Skip to main content

Trust & compliance

Certifications

SOC 2 Type II. Ankr's infrastructure operator (Asphere / W3 Technologies) holds a SOC 2 Type II attestation, independently audited by A-LIGN. The full report is available under NDA on request — ask your account manager or contact support.

ISO 27001. Certification is in progress on our security roadmap; this page will be updated when it is held.

Infrastructure resilience

  • Multi-region by default — RPC traffic is served from five regions (New York, Frankfurt, Los Angeles, Tokyo, Singapore) on bare-metal infrastructure across independent providers, with automatic failover between regions.
  • Per-chain, per-endpoint health monitoring — live status at the Ankr status page and the RPC health dashboard.
  • Uptime commitments per plan are documented in the SLA & service reliability page.

Security operations

  • 24/7 managed detection and response on privileged infrastructure hosts, with automatic containment of compromised hosts and an on-call security escalation path.
  • Identity-based administrative access — SSH goes through a gateway with SSO, device checks, and full session recording; there is no unaudited path to production hosts.
  • Immutable deployments — service planes deploy from per-PR container images behind mandatory code review and CI; there is no manual "log in and patch" path to running code.
  • Fleet-wide audit and intrusion detection — host audit, network IDS, and SIEM aggregation across the node fleet.
  • Incident discipline — security events get contained, remediated, and closed with a published internal postmortem (root cause, timeline, corrective actions).

Data handling

  • RPC request bodies and API keys are not logged.
  • Request metadata (method, status, timing) is retained for operational analytics — 30 days hot, 90 days cold storage.
  • Requests are not logged with PII. See the privacy policy for the full statement.

Reporting a security issue

Report suspected vulnerabilities or security incidents through the support portal — reports are routed directly to the security team.