Security

Security as a default, not a setting

A summary of how CloudIP protects customer data, how the platform supports your audits, and what we will and will not do with information you trust us to hold.

Disaster-recovery program Live status

99.99%

Uptime

≤ 60 seconds

Recovery Point Objective (RPO)

≤ 5 minutes

Recovery Time Objective (RTO)

11 nines

Backup durability

AES-256 + TLS 1.3

Encryption

Quarterly, public

DR drills

Engineering targets for the CloudIP platform · Read the availability storyLive status →

Encryption everywhere

AES-256 at rest in tenant-scoped vaults; TLS 1.3 in transit on every connection.

Immutable backups

Retention locks at the storage layer — not in app code that an attacker can disable.

Identity and SSO

TOTP and WebAuthn MFA tenant-wide, plus SAML and OIDC SSO. SMS MFA intentionally not supported.

Audit log on every change

Tenant-wide structured audit log with retention controls and SIEM webhook.

Compliance-ready evidence

Pre-built control mappings for HIPAA, SOC 2, and PCI with on-demand evidence export.

US data residency

Customer data stays in seven US regions; international expansion is on the public roadmap.

Targets

Engineering posture at a glance

The same source of truth that drives the marketing site, the runbooks, and the synthetic alerts.

Metric	Target	What it means
Uptime	99.99%	Target uptime across the platform. Roughly 4.4 minutes of monthly downtime budget.
Read latency (p95, US)	< 50 ms	Read p95 measured coast-to-coast within the United States, served from the nearest edge replica.
Write latency (p95, US)	< 150 ms	Write p95 measured against the regional primary database, including queue acknowledgements.
Recovery Point Objective (RPO)	≤ 60 seconds	Maximum window of data potentially lost in a worst-case region failure for critical tables.
Recovery Time Objective (RTO)	≤ 5 minutes	Maximum time to restore the service for a regional incident affecting a critical workload.
Hot backup retention	30 days	Time-Travel-style point-in-time restore window covering every tenant database.
Cold archive retention	7 years	Object-locked archive in geographically redundant storage with retention enforced at the storage layer.
Backup durability	11 nines	Backups are stored on R2 with eleven nines of annual durability, replicated cross-region.
US edge presence	30+ POPs	Compute and cache run on Cloudflare’s anycast network with more than thirty US points of presence.
DDoS / WAF	Always on	Layer 3, 4, and 7 protection plus a managed WAF rule pack are enabled for every customer.
Encryption	AES-256 + TLS 1.3	Customer data is encrypted at rest with AES-256 and in transit with TLS 1.3 on every connection.
Admin MFA	Mandatory	Administrators must enroll TOTP or WebAuthn before performing privileged operations.
DR drills	Quarterly, public	A scripted disaster-recovery game day is run every quarter and the results are posted publicly.
Public post-mortems	≥ 15 minutes impact	Any incident with customer-visible impact of fifteen minutes or more is documented in a public post-mortem.

Targets describe the engineering posture of the CloudIP platform during the current development phase. They are stated as engineering goals rather than as a contractual service-level agreement. Customers requiring binding SLAs, custom RPO/RTO guarantees, dedicated infrastructure, or cross-cloud cold backups should contact CloudIP Professional Services for a custom engagement.

Availability story Disaster-recovery program

Resilience & continuity

Security that survives a bad day

The most important security control is the one that still works after something has already gone wrong. Here is how CloudIP keeps customer data recoverable, tamper-resistant, and observable when an incident is already in progress.

Tamper-resistant by construction

• Object Lock retention on the storage layer: 7 years on full snapshots, 90 days on hourly exports. A compromised admin cannot delete history before retention expires.
• Dual-region writes. Every backup is written to a primary U.S.-East bucket and a U.S.-West replica in the same transaction — not relying on async dashboard replication.
• Append-only audit log with anomaly detection on access patterns and SIEM-ready webhook delivery.
• Idempotency keys on every mutating API route so a replay attack cannot double-charge, double-ship, or double-write.

Operational guardrails

• Mandatory MFA for super-admin actions. Status page edits, queue replays, and break-glass restores all re-prompt for a fresh TOTP or WebAuthn challenge.
• Versioned deploys with auto-rollback. A cron Worker watches 5xx rates and reverts the platform on its own when error budget is breached.
• Circuit breakers on every external dependency. Stripe, ShipEngine, Cloudflare, OpenAI, and Twilio outages degrade gracefully instead of cascading.
• Quarterly DR drills with documented RPO and RTO. Restore jobs are tracked end to end through an admin console with full audit trail.
• Chaos engineering in sandbox tenants only — production tenants are never used as fault-injection targets.

Availability engineering posture Disaster-recovery program Live status & post-mortems Custom HA & cross-cloud

Encryption and key handling

Data is encrypted in transit with TLS 1.3 and at rest with AES-256 in object storage that is tenant-scoped. Tenant keys are isolated per customer and are not shared across tenants. Key rotation patterns and access constraints are documented in the security review packet available on request.

Backup immutability

Backups land in immutable snapshot chains protected by retention locks at the storage layer. The retention rule is enforced before any application code is consulted, which means a compromised administrator cannot delete backup history before its retention window expires.

Authentication

Multi-factor authentication is supported via TOTP and WebAuthn. Single sign-on supports SAML 2.0 and OIDC. SMS-based MFA is not supported because of well-documented risks from carrier SIM-swap attacks. Session lifetimes, idle timeouts, and re-authentication policies are configured at the tenant level.

Audit logs

Every modification to data, configuration, and access is recorded in a structured audit log that captures the actor, the timestamp, and the prior values. Logs can be exported via CSV or JSON, and real-time delivery to a SIEM is available via webhook.

Compliance

Pre-built control mappings cover HIPAA, SOC 2, and PCI. Customers operating under regulatory obligations can export evidence packs that include backup-immutability proofs, encryption configuration, MFA enrollment summaries, and access reviews.

Reporting a vulnerability

Security researchers can report findings to security@cloudip.com. We acknowledge reports within one business day and disclose accepted findings after remediation in accordance with industry-standard coordinated disclosure practice.

Talk to us about your audit

Customers preparing for SOC 2, HIPAA, or PCI audits can request the full security review packet.

Contact security View privacy