Compliance Status Letter

March 9, 2026

From: Chris Shellenbarger, Founder & CEO

Company: ChenPo LLC (d/b/a CloudRepo)

Contact: security@cloudrepo.io

Dear Customer,

Thank you for your interest in CloudRepo's security and compliance posture. I want to be straightforward and transparent about where we stand.

Who We Are

CloudRepo is a US-based, bootstrapped software artifact and package repository, operated by ChenPo LLC out of Fargo, North Dakota. We've been in operation since 2016 — over 10 years of serving customers who trust us with their software supply chain.

Certifications

CloudRepo does not currently hold SOC 2 Type II, ISO 27001, or other formal security certifications. I want to be honest about why: as a bootstrapped company, the cost of formal certification programs — which can exceed $50,000-$100,000 annually — is disproportionate to our company size. We've chosen to invest those resources directly into our security infrastructure and practices instead.

What We Do Have

While we don't have formal certifications, we maintain strong security practices:

  • 10+ years of incident-free operation — no security breaches in company history
  • Enterprise-grade infrastructure — hosted on AWS with AES-256 encryption at rest, TLS 1.2+ in transit
  • SOC 2 certified vendor ecosystem — every subprocessor we use (AWS, Braintree, Postmark, etc.) holds SOC 2 certification
  • US data residency — all customer data stored exclusively in the United States (AWS US-West)
  • SCIM 2.0 support — enterprise user provisioning available today
  • GDPR/CCPA compliance — data deletion processed within 30 days, Data Processing Agreement available
  • Comprehensive security documentation — Security Practices Document, DPA, and published Subprocessor List available at cloudrepo.io/trust

What's on Our Roadmap

  • SSO (SAML/OIDC) integration
  • Formal automated vulnerability scanning
  • Continued investment in security infrastructure

We evaluate certification options periodically and remain open to pursuing them as our business grows.

Our Commitment

I personally review every security inquiry. If you have specific compliance requirements, vendor questionnaires, or security questions, I'm happy to work through them with you directly. We've successfully completed vendor security reviews for multiple enterprise customers.

Please don't hesitate to reach out at security@cloudrepo.io.

Sincerely,

Chris Shellenbarger
Founder & CEO
ChenPo LLC (d/b/a CloudRepo)

A downloadable version of this letter is available at compliance-status-letter.md.