Our data protection practices reflect our commitment to safeguarding customer information through clear communication, robust security controls, and well-defined contractual and operational safeguards. We ensure transparency around how information is collected, used, and protected so you can make informed decisions, retain control of your data, and confidently engage with our products.
Data Ownership
Customers retain full ownership and control of their data at all times.
Data Minimization and Purpose Limitation
We collect only the data necessary to fulfill business and legal requirements—minimizing exposure and supporting privacy compliance.
Role-Based Access Control
Data access is limited by role, logged, and actively monitored.
Data Encryption
All data in transit is encrypted using secure industry standards.
Data Retention and Deletion Policies
We define clear retention periods and apply secure deletion methods by product.
Audits and Oversight
Regular audits verify compliance with our retention policies and standards, assess storage and access controls, and ensure responsible data classification.
Rapid Incident Response
We respond promptly to issues that could impact safety, privacy, and/or security. Our incident response process ensures timely action, clear communication, and continuous improvement so you stay informed and protected.
No Use of Customer Models for Training
We never use customer models to train or tune our detection capabilities.
Automatic Model Deletion
Models are deleted automatically upon scan completion. This ensures the integrity of your intellectual property (IP) and protects your data from unintended reuse.
Data Erasure on Request
You can request data deletion at any time. We honor data erasure requests in alignment with applicable regulations and contractual obligations, providing customers with control over their data lifecycle and supporting their internal governance and compliance requirements.
Consistent Security Across Deployments
Whether deployed as a SaaS solution or on-premises, Model Scanner performs scans using the same secure, parallel scanning architecture. This ensures consistent functionality, performance, and protection regardless of where the product is hosted.
Privacy by Design
Model Scanner applies data minimization, secure handling, and limited retention at every stage of its workflow. Each processing step is purpose-built to capture only the information needed, reduce unnecessary data exposure, and enforce secure deletion, ensuring your data is protected from intake to output.
CLI Connection Types
- Disabled: No data shared
- Hybrid: Shares limited, non-sensitive metadata to enable UI features.
Disabled: No customer data is transmitted outside your network. You maintain full control over data storage and infrastructure.
Hybrid: In a hybrid deployment, the Model Scanner runs entirely within your environment using a containerized setup such as Docker, ECS, or Kubernetes. Only non-sensitive scan metadata, such as model attributes and detection results, is securely transmitted to the HiddenLayer SaaS platform to support model visibility and insights through the UI.
Core Event Metadata
In a hybrid deployment, the following types of metadata are shared with the HiddenLayer SaaS platform to enable UI-based visibility and analytics. This includes summary information about the scan, model inventory details, and non-sensitive file-level metadata. Below is a representative subset of fields.
Always Sent:
top-level:
- version, schema_version, highest_severity
scan_id, start_time, end_time, status, severity
inventory:
- model_name, model_version, model_source, origin, requesting_entity, requested_scan_location, request_source
summary:
- detection_count, file_count, files_with_detections_count, detection_categories, severity, files_failed_to_scan, unknown_files
file_results:
- file_location, md5, sha256, file_type, file_size, file_type_details
detections:
- category, description, severity, cve, cwe, mitre_atlas, owasp
Some fields, such as file_type_details, may contain additional metadata depending on the file format.
For a complete example and description of the response schema, refer to our API documentation, which outlines all available fields and their behavior. Access requires an active HiddenLayer Console login.