New The 2026 Sim-to-Real Readiness Benchmark is live. Read the report
Pricing
Customers
Talk to sales Request a demo
Security & Trust

Certification you can trust — built on security you can audit.

Your policies, twins, and evidence are protected with enterprise controls, tamper-evident records, and deployment options that keep sensitive IP in your hands.

Encrypted end to end On-prem / DGX Fully auditable
Security posture

Enterprise-grade from the first certificate.

Certisto protects your policies, twins, and evidence with controls robotics and manufacturing teams expect.

Data protection

Encryption in transit and at rest. Your twins and policies are isolated per tenant.

Access control

SSO, SCIM provisioning, and role-based access down to the project level.

Auditability

Tamper-evident logs of every trial, artifact, and signature in the Evidence Vault.

Deployment control

Run on-prem or on your DGX so sensitive IP never leaves your infrastructure.

Isolation

Dedicated compute options and network isolation for regulated workloads.

Resilience

Backups, disaster recovery, and monitored uptime across the platform.

Compliance

Aligned to the frameworks you're audited against.

We build to recognized security and privacy standards and provide the documentation your security team needs for review.

  • SOC 2 Type II program (in progress)
  • ISO 27001-aligned controls
  • GDPR and CCPA data handling
  • Functional-safety-aware evidence workflows

Certifications marked in progress reflect our roadmap; ask for current status during security review.

SOC 2

ISO 27001

GDPR

CCPA

Controls

What's included by tier.

ControlTeamEnterprise
Encryption at rest & in transitYesYes
SSO (SAML / OIDC)Add-onYes
SCIM provisioningYes
Role-based access controlYesYes
Audit logs & Evidence VaultYesYes
On-prem / DGX deploymentYes
Custom data retentionYes
Dedicated security reviewYes

Evidence Vault

Immutable trial logs
Cryptographic signatures
Full provenance chain
Exportable for auditors
Trust the evidence

Every certificate is tamper-evident and reproducible.

The Evidence Vault stores an immutable record of how each certificate was produced — the twin version, seeds, scenarios, and signatures — so any result can be independently verified.

Operational security

How we run the platform.

Least privilege

Employee access is scoped, reviewed, and logged.

Secure SDLC

Code review, dependency scanning, and secrets management.

Continuous monitoring

Runtime monitoring and alerting across the environment.

Penetration testing

Regular third-party testing and vulnerability management.

Incident response

If something goes wrong, here's what happens.

Detect

Continuous monitoring and alerting surface anomalies quickly.

Contain

On-call security responds and isolates affected systems.

Notify

Affected customers are informed per contractual timelines.

Remediate

Root-cause analysis and preventive fixes, shared transparently.

Trust Center

Everything your security team needs.

Request our security documentation, subgraph of subprocessors, and current compliance status.

99.9%
Target platform uptime
<24h
Critical vuln response
Transparency

Our subprocessors.

ProviderPurposeRegion
NVIDIA GPU CloudSimulation & training computeUS / EU
AWSApplication hosting & storageUS / EU
CloudflareEdge network & DDoS protectionGlobal
Auth providerSSO & identityUS / EU

A current, complete subprocessor list is available on request under NDA.

Security FAQ

Common security questions.

Bring your security team.

We'll walk through our controls, compliance status, and deployment options for your requirements.