Skip to main content

Security & Compliance

How CoreWeave, Inc. keeps its infrastructure and customer service data secure

About CoreWeave security

Customer data privacy is built into the foundation of CoreWeave’s platform. From the physical data center through the software layer, customer data is tracked, access controlled, and protected using industry best practices.

Below is an outline of our general security and privacy standards.

Multiple-layer physical security at data centers

All of CoreWeave's data centers are limited-access buildings, with no visible signage. All data centers are protected by security personnel, 24 hours a day, 7 days a week, 365 days a year.

In order to enter data center sites, all visitors must provide photo identification and sign in and out. Automatic background checks are performed prior to allowing access to any visitor. Additionally, all guests and vendors must be accompanied by a staff member during their visit.

Access for data center employees is granted via biometric identification, and all employees are required to sign non-disclosure agreemeents (NDAs).

Access monitoring and data safeguarding

All paper documents at any data center location are shredded on-site. All infrastructure hardware is contained within locked and secured cabinets, with cameras positioned at each cage, aisle, and door access point. Access tracking is performed in real time, which includes an ongoing digital door access log.

Logical access controls

CoreWeave ensures a comprehensive logical separation of all its customers in storage, network and execution layers. All CoreWeave employees are under NDA, and can only access customer data as needed for critical operations.

Logging and access control is applied to all infrastructure. CoreWeave employs a comprehensive response plan for security events, and firewalls restrict inbound Internet connections.

Breach prevention

CoreWeave employs several physical and logical intrusion prevention strategies as per industry best practice. Distributed Denial of Service (DDoS) mitigations are in place, as is TLS encryption of all Internet traffic.