Security
We treat your data like our own — because we use the platform on our own engineering team.
Encryption
- At rest: AWS RDS KMS encryption (AWS-managed keys by default; CMK on Enterprise).
- In transit: TLS 1.2+ everywhere. ACM-managed certificates, HSTS enabled.
- Sensitive fields (BYOK API keys, SCM tokens): AES-256-GCM with rotating envelope keys.
Role-based access (RBAC)
Four-tier role model: super_admin, org_admin, reviewer, standard. Server-side enforcement at every API boundary; org-level data isolation.
BYOK — your LLM, your keys
Bring your own API key for Anthropic, OpenAI, Google Gemini, or AWS Bedrock. AI features use your key — not ours. Stored encrypted, never logged.
Data residency
Regional data residency — host in the US (N. Virginia) or EU (Frankfurt), with Asia Pacific also available. Region selection and single-tenant isolation on Enterprise. Self-hosted deployments stay entirely on your infrastructure.
AI data-leak prevention
CloudByte scans every AI prompt and response for leaked secrets, credentials, and sensitive data, then blocks or flags each finding by severity. See how AI-channel DLP works.
Audit trail
Every privileged action is logged with actor, timestamp, before/after diff, and IP. AI skill generations have a separate audit table with prompt, output, and cost.
Compliance
SOC 2 Type II: in progress (target Q4 2026). Available now: BAA on request, GDPR DPA, DPIAs.
Report a vulnerability
Email security@cloudbyte.ai — we respond within 24 hours and do not pursue good-faith research.