Trust Center
Security, compliance, and privacy at CloudRepo. We believe in complete transparency about how we protect your data and artifacts.
Security
How We Protect Your Data
- Encryption at Rest & In Transit
- AES-256 encryption for all stored artifacts. TLS 1.2+ enforced on all connections. Passwords hashed with PBKDF2+BLAKE2b-512.
- Access Controls
- MFA required on all production systems. Principle of least privilege enforced. No shared credentials — individual accounts for all access.
- US-Based Infrastructure
- All data stored exclusively in the United States on AWS. Amazon S3 with 99.999999999% durability. DynamoDB with automated backups.
- Zero-Breach Track Record
- No security breaches in over 10 years of operation. No known data breaches in company history. We respond to security reports as quickly as possible, typically within 24 hours.
Compliance
Our Compliance Posture
While CloudRepo does not hold formal certifications like SOC 2 or ISO 27001, we maintain strong security practices and partner exclusively with certified vendors.
AES-256 Encryption
All data encrypted at rest and in transit
US Data Residency
All data stored exclusively in the United States
SOC 2 Certified Vendors
All infrastructure partners are SOC 2 certified
Zero Security Breaches
No data breaches in company history
GDPR Ready
Data processing agreement and deletion processes in place
Documentation
Security Documentation
Download our security documents for your vendor review process.
Security Practices
Comprehensive overview of our security controls, infrastructure, and processes.
Security Self-Assessment
Complete 43-question vendor security questionnaire for enterprise procurement.
Compliance Status Letter
Founder letter on our security commitment and compliance posture.
FAQ
Frequently Asked Questions
Common questions about our security and compliance practices.
-
CloudRepo does not hold SOC 2 certification. As a bootstrapped company, the cost of formal certification is disproportionate to our size. However, we exclusively partner with SOC 2 certified vendors (AWS, Braintree, Postmark, etc.) and maintain comprehensive security practices that align with SOC 2 principles. We provide full transparency through our Security Practices Document, Data Processing Agreement, and Subprocessor List.
-
SAML/OIDC SSO is launching Q2 2026 and will be included on all plans. We actively encourage customers to tell us which identity providers (Okta, Azure AD, etc.) they need so we can prioritize accordingly. Contact us at security@cloudrepo.io.
-
All customer artifacts and account data are stored exclusively in the United States (AWS US-West). Artifacts are stored in Amazon S3 with 99.999999999% durability. Metadata is stored in Amazon DynamoDB. Certain operational subprocessors may process limited categories of operational data in other jurisdictions — see our subprocessor list for details.
-
Email security@cloudrepo.io with your data deletion request. We process all verified requests within 30 calendar days, in compliance with GDPR and CCPA requirements. Upon account termination, all customer data is deleted within 30 days.
-
No. CloudRepo has had no security incidents in the past 3 years and no known security breaches or data loss events in company history.
-
Yes. Our GDPR Article 28 compliant Data Processing Agreement is available for download from our Trust Center. Contact us at security@cloudrepo.io if you need a countersigned copy.
Need a Custom Security Review?
We're happy to complete vendor questionnaires, discuss our security practices, or address specific compliance requirements.