CoreWeave Trust Center

By making trust evidence easy to access and understand, CoreWeave helps pioneers move faster and smarter, without compromising security or compliance.

Trust you can build on

Trust is foundational to running AI at scale. CoreWeave is built with security, privacy, and resilience integrated across every layer of the platform, so your teams can get breakthroughs to market faster, with the confidence and clarity they need.

Embedded security

CoreWeave is purpose-built with enterprise-grade protection into every layer of our platform, with hardware isolation, real-time identity control, and continuous verification. Security is designed in, not added on.

Uncompromising privacy

We ensure customer data is handled only with the highest level of care and purpose. Customers retain full ownership and control of their data. CoreWeave processes data only to operate and support the platform, with safeguards in place to ensure confidentiality and integrity. Our privacy practices are designed to support regulatory and enterprise requirements.

Engineered resilience

AI workloads demand infrastructure that can withstand failure and recover quickly. CoreWeave is engineered for high availability with fault-tolerant design, proactive monitoring, and automated remediation. This resilience helps keep critical training and inference workloads running reliably at scale.

Left
Right

Compliance standards and certifications

Industry-recognized standards that demonstrate CoreWeave’s commitment to security, privacy, and trust.

SOC2 ISO 27001 ISO 27017 ISO 27018

Detailed compliance reports and supporting documentation are available upon request.

Request trust documentation

Frequently Asked Questions

What security certifications and compliance standards does CoreWeave maintain?

CoreWeave maintains a comprehensive security and compliance program aligned with industry-recognized standards and customer requirements. Our controls are designed to support enterprise and regulated workloads and are independently assessed on a recurring basis. Details on specific certifications, audit reports, and attestations are available under NDA through our Trust and Compliance team.

How can I request security, privacy, or compliance documentation?

Customers and prospects can request security, privacy, and compliance documentation directly through their CoreWeave account team or sales representative. Once a mutual NDA is in place, CoreWeave provides access to relevant materials such as audit reports, security overviews, and compliance attestations.

Where is CoreWeave Cloud infrastructure located?

CoreWeave operates data centers across multiple geographic regions, including the United States and Europe, to support customer requirements for performance, availability, and data residency. Specific region availability and placement options can be discussed during the sales and onboarding process.

How does CoreWeave handle security incidents and vulnerabilities?

CoreWeave follows a formal incident response and vulnerability management program. This includes continuous monitoring, defined escalation paths, and coordinated response procedures. Security incidents are investigated promptly, remediated according to severity, and communicated to affected customers in line with contractual and regulatory obligations.

How does CoreWeave approach platform availability and resiliency?

CoreWeave Cloud is engineered for reliability at AI scale. The platform incorporates fault-tolerant infrastructure, automated fleet, rack, and node lifecycle management, and continuous health monitoring. These capabilities are unified through CoreWeave Mission Control, which enables proactive detection, faster remediation, and sustained workload availability for training and inference at scale.

How does CoreWeave handle privacy and personal data?

CoreWeave processes customer data solely to deliver and operate the CoreWeave Cloud services. Customers retain ownership and control of their data. Strong technical and organizational safeguards are in place to protect data confidentiality, integrity, and availability, and data handling practices are governed by contractual commitments.

Does CoreWeave support regulatory requirements such as GDPR or CCPA?

Yes. CoreWeave’s privacy and security program is designed to support customer compliance with applicable data protection regulations, including GDPR and CCPA, where relevant. CoreWeave acts in accordance with its role as a service provider or processor and offers contractual commitments to support customer regulatory obligations.

How can I report a security concern or vulnerability?

Security concerns or potential vulnerabilities can be reported directly to CoreWeave through established security contact channels or via your account team. Reports are reviewed by CoreWeave’s security team and handled according to our responsible disclosure and vulnerability response processes.

Who should I contact with trust- or compliance-related questions?

For trust, security, privacy, or compliance inquiries, customers should contact their CoreWeave account representative or request engagement with the Trust and Compliance team.

This ensures questions are handled by the appropriate subject-matter experts and addressed efficiently.

Left
Right