Password protection/Access control policy

The following documentation is meant to be changed at any time at the discretion of the security and legal team, we encourage users to review this document regularly to ensure that they are following the last policy.

For any information please contact [email protected].

Definition

“Confidential Information” means any confidential or proprietary information, trade secrets, or sensitive personal data, whether provided or learned in oral, written, visual or other tangible form, including, without limitation, information concerning Stability’s business, property, technology, current or former User, customers, Projects, models, pictures, photographs, illustrations, graphic resources, game character, source code, object code, text, sounds, video, data and any materials thereof not generally known to the public and which is either identified as “Confidential” or “Proprietary” at the time of disclosure or which under the circumstances surrounding the disclosure should reasonably be considered to be confidential or proprietary due to its nature or the context of its disclosure. Confidential Information also includes copies, notes, abstracts and other tangible embodiments made by any person that are based on or contain any such information.
“Stability” or the “Company” means Stability AI Ltd. and Stability Inc.
“Policy” means this Stability Data Retention Policy.
“Credentials” means user IDs, passwords, and other login credentials, such as access cards, that grant a User access to the Systems
“Devices” means computational resources, assets, computers, printers, databases, mobile devices, phones, operating systems applications (including Web-based apps), websites, utilities, firmware, middleware, and other software, networks, and communications systems owned, operated, licensed, leased, or under the control of Stability or used in the interest of Stability.

Password creation

To ensure a proper level of security especially related to confidential or sensitive information inside of Stability AI IT, the first step for us to protect access is to use a “strong” password.

All passwords must follow the following policy to be considered strong :

Minimum of 14 characters
At least 1 uppercase
At least 1 lowercase
At least 1 number
At least one special characters

To ensure the safety of the password employees and partners are strongly encouraged to create passwords inside of the company password manager 1Password. We strongly discourage password reuse as it is one of the principal reasons for system compromission in most attacks on companies similar to ours.

Multi Factor authentication (MFA)

To ensure a proper level of security especially related to confidential or sensitive information inside of Stability AI IT, we have implemented multi-factor authentication (MFA) as an additional layer of protection for access to our systems and applications, the simple use of password in most situations isn’t enough.