CloudOpsGPT Logo CloudOpsGPT
← Back to Home

Security Policy

Effective Date: January 2024

CloudOpsGPT is designed with enterprise-grade security at its core.

1. Deployment Model

  • Paid version: Deployed fully inside the customer's cloud account (AWS, Azure, GCP)
  • Free trial: Hosted in our secure multi-cloud infrastructure with restricted access
  • Hybrid deployment: Available for enterprise customers with specific requirements

2. Data Protection

  • Customer data is encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Secrets are managed through cloud-native secret management services
  • Infrastructure secured with cloud provider IAM best practices (least privilege)
  • Regular encryption key rotation and security updates

3. Access Controls

  • Role-based access control (RBAC) enforced across all platforms
  • Optional SSO and MFA for enterprise customers
  • API rate limiting and DDoS protection
  • Regular access reviews and privilege audits

4. Audit & Logging

  • All system actions are logged in cloud-native logging services
  • Logs are immutable and can be exported for compliance audits
  • Real-time monitoring and alerting for security events
  • 90-day log retention with extended retention for enterprise

5. AI Safety

  • CloudOpsGPT is powered by Amazon Q and Azure OpenAI, ensuring data never leaves your cloud environment
  • Customer prompts and metadata are not used for training any external models
  • AI responses are filtered for security and compliance
  • Regular AI safety assessments and bias testing

6. Compliance & Assurance

  • Built to align with SOC 2 Type II, ISO 27001, and HIPAA-ready controls
  • Regular internal reviews and third-party security assessments
  • Penetration testing conducted quarterly
  • Compliance certifications maintained and updated annually

7. Incident Response

  • In the event of a security incident, customers will be notified within 4 hours
  • 24/7 security monitoring and incident response team
  • Detailed incident reports provided within 72 hours
  • Regular incident response drills and tabletop exercises

8. Multi-Cloud Security

  • Consistent security controls across AWS, Azure, and GCP
  • Cloud-agnostic security policies and procedures
  • Regular security assessments for each cloud platform
  • Unified security monitoring and reporting

Contact Us

If you have any questions about our Security Policy, please contact us at:
info@cloudopsgpt.com