Skip to main content
Protecting partner model weights and intellectual property is core to the Reactor platform. We implement defense-in-depth security controls across storage, access, and transfer, ensuring your models remain confidential, isolated, and under your control.

Customer data ownership

Partners retain full ownership of their model weights and container images. Reactor does not access, use, or derive from partner weights for any purpose beyond serving the partner’s own workloads.

Data deletion

Partners can delete their weights, container images, and model records at any time via the CLI or API. Deletion is permanent and immediate:
  • Weights: Removed from storage. No copies are retained. Deleted weight versions cannot be recovered.
  • Container images: Removed from the registry. Associated tags are deregistered.
  • Model records: Fully removed from Reactor’s systems, including all metadata and access policies.
Reactor does not retain backups of deleted partner data. When you delete something, it’s gone.

Encryption

All data is encrypted in transit and at rest.
  • In transit: All API and data transfer connections are secured with TLS. Presigned URLs embed cryptographic signatures. Raw AWS credentials are never exposed to partners or intermediaries.
  • At rest: Model weights stored in S3 are protected with AES-256 server-side encryption. Container images in ECR inherit AWS-managed encryption by default.

Tenant isolation

Partner resources are isolated at the infrastructure level, not just the application level.
  • Storage: Each partner’s weights are stored under a dedicated S3 prefix (reactor-models/<partner>/<model>/<version>/). There is no shared storage namespace between partners.
  • Container registry: Each partner pushes to a namespaced ECR repository with IAM policies scoped exclusively to their namespace. Partners cannot read, list, or write to other partners’ repositories.
  • Runtime access: Model access is deny-by-default. Only explicitly authorized accounts can create sessions with a partner model, enforced at the API layer.

Credential security

Reactor uses short-lived, scoped credentials throughout the partner workflow.
CredentialScopeLifetime
Registry push tokenPartner namespace only12 hours (auto-refreshes)
Presigned upload URLSingle object, PUT-only15 minutes
Presigned import URLSingle source object1 hour
API keyPartner’s own resources90 days, revocable
No long-lived shared secrets are issued. Partners never receive credentials that grant access to other partners’ resources or to Reactor’s internal infrastructure.

Secure weight transfer

When importing weights from a partner’s S3 bucket, the transfer flows server-side from the partner’s storage directly to Reactor’s storage. Weights never transit through the partner’s local machine or any intermediate service. For direct uploads, the CLI obtains a scoped presigned PUT URL. Data flows directly from the partner to Reactor’s storage.

Access control

Partner models are gated by a deny-by-default access policy. Access is granted per-account and enforced at the session creation API. Even internal Reactor users cannot access a partner model without explicit authorization.

Compliance and roadmap

Reactor’s infrastructure runs on AWS, inheriting AWS’s SOC 2, ISO 27001, and HIPAA-eligible infrastructure controls. We are working toward SOC 2 Type I certification for the Reactor platform.