> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vast.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security FAQ

> Data protection and platform security

## Data Protection

### How is my data protected from other clients?

Clients are isolated in unprivileged Docker containers and only have access to their own data. Each container is completely separate from others on the same host machine with:

* Separate namespaces and cgroups
* Network isolation
* File system isolation
* Process isolation

### How is my data protected from providers?

Provider security varies significantly:

* **Tier 4 datacenters** have extensive physical and operational security
* **Individual hosts** may have less formal security measures

For maximum security:

* Use **Secure Cloud** certified providers only
* Encrypt sensitive data at rest
* Don't store credentials in instances
* Use external key management

### What is Secure Cloud?

Secure Cloud providers are vetted datacenters with:

* [ISO 27001](https://www.iso.org/standard/27001) certification
* [Tier 3/4](https://uptimeinstitute.com/tiers) datacenter standards
* Verified physical security
* Professional operations

Enable the "Secure Cloud" filter when searching for instances to see only these providers.

## Account Security

### How do I secure my account?

Best practices:

1. Use a strong, unique password
2. Regularly rotate API keys
3. Monitor account activity
4. Use separate API keys for different applications
5. Review billing regularly for unusual activity

### What if my API key is compromised?

Immediately:

1. Delete the compromised key in Settings
2. Generate a new key
3. Update all applications
4. Check billing for unauthorized usage
5. Contact support if you see suspicious activity

## Network Security

### Are connections encrypted?

Yes, all connections use encryption:

* **Web interface:** HTTPS with TLS
* **SSH:** Encrypted by default
* **Jupyter:** HTTPS with self-signed certificates
* **API:** HTTPS required

### Can I restrict network access to my instances?

Network restrictions depend on the host configuration. Some options:

* Use SSH key authentication (no passwords)
* Configure firewall rules in your container
* Select providers with static IPs for IP whitelisting

## Best Practices

### Security checklist for sensitive workloads

* [ ] Use Secure Cloud providers only
* [ ] Encrypt data before uploading
* [ ] Use strong SSH keys
* [ ] Don't store credentials in instances
* [ ] Destroy instances immediately when done
* [ ] Monitor account activity regularly
* [ ] Use separate accounts for different projects
* [ ] Implement application-level encryption
* [ ] Keep software updated