Security.

Last updated: June 2026

Security is foundational to how CarbonSilicon Labs builds and operates. This page describes the principles, controls, and processes that underpin our public website and the operating context behind it.

Our approach

Security is foundational to how CarbonSilicon Labs builds, operates, and delivers its platform. We take a defense-in-depth approach that combines administrative, technical, and physical safeguards across our corporate environment, our public website, and the customer-facing deployments of the CarbonSilicon Labs platform.

Our security program is informed by leading industry frameworks and is iterated on continuously as our product, our customer base, and the threat landscape evolve. The summary below describes the principles, controls, and processes that apply to our public website and to the broader operating context of the company. Customer-specific architectural diagrams, contractual security commitments, and environment-level controls are addressed within individual commercial engagements.

Governance and policies

CarbonSilicon Labs maintains a written information-security program with executive oversight. The program defines security roles and responsibilities, sets minimum control expectations for engineering and operational teams, and is reviewed regularly to reflect changes in our product, infrastructure, and the regulatory environment.

All employees and contractors are required to acknowledge and comply with our security and acceptable-use policies. Security expectations are reinforced through onboarding, periodic training, and role-specific guidance for engineering, operations, and customer-facing functions.

Personnel security

  • Background checks for employees in accordance with applicable law.
  • Confidentiality obligations included in employment and contractor agreements.
  • Security and privacy awareness training at onboarding and refreshed on a recurring cadence.
  • Role-based training for engineering, operations, and other security-sensitive functions.
  • Documented offboarding to revoke access and recover assets when employment or engagement ends.

Infrastructure and network security

CarbonSilicon Labs hosts its production infrastructure with reputable cloud providers operating data centers that maintain recognized security and availability certifications. Our environments are designed with segmentation between production, staging, development, and corporate workloads to reduce blast radius and limit lateral movement.

Networks are protected by multiple layers of controls, including managed firewalls, security groups, virtual private networks, and intrusion-detection telemetry. Administrative access to production infrastructure is restricted to a small set of authorized personnel through hardened jump points and just-in-time access.

Application security

We follow secure-by-default engineering practices throughout the development lifecycle. Code changes are reviewed by peers prior to merging, and automated tooling is used to identify common classes of vulnerability before code reaches production. Dependencies are tracked and updated, and high-risk advisories are prioritized for rapid remediation.

We use a combination of static analysis, dependency scanning, and periodic third-party assessments to validate the security posture of our applications. Findings are tracked through to remediation with documented severity and timeline expectations.

Access control and identity

  • Single sign-on for internal systems wherever supported.
  • Multi-factor authentication required for access to production systems and sensitive internal tooling.
  • Role-based access control with the principle of least privilege.
  • Periodic access reviews to confirm that entitlements remain appropriate.
  • Strong password policies and managed credentials for shared services.
  • Prompt revocation of access on role change or separation.

Data protection

Data is encrypted in transit using modern Transport Layer Security configurations on all CarbonSilicon Labs–controlled web surfaces. Sensitive data at rest in production environments is encrypted using industry-standard algorithms managed through the relevant cloud-provider key-management services.

Customer data handling, retention, segregation, and deletion practices for the CarbonSilicon Labs platform are governed by the contractual terms and data processing addenda that accompany customer engagements. Public-website submissions are retained only for as long as needed to respond to your request and to meet operational and legal requirements.

Logging and monitoring

We maintain centralized logging across production systems and security-relevant tooling. Logs are protected against tampering and are retained for a period appropriate to incident investigation and compliance needs.

Automated monitoring is in place for indicators of operational and security anomalies, and on-call engineers are alerted to events that warrant investigation. Detection and response capabilities are reviewed and refined over time based on observed activity and emerging threat patterns.

Vulnerability management and patching

We track vulnerabilities affecting our infrastructure, applications, and third-party dependencies through a combination of vendor advisories, automated scanners, and threat intelligence. Issues are triaged based on severity, exploitability, and exposure, and remediation timelines are tracked against documented service levels.

Critical security patches for systems we manage are applied on an expedited schedule, and customer-impacting maintenance is communicated through the appropriate channels when required.

Incident response

CarbonSilicon Labs maintains a documented incident-response plan that covers preparation, detection, containment, eradication, recovery, and post-incident learning. The plan defines roles, communication channels, escalation paths, and decision authorities for security events of varying severity.

If we determine that a security incident affects information for which we are responsible, we will provide notice in accordance with our legal and contractual obligations and will share the information needed to understand and respond to the event.

Business continuity and resilience

We design production systems for redundancy and operational resilience. Critical components are deployed across multiple availability zones, backups are taken on a regular cadence, and recovery procedures are documented and exercised.

Continuity and disaster-recovery objectives are reviewed periodically and refined as our architecture and customer commitments evolve.

Vendor and third-party risk

CarbonSilicon Labs relies on a curated set of third-party providers to operate its business. We assess prospective vendors against security, privacy, and operational criteria proportionate to the sensitivity of the data and the criticality of the service. Material changes in vendor posture are reviewed during ongoing relationships.

Contracts with service providers include confidentiality, security, and processing restrictions appropriate to the engagement.

Responsible disclosure

We welcome reports from researchers and members of the public who identify potential security issues affecting CarbonSilicon Labs–controlled surfaces. Please report findings privately through the contact page and include enough information for our team to reproduce and assess the issue, such as the affected URL or component, a description of the suspected vulnerability, reproduction steps, the time and date of testing, and any supporting screenshots or logs.

We ask that researchers act in good faith, avoid accessing or modifying data that does not belong to them, refrain from activities that could degrade service for other users, and give CarbonSilicon Labs a reasonable opportunity to investigate and remediate before disclosing the issue publicly. We do not pursue legal action against researchers who act consistently with this guidance.

Compliance and audits

CarbonSilicon Labs aligns its program with applicable laws and recognized industry frameworks, and we continue to invest in our compliance posture as our customer base and product expand. Information on current attestations, available audit reports, and the security materials that we can share under appropriate confidentiality protections is available to customers and qualified prospects through their commercial point of contact.

Scope and updates

This page summarizes CarbonSilicon Labs’ security posture as it relates to our public website and broader operating context. Customer-specific controls, deployment architecture, contractual security commitments, and environment-level protections are governed by the relevant customer agreements.

We update this page from time to time to reflect changes in our security program. Where material changes are made, we will indicate the date of the latest revision at the top of the page.