publicly before giving us the opportunity to address it.

Report security issues to: security@imagepipeline.io

We will acknowledge receipt of your report promptly and work with you to understand and resolve the issue. We appreciate the efforts of security researchers who help keep our platform safe.