Data Privacy

This topic outlines the implicit measures that ensure the privacy of your data in SecureCloud.

Hosted Environment

The SecureCloud software runs on Google Cloud and uses the Google Security Model, the very same platform used by Google itself to secure its own cloud products. For more information: https://cloud.google.com/security/overview/.

SecureCloud is deployed in the European region of Google Cloud. Google Cloud is certified by compliance standards including SOC2, ISO 27001, and HIPPA.

What Data do We Collect?

SecureCloud keeps the following data for the purpose of mapping your network and the traffic within it. Access to the operational environment and data is tightly controlled and logged.

• Node information including metadata, labels and definitions

• Cloud vendor security definitions (for example, security groups)

• Container images

What Data do We NOT Collect?

SecureCloud does not store any financial or private data (except user email addresses for authentication).

Encryption

• All data is encrypted at rest (in database) using AES256.
• All traffic to and from SecureCloud is encrypted TLS.

Vulnerability Checking

• External consultants regularly perform vulnerability analysis and penetration testing of SecureCloud. In addition, SecureCloud checks itself routinely for vulnerability issues.
• Sanity testing is performed as part of the SecureCloud CI/CD process.
• SecureCloud is tested for all of the OWASP Top 10 application security risks using code review and penetration testing methods.
• Users can use a proxy to inspect traffic to and from SecureCloud.

Multi-Tenancy

• The SecureCloud database is multi-tenant.

Retention Policy

• Data collected is retained until the user terminates their account.