What we do today
- Least-privilege IAM. CloudScout assumes a read-only role in your AWS account, scoped via an ExternalId you control. Mutations happen in your repo, on your runners, never via our credentials.
- Encryption. TLS 1.3 in transit, AES-256 at rest (RDS, EBS, S3 SSE).
- Hard-delete endpoint. A GDPR Article 17 path purges customer data on request. Backup retention window is 13 months.
- Replay-hashed receipts. Every billed event ties back to a verifiable replay against a specific billing slice. Disputes raised within 30 days suppress the fee and trigger a re-replay.
- Tenant isolation. Per-customer schema with row-level org_id checks. Cross-tenant queries error at the query layer, not the application layer.
What we don’t claim
- SOC 2. Not yet. We will pursue Type I when the product matures past the design-partner stage. We won’t put it in our footer until we have a report.
- HIPAA / BAA. Not in scope. We don’t process PHI today.
- FedRAMP. Not in scope.
Sub-processors
- AWS - primary hosting, us-east-1
- Anthropic (via Bedrock) - agent reasoning
- Cloudflare - DNS + edge for marketing site
- AWS SES - transactional email (sign-in, lead capture)
- Cal.com - demo booking webhook source
DPA template available on request. Email [email protected].
Security contact
Disclose vulnerabilities to [email protected]. We respond within 5 business days. No bounty program yet - we’ll credit you in our security log if you wish.
Data retention
- Customer billing data: 13 months (then aggregated)
- Audit logs: 13 months
- Marketing form submissions: 24 months or until opt-out
- Backups: 13 months on glacier-class storage
Where data lives
All customer data is stored in AWS us-east-1. We do not replicate to other regions today. If you need a different region, contact us before contracting.