We’re committed to keeping your data secure and your private information private. If you have any questions, please contact us.
Cloudcraft recently achieved its first SOC 2 Type I report, and is currently preparing for our Type II report. Our SOC 2 Security, Availability & Confidentiality Report is available to current and prospective customers by request, please contact us at firstname.lastname@example.org.
All of Cloudcraft's infrastructure is hosted on Amazon Web Services (AWS). Cloudcraft uses AWS data centers in the US East (N. Virginia) and GovCloud (US-West, for our government customers) regions that are SOC 1, SOC 2 and ISO/IEC 27001 certified.
Cloudcraft hires an external company annually for penetration and security testing. Our test reports are available on demand to current and prospective customers, please contact us at email@example.com.
All Cloudcraft data and communications are encrypted using industry best practices.
No Cloudcraft staff will access your data unless required for support reasons. When working a support issue we only access the minimum data needed to resolve your issue while respecting your privacy. Access to data is restricted by job function and monitored.
All the data, such as your diagrams, is by default private and only accessible by you. If you explicitly share something with someone, you can always revoke the access later. Cloudcraft Pro and Enterprise editions also include role-based access controls for teams.
Cloudcraft Enterprise integrates with your existing corporate directory and authentication methods through the use of SAML 2.0 for SSO. Just-in-Time user provisioning, IdP and SP-initiated logins, as well as strict SAML-only modes are also supported.
All user passwords are stored salted and hashed (using scrypt) and cannot be recovered by Cloudcraft staff.
When using Enterprise SSO/SAML 2.0 or a Google Account to access Cloudcraft, no user credentials are stored by Cloudcraft, and identity assertions are signed and verified.
Optional Two-Factor Authentication (2FA/MFA) support is available for an additional layer of protection of your account.
Cloudcraft uses code reviews, vulnerability scans, automated testing and automated deployments, with servers continuously kept up to date with the latest security errata. Our configuration and change management processes are documented and audited as part of our SOC 2 certification.
Cloudcraft Live allows you to auto-generate and sync your AWS environments with your diagrams. Live was designed from the start to take full advantage of the latest AWS security best practices. Specifically, Cloudcraft makes use of cross-account roles, the secure way to access your AWS environment:
Cloudcraft Live provides a safe and secure way for you to visually explore your AWS environment.
If you subscribe to Cloudcraft's paid plans, your credit card data is not transmitted through nor stored on our systems. We use a payment processor called Stripe, a company entirely dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe’s security online.
Please email us directly at firstname.lastname@example.org
We strive to keep Cloudcraft safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
If you have questions regarding a specific policy or general inquiries regarding security, please contact Cloudcraft support.