Security & Compliance
Enterprise-grade security with US-based infrastructure. Your artifacts are protected with industry-leading security practices and compliance standards.
Infrastructure
US-Based Infrastructure You Can Trust
CloudRepo is a US-based company headquartered in the United States of America. All of your data is stored exclusively in the United States, meeting strict data residency requirements for financial services and other regulated industries.
- US-Only Data Residency
-
Primary hosting in AWS US-West (N. California) data center. All artifact storage in Amazon S3 and metadata in DynamoDB within the same US region. Your data never leaves the United States.
- Geographic Redundancy
-
Data replication across multiple US data centers for disaster recovery and high availability. Global CDN deployment (Q4 2025) for faster artifact delivery worldwide while maintaining US storage.
- Future: Data Center Choice
-
Coming in 2026: Choose your data residency location. EU customers will be able to store data exclusively in EU data centers, meeting GDPR locality requirements.
Security Model
Enterprise-Grade Security Practices
Your artifacts are protected with industry-leading security standards and best practices at every layer.
- Encryption Everywhere
- TLS 1.3 encryption for all data in transit. AES-256 encryption at rest for all stored artifacts. Your code is always encrypted, both in flight and at rest.
- Access Control & Authentication
- Token-based authentication, granular repository permissions, and team-level access controls. Okta SSO integration for enterprise teams with centralized identity management.
- Data Redundancy & Backups
- Automated backups with point-in-time recovery. Multi-region replication for disaster recovery. 99.999999999% (11 nines) durability with our Amazon S3 backed storage.
- Network Security
- DDoS protection, WAF (Web Application Firewall), and network isolation. Infrastructure hardening and regular security patching across all systems.
- Monitoring & Incident Response
- 24/7 system monitoring and alerting. Security event logging and analysis. Incident response procedures and uptime guarantees.
- Vulnerability Scanning (Coming Q2 2026)
- Automated security scanning for known vulnerabilities in your dependencies. Real-time alerts for critical security issues in your artifacts.
Compliance
Meeting Industry Standards
We're committed to achieving and maintaining the highest compliance standards to meet your regulatory requirements.
- SOC 2 Type II (Planned Q3 2026)
- We are actively working towards SOC 2 Type II certification to demonstrate our commitment to security, availability, and confidentiality controls.
- ISO 27001 (Planned 2026)
- ISO 27001 certification for information security management, particularly important for our EU customers and global enterprise requirements.
- GDPR Compliant (Planned 2026)
- Full GDPR compliance for EU customers. Data processing agreements available. Right to access, portability, and deletion of your data.
- Audit Logging (Planned Q2 2026)
- Comprehensive audit trails for all repository access and changes. Essential for compliance requirements and security investigations.
Architecture
Built on Cloud-Native Infrastructure
CloudRepo leverages AWS's world-class infrastructure for reliability, performance, and security.
Storage Layer
All artifacts stored in Amazon S3 with 99.999999999% durability. S3 versioning enabled for artifact history. Server-side encryption with AES-256.
Metadata & Database
Amazon DynamoDB for fast, scalable metadata storage. Multi-region replication for disaster recovery. Automated backups with point-in-time recovery.
Compute & Application
Serverless architecture for automatic scaling and high availability. No single points of failure. Auto-scaling based on demand.
Network & Delivery
CloudFlare CDN for global artifact delivery (Q4 2025). DDoS protection and WAF. TLS 1.3 encryption for all connections.
Questions about security?
We're happy to discuss our security practices, compliance roadmap, and how we protect your artifacts. Contact us for more details.