Security & Compliance
Compliance & Security
Last updated: 2026-04-30
Our Commitment
CloudSealed is committed to maintaining the highest standards of security and compliance. We implement technical and organizational measures to protect your data throughout the analysis lifecycle. Our security practices are designed to meet the requirements of SOC 2 Type II, LGPD (Brazil), CCPA (California), and industry best practices.
Regulatory Frameworks
We comply with the following regulatory frameworks and standards:
LGPD (Lei Geral de Proteção de Dados)
Full compliance with Brazil's data protection law, including lawful basis for processing, data subject rights, DPO appointment, and ANPD reporting procedures.
CCPA / US State Privacy Laws
Compliance with California Consumer Privacy Act and emerging state privacy laws. No sale of personal information. Transparent data practices.
SOC 2 Type II
Our infrastructure and processes are designed to meet SOC 2 Trust Service Criteria for security, availability, and confidentiality.
Google Ads Policy Compliance
Full compliance with Google Advertising Policies, including transparent business practices, accurate advertising claims, and proper data collection disclosures.
Security Measures
Encryption at Rest & in Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database connections use SSL. File uploads are encrypted in Google Cloud Storage.
Access Control
Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication for analyst accounts. Session tokens with automatic expiration.
Audit Logging
Comprehensive audit trail for all data access, modifications, and administrative actions. Logs are immutable and retained for 5 years.
Vulnerability Management
Regular security assessments, dependency scanning, and penetration testing. Responsible disclosure program for security researchers.
Personnel Security
Background checks for all employees with access to customer data. Mandatory security awareness training. Confidentiality agreements.
Infrastructure Security
Hosted on Google Cloud Platform with SOC 2 certified data centers. Network segmentation, firewall rules, and DDoS protection. Regular backup and disaster recovery testing.
Data Processing
Customer data is processed exclusively for the purpose of delivering cloud health check reports and related services. We do not use customer data for training AI models, marketing, or any purpose beyond the agreed service scope. Data is logically isolated per customer. We implement data minimization principles — we only collect and process data necessary for the analysis.
Incident Response
We maintain a documented incident response plan that includes identification, containment, eradication, recovery, and post-incident review. In case of a data breach, we will notify affected users within 72 hours and report to relevant authorities (ANPD for Brazilian users) as required by law. Security incidents can be reported to contact@cloudsealed.com.
Vendor Management
All third-party service providers are vetted for security and compliance before engagement. We maintain Data Processing Agreements (DPAs) with all sub-processors. Our primary sub-processors include Google Cloud Platform (infrastructure), SendGrid (email delivery), and Vercel (edge deployment). A complete list of sub-processors is available upon request.
Security Contact
For security concerns, vulnerability reports, or compliance inquiries:
- 📧 contact@cloudsealed.com