Security Policy

Our commitment to protecting your information and maintaining secure systems and practices.

Last Updated March 11, 2026
Effective Date March 11, 2026

1. Security Commitment

Faraday Machines is committed to protecting the security and privacy of our website visitors and customers. This Security Policy outlines our approach to information security, the measures we implement, and our ongoing commitment to maintaining a secure environment.

Security is fundamental to our business model of providing secure, local AI infrastructure solutions.

2. Information Security Framework

Our security practices are built on industry-standard frameworks and best practices, including:

  • Defense in Depth: Multiple layers of security controls
  • Principle of Least Privilege: Minimal access rights for all users and systems
  • Regular Security Assessments: Ongoing evaluation of our security posture
  • Incident Response Planning: Prepared procedures for security events
  • Continuous Monitoring: Real-time security monitoring and alerting

3. Website Security Measures

3.1 Technical Safeguards

  • TLS/SSL Encryption: All data transmission is encrypted using industry-standard protocols
  • Secure Hosting: Our website is hosted on secure, regularly updated infrastructure
  • Regular Updates: Timely application of security patches and updates
  • Access Controls: Strict authentication and authorization mechanisms
  • Firewall Protection: Network-level security controls

3.2 Data Protection

  • Minimal data collection - only necessary information is gathered
  • Secure data storage with encryption at rest
  • Regular data backups with secure storage
  • Data retention policies to minimize exposure
  • Secure data disposal procedures

3.3 Application Security

  • Secure coding practices in website development
  • Input validation and sanitization
  • Protection against common web vulnerabilities (OWASP Top 10)
  • Regular security testing and code reviews

4. On-Premises Infrastructure Security

4.1 Delivered System Security Features

Faraday Machines ships enterprise AI infrastructure with state-of-the-art security features built into every deployment:

Encryption and Data Protection

  • FileVault Full-Disk Encryption: All Mac Studio systems ship with Apple's FileVault enabled, providing XTS-AES-128 encryption for complete data protection at rest
  • Secure Boot Process: Hardware-verified boot sequence ensures system integrity from startup
  • T2 Security Chip Protection: Dedicated security coprocessor manages encrypted storage and secure boot capabilities
  • Encrypted Data Transmission: All inter-device communication uses TLS encryption for data in transit

Network Security Controls

  • MAC Address Filtering: Pre-configured network access controls restrict connectivity to authorized devices only
  • Network Segmentation: Isolated network configurations prevent unauthorized lateral access
  • Firewall Configuration: Customized firewall rules tailored to your specific deployment requirements
  • VPN-Ready Infrastructure: Built-in support for secure remote access through encrypted tunnels

Access Control and Authentication

  • Provisioned User Access: Pre-configured user accounts with role-based permissions
  • Multi-Factor Authentication: Built-in MFA support for administrative access
  • Secure Credential Management: Integration with enterprise identity providers and password managers
  • Session Management: Automated session timeouts and access logging

Monitoring and Logging Capabilities

  • Comprehensive System Logging: Detailed audit trails for all system activities and access attempts
  • Security Event Monitoring: Real-time alerting for suspicious activities and security events
  • Performance Analytics: System health monitoring and performance metrics (available on enterprise plans)
  • Compliance Reporting: Automated generation of security and compliance reports

4.2 Advanced Security Features by Plan

Growth Plan Security Features

  • Standard encryption and access controls
  • Basic system logging and monitoring
  • Standard network security configuration

Scale Plan Enhanced Security

  • Advanced threat detection and response
  • Detailed forensic logging and analysis
  • Enhanced network monitoring and intrusion detection
  • Priority security support and incident response

Enterprise Plan Premium Security

  • Custom security configurations and hardening
  • Advanced persistent threat protection
  • Real-time security operations center integration
  • Dedicated security consultancy and ongoing assessment

4.3 Customer Security Responsibilities

Important Notice: While Faraday Systems provides comprehensive security features and secure system configuration, once deployed on your premises, the responsibility for maintaining security lies with your organization.

Physical Security Responsibilities

Customers are responsible for ensuring:

  • Physical Access Control: Restricting physical access to AI infrastructure equipment
  • Environmental Protection: Maintaining appropriate environmental controls (temperature, humidity, power)
  • Equipment Security: Preventing theft, tampering, or unauthorized physical access to systems
  • Secure Disposal: Following proper procedures for equipment decommissioning and data destruction

Remote Access and Network Security

Customers must maintain:

  • Network Security: Implementing and maintaining secure network infrastructure and access controls
  • User Access Management: Managing user accounts, permissions, and authentication credentials
  • Remote Access Security: Securing VPN connections and remote administration capabilities
  • Security Policy Enforcement: Implementing organizational security policies and procedures

Ongoing Security Maintenance

Customer responsibilities include:

