Cloudryption
Log in Book a Demo

Trust & Security

Incident Response

How Cloudryption prepares for, detects, contains, and recovers from security incidents.

Version: 1.0  ·  Effective date: May 2026  ·  Owner: Cloudryption Security & Privacy

Cloudryption maintains an incident response process covering preparation, detection, analysis, containment, eradication, recovery, customer notification, and post-incident improvement. This is a customer-facing summary; detailed internal playbooks and contact trees are maintained separately.

1. Purpose and scope

This Incident Response Policy Summary describes how Cloudryption prepares for, detects, triages, contains, eradicates, recovers from, and learns from security incidents affecting the Cloudryption service, website, infrastructure, customer metadata, and corporate systems.

The scope includes all systems operated by Cloudryption that process, store, or transmit Customer Data or that directly support the delivery of the platform.

2. Incident lifecycle

Preparation: maintain roles, on-call contacts, logging, monitoring, backups, access controls, tabletop exercises, and documented response playbooks.

Detection and analysis: triage alerts, user reports, vulnerability reports, cloud provider notifications, abnormal log activity, authentication anomalies, and tenant isolation signals.

Containment: isolate affected systems, disable compromised credentials, revoke sessions, block malicious traffic, pause affected connectors, or restrict platform functionality as needed to limit impact.

Eradication: remove attacker access, patch exploited vulnerabilities, rotate secrets, correct misconfigurations, and validate that controls are restored.

Recovery: restore service safely, monitor for recurrence, verify data integrity, and provide status updates to affected customers and stakeholders.

Post-incident review: document root cause, timeline, impact, customer notices sent, corrective actions taken, and prevention improvements. Share learnings with relevant teams.

3. Severity levels

Severity Definition Examples
SEV-1 Critical Confirmed or strongly suspected unauthorised access to Customer Data, active exploitation, or material service outage Cross-tenant data exposure, production database compromise, exposed production secrets, active ransomware
SEV-2 High High-risk vulnerability or limited compromise with significant security impact Privileged access weakness, data integrity concern, major degradation of security functionality
SEV-3 Medium Contained incident or exploitable weakness with compensating controls Isolated finding with limited exposure, moderate service impact with workaround available
SEV-4 Low Suspicious event, policy violation, or blocked attack with no confirmed impact Low-risk vulnerability, non-material security anomaly, failed attack with no evidence of success

4. Customer notification

Cloudryption will notify affected customers without undue delay after confirming a security incident that materially affects Customer Data, tenant security, platform availability, or customer trust obligations.

For a confirmed personal data breach involving Customer Personal Data processed by Cloudryption as processor, the customer notification target is within 48 hours of confirmation, with information provided in phases as investigation progresses where necessary.

Notification content will include, to the extent available at the time:

  • Incident summary and known timeline
  • Affected systems or data categories
  • Containment steps taken by Cloudryption
  • Customer actions required (if any)
  • Remediation plan and expected resolution timeline
  • Cloudryption contact for coordination and questions

Notification does not constitute an admission of fault or liability. Customers remain responsible for their own obligations to notify regulators and data subjects as required by applicable law.

5. Evidence and communications

Incident evidence is preserved with timestamps, involved systems, log sources, affected tenants, actions taken, and appropriate chain-of-custody documentation.

External communications are coordinated through authorised leadership, legal, security, and customer success contacts. Public statements will not speculate beyond confirmed facts.

Cloudryption maintains an incident register to support accountability, post-incident review, and audit requirements.

6. Readiness cadence

  • Incident response roles, contacts, and escalation paths reviewed quarterly
  • At least one tabletop exercise conducted before enterprise GA and then annually
  • Customer notification workflow, on-call escalation, backup restore path, and credential rotation procedures tested before broad GA
  • Post-incident reviews conducted for all SEV-1 and SEV-2 incidents

7. Contact

To report a security concern or suspected incident: security@cloudryption.com

For the vulnerability reporting process, see the Responsible Disclosure Policy.