Security Overview
Architecture, connector design, secure SDLC, audit logging, vulnerability management, and our overall security posture.
Status: AvailableSecurity controls
Encryption Architecture
How data moves through Cloudryption, TLS enforcement, at-rest encryption, secrets handling, tenant isolation, and evidence minimisation.
Status: AvailableAccess Control
RBAC role model, MFA/SSO requirements, provisioning controls, and quarterly privileged access reviews.
Status: AvailableBackup & Disaster Recovery
Encrypted backups, RPO/RTO targets, restore testing cadence, and recoverability commitments for the platform.
Status: AvailableSSO & SCIM
Enterprise customers can use SAML/OIDC SSO with Okta, Microsoft Entra ID, and Google. SCIM provisioning is available on supported enterprise plans.
Status: Available / EnterpriseData Residency
Cloudryption supports regional deployment options for customers with data residency requirements.
Status: Available by deployment modelPrivacy & data protection
GDPR / Data Processing Addendum
Cloudryption acts as a data processor for customer data. A full DPA covering processing purposes, security measures, and sub-processors is available for enterprise customers.
Status: AvailableSubprocessors
Our sub-processor list is minimal by design. Review the full list of approved subprocessors and how we manage third-party data flows.
Status: AvailableData Retention
Retention schedules for scan data, findings, audit logs, and account metadata — plus tenant offboarding data removal timelines.
Status: AvailableCompliance roadmap
SOC 2 Roadmap
Our honest status: not yet certified. See the GA controls baseline and phased path toward SOC 2 Type II covering Security, Availability, and Confidentiality criteria.
Status: Readiness in progressISO/IEC 27001
Cloudryption is building an Information Security Management System aligned to ISO/IEC 27001 principles.
Status: Readiness in progressFedRAMP
Public-sector compliance support is part of the future roadmap.
Status: RoadmapDisclosure & incident response
Responsible Disclosure
How to report suspected vulnerabilities, what to expect from our security team, and our safe harbour commitment to security researchers.
Status: AvailableIncident Response
How Cloudryption detects, contains, and communicates security incidents — and what customers can expect during and after an event.
Status: AvailableSecurity Questionnaire
Standardised answers covering governance, compliance, architecture, encryption, access control, SDLC, and subprocessors for enterprise vendor reviews.
Status: Available