Security & Compliance
CloudDory is SOC 2 Type II certified. We take the security of your cloud data seriously, with independent audits and enterprise-grade controls.
Independent audit of our security controls
SOC 2 Type II is an auditing standard developed by the American Institute of CPAs (AICPA). Unlike Type I, which evaluates controls at a point in time, Type II verifies that controls are operating effectively over a sustained period (typically 6-12 months).
Our SOC 2 Type II report covers the Trust Services Criteria for Security, Availability, and Confidentiality. An independent third-party auditor evaluates our infrastructure, processes, and controls to ensure they meet the highest standards.
The full SOC 2 Type II report is available under NDA for enterprise customers and prospects. Contact our sales team to request a copy.
How CloudDory protects your data
Encryption at Rest
All data stored by CloudDory is encrypted with AES-256. Database fields containing sensitive information use additional application-layer encryption.
Encryption in Transit
All connections use TLS 1.3. API endpoints enforce HTTPS. Internal service-to-service communication is encrypted.
Read-Only Cloud Access
CloudDory only requests read-only permissions to your cloud accounts. We never request write, delete, or modify access to your infrastructure.
No Write Permissions
Our IAM roles, service accounts, and app registrations are scoped to the minimum permissions needed for cost and metadata reads.
Data Isolation Per Org
Every organization has isolated data storage. Row-level security and org_id isolation ensure no cross-tenant data leakage.
Access Controls
Role-based access control (RBAC) with audit logging. All admin actions are logged and retained for compliance review.
Compliance frameworks
SOC 2 Type II
Independent third-party audit of our security, availability, and confidentiality controls. Report available under NDA.
GDPR Ready
Full GDPR compliance with data subject rights, DPA available, EU data processing options, and breach notification procedures.
ISO 27001
ISO 27001 certification is on our roadmap. Our security practices already align with ISO 27001 control objectives.
View Trust Center
Need our SOC 2 report, DPA, or security questionnaire? Reach out to our team.