  • Security Updates: Installing security patches and system updates as recommended
  • Configuration Management: Maintaining secure system configurations and access controls
  • Incident Response: Responding to security incidents and conducting internal investigations
  • Compliance Monitoring: Ensuring ongoing compliance with organizational and regulatory requirements

4.4 Shared Security Model

Faraday Systems Provides:

  • Secure hardware platform and initial configuration
  • Built-in encryption and security features
  • Security best practices implementation
  • Ongoing security guidance and support
  • Security updates and vulnerability notifications

Customer Maintains:

  • Physical security of deployed systems
  • Network security and access controls
  • User management and authentication
  • Security policy compliance and enforcement
  • Incident response and remediation

4.5 Security Support and Consultation

Faraday Systems provides ongoing security support including:

  • Security Configuration Guidance: Best practices for system hardening and configuration
  • Threat Intelligence: Updates on emerging threats and vulnerabilities
  • Security Assessment Services: Professional security reviews and penetration testing (enterprise plans)
  • Incident Response Support: Technical assistance during security incidents

4.6 Physical and Environmental Security (Faraday Facilities)

Our corporate operations maintain appropriate physical security measures:

  • Secure office environments with controlled access
  • Protection of equipment and sensitive information
  • Secure destruction of confidential materials
  • Environmental controls to protect systems and data

5. Employee Security

5.1 Personnel Practices

  • Background verification for employees with access to sensitive systems
  • Signed confidentiality and security agreements
  • Regular security awareness training
  • Clear roles and responsibilities for information security

5.2 Access Management

  • Role-based access controls
  • Regular access reviews and updates
  • Prompt removal of access upon role changes
  • Multi-factor authentication for administrative access

6. Vendor and Third-Party Security

We carefully evaluate the security practices of any third-party vendors or service providers:

  • Security assessments of vendor capabilities
  • Contractual security requirements and obligations
  • Regular reviews of vendor security practices
  • Incident notification requirements

7. Incident Response

7.1 Incident Management

We maintain a comprehensive incident response program that includes:

  • Defined incident classification and response procedures
  • Designated incident response team
  • Communication protocols for stakeholders
  • Post-incident analysis and improvement processes

7.2 Notification Procedures

In the event of a security incident that may affect personal information:

  • We will assess the scope and impact of the incident
  • Affected individuals will be notified as required by applicable law
  • Relevant authorities will be contacted when necessary
  • We will provide updates as the situation develops

8. Business Continuity

We maintain business continuity and disaster recovery plans to ensure:

  • Minimal disruption to website availability
  • Protection of critical business functions
  • Recovery procedures for various scenarios
  • Regular testing and updates of continuity plans

9. Compliance and Governance

9.1 Regulatory Compliance

Our security practices align with applicable regulations and standards:

  • Canadian privacy laws (PIPEDA)
  • Provincial privacy regulations
  • Industry-specific compliance requirements
  • International privacy frameworks (GDPR where applicable)

9.2 Security Governance

  • Regular review of security policies and procedures
  • Security risk assessments and management
  • Security metrics and reporting
  • Continuous improvement of security practices

10. Vulnerability Management

We proactively identify and address security vulnerabilities through:

  • Regular vulnerability scans and assessments
  • Penetration testing by qualified professionals
  • Prompt patching and remediation procedures
  • Monitoring of security advisories and threat intelligence

11. User Security Responsibilities

While we implement comprehensive security measures, users also play a role in maintaining security:

  • Keep browser and device software up to date
  • Use strong, unique passwords for any accounts
  • Report suspicious activities or potential security issues
  • Exercise caution when clicking links or downloading files

12. Security Contact and Reporting

We encourage responsible disclosure of security vulnerabilities. If you discover a potential security issue:

12.1 Reporting Process

  • Email security issues to: legal@faradaymachines.com
  • Include detailed information about the potential vulnerability
  • Allow reasonable time for assessment and remediation
  • Do not exploit the vulnerability or access unauthorized data

12.2 Response Commitment

  • We will acknowledge receipt of security reports within 48 hours
  • Provide regular updates on investigation progress
  • Coordinate responsible disclosure timelines
  • Recognize security researchers when appropriate

13. Security Auditing and Monitoring

We maintain comprehensive security monitoring and auditing capabilities:

  • 24/7 security monitoring and alerting
  • Regular security audits and assessments
  • Log retention and analysis for security events
  • Performance metrics for security controls

14. Policy Updates and Communication

This Security Policy is reviewed and updated regularly to reflect:

  • Changes in technology and threat landscape
  • Updates to regulatory requirements
  • Lessons learned from security incidents
  • Improvements in security best practices

Significant updates will be communicated through our website and other appropriate channels.

15. Contact Information

For questions about this Security Policy or to report security concerns:

Security Team: legal@faradaymachines.com

General Inquiries: legal@faradaymachines.com

Address: Faraday Systems
Toronto, Canada

We are committed to responding to security-related inquiries promptly and professionally.