Security at CloudDory
We protect your cloud data with enterprise-grade security controls, independent audits, and a security-first engineering culture.
How we handle security
Infrastructure Security
CloudDory runs on dedicated, hardened servers with strict network segmentation. All infrastructure is monitored 24/7 with automated alerting for anomalous activity.
Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database connections use encrypted channels. Sensitive fields receive additional application-layer encryption.
Access Controls
Role-based access control (RBAC) enforces least-privilege access for all users and internal staff. Multi-factor authentication is available for all accounts. Admin actions are logged.
Vulnerability Management
We perform regular vulnerability scans, dependency audits, and penetration testing. Critical vulnerabilities are patched within 24 hours. We maintain a security patch cadence for all dependencies.
Incident Response
We maintain a documented incident response plan with defined escalation procedures. Security incidents are triaged within 1 hour. Affected customers are notified within 72 hours per GDPR requirements.
Business Continuity
Automated backups run daily with point-in-time recovery. Disaster recovery procedures are tested quarterly. Our infrastructure is designed for high availability with 99.99% uptime target.
Report a vulnerability
We appreciate the work of security researchers who help keep CloudDory and our customers safe. If you discover a security vulnerability, we encourage you to report it responsibly.
Please send vulnerability reports to [email protected]. Include a detailed description of the vulnerability, steps to reproduce, and any proof-of-concept code.
We commit to acknowledging your report within 24 hours, providing regular updates on our investigation, and recognizing your contribution (with your permission) once the issue is resolved.
Questions about security?
Our security team is here to help. Reach out for security questionnaires, SOC 2 reports, or any security-related questions.