together.ai SOC 2 Type II: where do I request the report/security docs for our vendor review?

Most security and procurement teams start with the same question: “You’re SOC 2 Type II—great, but where do I actually get the report and security documentation for our vendor review?” On together.ai, that process is straightforward, and you don’t have to guess which inbox to email or which form to use.

Quick Answer: together.ai is AICPA SOC 2 Type II compliant. To request the SOC 2 Type II report and related security documentation for your vendor review, contact our team via the Contact Sales form at together.ai/contact-sales. Select the relevant options for security/compliance, mention “SOC 2 Type II report” in the notes, and our team will follow up with the appropriate documents under NDA if required.

The Quick Overview

What It Is: A secure, documented way to obtain together.ai’s SOC 2 Type II report and supporting security docs for your vendor/security review.
Who It Is For: Security, legal, procurement, and engineering leaders evaluating together.ai as an AI infrastructure and inference platform.
Core Problem Solved: Reduces friction in vendor due diligence by giving you a clear path to request formal security evidence—without hunting across multiple pages or ad-hoc email threads.

How It Works

When your team is assessing together.ai as an AI Native Cloud provider—whether for Serverless Inference, Dedicated Model Inference, Dedicated Container Inference, Batch Inference, or GPU Clusters—you’ll often need formal assurance: SOC 2 Type II, data protection details, and sometimes architecture descriptions for your risk register.

together.ai centralizes that process through the Contact Sales workflow so your request is routed to the right combination of sales, security, and legal.

Submit a security/compliance request
- Go to https://www.together.ai/contact-sales.
- Provide:
  - Your name, work email, and company.
  - A brief description like: “Requesting SOC 2 Type II report and security documentation for vendor review.”
  - Your current project status (prototype / in development / near launch / in production).
- If your organization requires it, mention any NDAs or specific formats (e.g., “upload to our vendor portal” or “share via email”).
Security & sales team follow-up
- Your request is routed internally to the appropriate stakeholders.
- For most enterprise or high-traffic use cases (Dedicated Inference, Dedicated Container Inference, GPU Clusters), the team will:
  - Confirm the NDA setup if needed.
  - Share the latest AICPA SOC 2 Type II report.
  - Provide additional security materials where appropriate (e.g., data handling overview, architecture notes, BAA options for HIPAA-aligned workloads).
Ongoing security collaboration
- As you move from evaluation to implementation, you can use the same channel for:
  - Additional security questionnaires.
  - Follow-up on region selection (North America, Europe, Asia/Middle East).
  - Clarifications on tenant-level isolation, encryption in transit/at rest, and data ownership for Serverless vs Dedicated deployments.

Features & Benefits Breakdown

Core Feature	What It Does	Primary Benefit
SOC 2 Type II Compliance	Provides audited controls over security, availability, and confidentiality.	Speeds up vendor review; satisfies standard enterprise due diligence.
Centralized Request Flow	Uses the Contact Sales form to route security requests correctly.	No guesswork on who to email; faster turnaround and fewer back-and-forths.
Data Ownership & Residency Detail	Documents data control, residency, and encryption practices.	Helps your team confirm compliance with internal, regional, or sector rules.

Ideal Use Cases

Best for enterprise security reviews: Because you can obtain the SOC 2 Type II report and supporting information in a formal, auditable way that fits into your vendor management process.
Best for regulated or sensitive workloads: Because you can combine SOC 2 Type II evidence with details on encryption, residency, and isolation before deploying workloads that touch PII, PHI, or sensitive IP.

Limitations & Considerations

Report access is controlled: SOC 2 Type II reports typically require an NDA or equivalent confidentiality agreement. Expect a short legal step if you don’t already have one in place.
Not a self-serve download (yet): The report is not exposed as a public PDF link. You should plan for a brief coordination cycle with the together.ai team, especially if your vendor review timeline is tight.

