GS-DOC-06Trust & security
Effective 2026-07-10

Trust & security

GPU Smith's business is keeping client data inside client boundaries. The same discipline governs how the firm itself handles information and how it is being independently attested.

§ 01Compliance

GPU Smith is undergoing a SOC 2 examination. The engagement is in progress and not yet complete; we do not represent the firm as SOC 2 certified. Once the report is issued it will be made available to counterparties under a non-disclosure agreement.

Where an engagement is subject to a specific regime (for example an export-control, classified or healthcare mandate), the applicable controls are set in the statement of work for that engagement rather than claimed generally here.

§ 02How client information is handled
  • Client boundary first. Engagements are structured to complete inside the client's data boundary, including air-gapped delivery where the mandate requires it.
  • No cloud of our own. The firm operates no compute platform and has no interest in whether a client rents or owns capacity, so client workloads are never run on our infrastructure.
  • Confidentiality from first contact. We work under a non-disclosure agreement from the outset; where a mandate prevents workload details from leaving your boundary, scoping covers only what the mandate permits.
  • Data minimization. We ask for the minimum needed to do the engineering, and engagement material is governed by the NDA and statement of work, which prevail wherever they are stricter.
§ 03This website

gpusmith.com has no accounts, no forms, no tracking cookies, no advertising pixels, no third-party marketing scripts and no analytics product. It keeps only standard hosting logs for security and operations. The privacy policy states exactly what is collected and why.

§ 04Reporting a security concern

Report a vulnerability or security concern to [email protected] with Security in the subject line. We acknowledge substantive reports within two business days and do not pursue good-faith researchers who act responsibly and avoid privacy violations or service disruption.