together.ai SOC 2 Type II: where do I request the report/security docs for our vendor review?
Foundation Model Platforms

together.ai SOC 2 Type II: where do I request the report/security docs for our vendor review?

6 min read

Most security and procurement teams evaluating together.ai for production workloads will want to see the SOC 2 Type II report and related security documentation as part of their vendor review. The short answer: you can request together.ai’s SOC 2 Type II report and security package directly through the sales team or enterprise contact channels, and it’s shared under NDA to verified evaluators.

Quick Answer: together.ai is AICPA SOC 2 Type II audited and offers a full security due diligence package (SOC 2 report, data protection details, architecture summaries) on request. The fastest way to get it for your vendor review is to contact sales or your account team so they can share the report under NDA.

The Quick Overview

  • What It Is: A formal SOC 2 Type II attestation and security documentation package covering together.ai’s AI Native Cloud, including controls for data protection, access management, monitoring, and availability.
  • Who It Is For: Security, procurement, legal, and compliance teams running vendor risk assessments for AI infrastructure, model serving, or GPU compute providers.
  • Core Problem Solved: Reduces risk and evaluation friction by giving your team third-party–validated assurance that together.ai’s infrastructure, storage, and inference services are operated with strong security and compliance controls.

How It Works

together.ai operates as an AI Native Cloud for running, fine-tuning, and deploying open-source and partner models in production. Because customers often run sensitive workloads and large-scale inference, the platform is independently audited and holds an AICPA SOC 2 Type II attestation.

When you initiate a vendor review, together.ai can share:

  • The current SOC 2 Type II report (under NDA)
  • Security and privacy overview documentation
  • Data handling and storage residency details
  • Uptime and reliability posture (e.g., 99.9% uptime targets)

This due diligence package is typically shared via a secure channel after you contact sales or your assigned account team.

  1. Initial Contact:
    You reach out via the enterprise/sales contact form or your existing together.ai representative, stating that you need SOC 2 Type II and security docs for vendor review.

  2. NDA & Verification:
    together.ai’s team confirms your organization and, if needed, executes or references an existing NDA before sharing the SOC 2 Type II report and extended security materials.

  3. Security Review Support:
    Your security team reviews the report, data residency options, and security controls. together.ai can support follow-up questionnaires or security calls as part of your procurement process.

Features & Benefits Breakdown

Core FeatureWhat It DoesPrimary Benefit
SOC 2 Type II AttestationIndependent audit of security, availability, and related controls over a defined period.Gives your security and compliance teams third-party assurance.
Clear Data Ownership & PrivacyEnsures your data and models remain fully under your ownership with strict privacy controls.Reduces legal and regulatory risk for sensitive workloads.
Region-Aware Storage & ResidencyLets you deploy storage in North America, Europe, or Asia/Middle East to match requirements.Helps satisfy data residency and sovereignty policies.

Ideal Use Cases

  • Best for formal vendor risk assessments: Because it gives security and procurement teams audited evidence (SOC 2 Type II), plus detailed security docs that map directly into your third‑party risk process.
  • Best for regulated or sensitive workloads: Because you get SOC 2 Type II plus encryption in transit/at rest, tenant-level isolation, and clear data ownership language, which simplifies approvals for healthcare, finance, or enterprise AI initiatives.

Limitations & Considerations

  • Report access is controlled: SOC 2 Type II reports are not public downloads; they are typically shared under NDA with qualified buyers and customers. Plan a short lead time to get access before key vendor review meetings.
  • Scope questions may arise: As with any SOC 2 report, your security team may want to confirm which services and regions are in scope. together.ai can clarify scope and provide supplementary technical documentation where needed.

Pricing & Plans

The SOC 2 Type II report and security documentation are part of together.ai’s enterprise readiness and do not incur a separate line-item fee, but they are usually provided in the context of a commercial evaluation or existing customer relationship.

For platform usage and deployment modes:

  • Serverless & Entry Plans: Best for teams exploring together.ai’s Serverless Inference, Batch Inference, or Together Sandbox and needing initial assurance that the provider is SOC 2 Type II audited.
  • Enterprise & Dedicated Plans: Best for organizations running Dedicated Model Inference, Dedicated Container Inference, or GPU Clusters in production, where formal vendor risk management and security documentation are mandatory.

Frequently Asked Questions

Where do I request together.ai’s SOC 2 Type II report for our vendor review?

Short Answer: Contact together.ai’s sales or account team and request the SOC 2 Type II report and security package; it’s shared securely, typically under NDA.

Details:
together.ai’s SOC 2 Type II report is a formal attestation and is not posted publicly. To obtain it:

  1. Go to the enterprise contact page or reach out to your existing together.ai representative.
  2. Specify that you need the SOC 2 Type II report and security documentation for vendor review.
  3. If an NDA is not already in place, together.ai may provide one for e‑signature before releasing the report.
  4. Once cleared, the team will share the report and any standard security overview documents your reviewers typically require.

This process helps your organization complete due diligence while keeping sensitive audit materials restricted to legitimate evaluators.

What security assurances does together.ai provide besides SOC 2 Type II?

Short Answer: together.ai combines SOC 2 Type II with strict data privacy controls, encryption in transit and at rest, regional storage options, and a clear “your data and models remain fully under your ownership” posture.

Details:
In addition to SOC 2 Type II, together.ai emphasizes:

  • Data Ownership: Your data and models remain fully under your ownership; together.ai operates the infrastructure but does not claim ownership of your assets.
  • Security Controls: Encryption in transit and at rest, tenant-level isolation, and hardened infrastructure for inference and storage.
  • Compliance & Partnerships: AICPA SOC 2 Type II and NVIDIA preferred partner status, aligned with enterprise expectations for AI infrastructure providers.
  • Reliability: A platform engineered for 99.9% uptime and proven in production with customers who report 2–3x cost savings and significant latency reductions.

These assurances, together with the SOC 2 Type II report, give risk and security teams enough evidence to green‑light production use of the AI Native Cloud.

Summary

For security and procurement teams, together.ai’s SOC 2 Type II report and supporting security documentation are available on request and are designed to slot cleanly into your vendor review process. The audit-backed controls, clear data ownership stance, encryption, and region-aware storage give you a concrete foundation for approving Serverless Inference, Dedicated Inference, GPU Clusters, and storage workloads on the AI Native Cloud.

Next Step

Get Started

Back to Foundation Model Platforms

Keep Reading

More from Foundation Model Platforms

What’s the best way to make an internal “chat with company docs” tool show citations and links to sources?

Read more

Why is my streaming chat response so slow to start (high first-token latency / TTFT) and how do I fix it without changing models?

Read more

How do I create a together.ai Instant GPU Cluster, pick reserved vs on-demand billing, and set guardrails to avoid surprise charges?

Read more