light firebird logo
JOIN OUR TEAM
Join WaitList

Security Policy

Last updated: June 16, 2026

1. Overview

Firebird AI CJSC (“Firebird”) is committed to protecting the confidentiality, integrity, and availability of the Firebird Cloud platform and customer data.

Firebird Cloud is an Infrastructure-as-a-Service (IaaS) platform providing GPU-enabled compute resources, storage, networking, and virtualization infrastructure for AI training and other high-performance computing workloads.

This Security Policy describes the security measures implemented by Firebird and explains the shared security responsibilities between Firebird and its customers.

2. Security Principles

Our security program is based on the following principles:

  • Security by design
  • Least privilege
  • Defense in depth
  • Secure defaults
  • Continuous monitoring
  • Risk-based security management
  • Continuous improvement

Security controls are regularly reviewed to address emerging threats and evolving technologies.

3. Data Residency

Firebird Cloud infrastructure is hosted exclusively within Firebird-operated data centers located in the Republic of Armenia.

Unless otherwise agreed in writing:

  • Customer Content
  • Account Information
  • Infrastructure Metadata
  • Operational Logs

are stored and processed exclusively within Armenia.

Firebird does not replicate customer data to other jurisdictions except where required by applicable law or requested by the customer.

4. Shared Responsibility Model

Firebird Cloud operates under a shared responsibility model.

Firebird is responsible for

  • Physical data center security
  • Physical servers
  • GPU hardware
  • Virtualization platform
  • Storage infrastructure
  • Networking infrastructure
  • Cloud control plane
  • Platform monitoring
  • Infrastructure maintenance
  • Security patching of Firebird-managed systems

Customers are responsible for

  • Operating systems
  • Virtual machines
  • Containers
  • Installed software
  • AI frameworks
  • Machine learning models
  • Customer datasets
  • Firewall configuration
  • Network security policies
  • User permissions within workloads
  • Backup of customer workloads where required

Firebird cannot access or manage software installed inside customer virtual machines except where explicitly authorized for support purposes.

5. Physical Security

Firebird protects its infrastructure using multiple physical security controls including:

  • Restricted facility access
  • Visitor management
  • CCTV surveillance
  • Environmental monitoring
  • Fire detection and suppression
  • Power redundancy
  • Climate control
  • Hardware inventory management

Only authorized personnel may access production infrastructure.

6. Infrastructure Security

Firebird secures the cloud platform using layered infrastructure controls including:

  • Network segmentation
  • Firewall protection
  • Private management networks
  • Secure administrative access
  • Infrastructure hardening
  • Continuous monitoring
  • Security logging
  • Automated infrastructure deployment
  • Regular security updates

Production systems are maintained according to documented operational procedures.

7. Identity and Access Management

Administrative access to Firebird infrastructure is controlled through:

  • Role-Based Access Control (RBAC)
  • Multi-factor authentication (MFA)
  • Individual administrator accounts
  • Least-privilege access
  • Access approval procedures
  • Periodic access reviews
  • Immediate revocation of unnecessary privileges

Administrative activities are logged and monitored.

8. Customer Account Security

Customers are responsible for protecting their Firebird Cloud accounts.

Customers should:

  • Maintain strong passwords.
  • Enable multi-factor authentication where available.
  • Protect API credentials.
  • Limit administrator access.
  • Remove inactive users.
  • Notify Firebird immediately if account compromise is suspected.

Customers remain responsible for activities performed by users within their tenants.

9. Data Protection

Firebird protects customer information through administrative, technical, and organizational safeguards.

Encryption in Transit

All public services are protected using HTTPS with modern TLS encryption.

Encryption at Rest

Sensitive platform data is encrypted at rest using industry-standard encryption technologies where applicable.

Customer Content

Firebird accesses Customer Content only:

  • to provide the Services;
  • to maintain platform functionality;
  • when instructed by the customer; or
  • where required by law.

Firebird does not use Customer Content:

  • to train artificial intelligence models;
  • for advertising purposes; or
  • for unrelated commercial purposes.

Customer ownership of Customer Content remains unchanged.

10. Secure Software Development

Security is incorporated throughout the development lifecycle.

Development practices include:

  • Secure architecture reviews
  • Peer code review
  • Automated testing
  • Dependency vulnerability scanning
  • Secret detection
  • Controlled production deployments
  • Security-focused change management

Engineering teams follow secure coding practices consistent with industry standards, including the OWASP Top 10.

11. Vulnerability Management

Firebird maintains a vulnerability management program that includes:

  • Continuous monitoring for security advisories
  • Operating system patch management
  • Dependency scanning
  • Infrastructure vulnerability assessments
  • Risk-based prioritization
  • Timely remediation

Critical vulnerabilities receive expedited handling.

12. Logging and Monitoring

Firebird continuously monitors production systems to detect operational and security events.

Monitoring includes:

  • Authentication events
  • Administrative actions
  • Infrastructure health
  • Security alerts
  • Network events
  • Platform availability

Logs are retained in accordance with operational and legal requirements.

13. Incident Response

Firebird maintains documented procedures for responding to security incidents.

The incident response process includes:

  1. Detection
  2. Validation
  3. Containment
  4. Investigation
  5. Recovery
  6. Post-incident review

Where required by law or contractual obligations, Firebird will notify affected customers of confirmed security incidents without undue delay.

14. Availability and Business Continuity

Firebird works to maintain reliable service through:

  • Infrastructure monitoring
  • Hardware redundancy where appropriate
  • Backup procedures for platform systems
  • Disaster recovery planning
  • Capacity management
  • Planned maintenance procedures

Scheduled maintenance may temporarily affect service availability.

15. Compliance with Laws

Firebird complies with applicable laws governing operation of its cloud platform, including export control and sanctions requirements. Customer onboarding includes jurisdiction verification, and access may be restricted where required by applicable law.

16. Responsible Vulnerability Disclosure

Firebird encourages responsible disclosure of security vulnerabilities.

Researchers should report vulnerabilities to: security@firebird.ai

Reports should include sufficient information to reproduce the issue.

Firebird requests that vulnerabilities not be publicly disclosed until remediation has been completed.

17. Policy Updates

Firebird may update this Security Policy periodically. Material changes will be reflected by updating the effective date published on this page.

Contact

For security-related questions or to report a vulnerability: security@firebird.ai