What together.ai’s Security & Compliance Posture Covers

When you request the SOC 2 Type II report and security documentation, you’re usually validating several aspects of the platform:

SOC 2 Type II:
together.ai is audited under AICPA SOC 2 Type II, which evaluates the design and operating effectiveness of controls over time—particularly relevant for always-on inference and GPU infrastructure.
Data protection and ownership:
- Your data and models remain fully under your ownership.
- Encryption in transit and at rest across platform services.
- Isolation across tenants so your workloads are logically separated from others.
Regional deployment options:
- Ability to deploy storage in regions that align with your data residency requirements:
  - North America
  - Europe
  - Asia / Middle East
- Helpful for teams with GDPR, regional banking, or sector-specific residency constraints.
Production readiness:
- Built for high-traffic inference—Serverless, Dedicated Inference, and GPU Clusters.
- Customers cite:
  - Up to 2x reduction in latency and ~33% cost savings vs prior setups.
  - The capacity to absorb “viral moments” without performance degradation using Dedicated Container Inference.

These points are typically addressed in the SOC 2 Type II report and in supplementary security documentation, which your security team can examine in detail.

How This Fits Into Different Deployment Modes

Your vendor review often depends on how you plan to use the AI Native Cloud:

Serverless Inference / Batch Inference
- You care about: request/response handling, logging, retention, and data segregation at scale.
- What to ask for: details on data retention policies, encryption, and observability.
Dedicated Model Inference / Dedicated Container Inference
- You care about: tenant-level isolation, network boundaries, and performance SLOs.
- What to ask for: architectural overview of dedicated endpoints, scaling behavior, and how multi-tenant controls are enforced logically and physically.
GPU Clusters
- You care about: cluster isolation, access control, and how training data flows are handled.
- What to ask for: cluster security architecture, IAM patterns, and any relevant HIPAA-aligned options if training on sensitive data.

All of these areas are supported by together.ai’s SOC 2 Type II posture, and your contact form request is the entry point for getting the right level of detail.

Pricing & Plans

There’s no separate “SOC 2 plan”—security and compliance assurances are part of evaluating together.ai’s core offerings. Pricing depends on how you consume the platform:

Serverless & Batch Inference:
Best for teams with variable or unpredictable traffic that need no infrastructure management and no long-term commitments. You pay per token or per job, and can still access SOC 2 evidence for vendor approval.
Dedicated Inference & GPU Clusters:
Best for teams with steady or high-throughput workloads, tight latency targets, or regulated data. These deployments benefit most from detailed security documentation, tenant-level controls, and region-specific setups—validated by SOC 2 Type II and additional security materials.

To align pricing with your security posture (e.g., specific regions, dedicated capacity), you’ll typically cover both budget and security questions in the same conversation initiated via the Contact Sales form.

Frequently Asked Questions

Can I download the together.ai SOC 2 Type II report directly from the website?

Short Answer: No, the SOC 2 Type II report is not a public download. You need to request it through the Contact Sales form.

Details:
SOC 2 Type II reports are confidential audit artifacts. together.ai shares them under appropriate confidentiality terms, usually via a direct engagement with your security and procurement teams. Start at https://www.together.ai/contact-sales, note that you’re requesting the “SOC 2 Type II report and security documentation for vendor review,” and the team will guide you through any NDA and delivery steps.

Does together.ai support HIPAA-aligned or regulated workloads alongside SOC 2 Type II?

Short Answer: Yes. together.ai is SOC 2 Type II compliant and offers HIPAA-aligned options, with encryption and data residency controls that support regulated workloads.

Details:
If you’re evaluating together.ai for workloads that may involve PHI or other regulated data, mention this in your Contact Sales submission. The team can discuss:

HIPAA-aligned deployment options.
Region selection (North America, Europe, Asia/Middle East) for data residency.
How encryption in transit and at rest, tenant-level isolation, and access controls are implemented across Serverless Inference, Dedicated Inference, and GPU Clusters.

These topics are linked to the same security and compliance stack that underpins the SOC 2 Type II report and will typically be addressed together during your vendor evaluation.

Summary

together.ai is AICPA SOC 2 Type II compliant, with strong data ownership guarantees, encryption in transit and at rest, and region-aware deployment for your AI workloads. Instead of leaving you to guess how to obtain the report, the process is centralized: submit a request via together.ai/contact-sales, specify that you need the SOC 2 Type II report and security documentation for your vendor review, and the team will coordinate secure delivery—often alongside guidance on deployment modes, residency, and HIPAA-aligned options.

For teams standardizing on an AI Native Cloud, this gives you both the formal audit evidence and the practical architecture detail your security and procurement partners expect.

Next Step

Get Started