Your Data Security Is Our Priority
Cloptima is built with security at every layer. Read-only access, end-to-end encryption, and enterprise-grade compliance.
Read-Only by Design
Cloptima only reads cost data, resource metadata, and usage metrics from your cloud accounts. We never have permission to create, modify, or delete any resources in your infrastructure.
Encryption
- •All data encrypted at rest with AES-256; TLS 1.3 for data in transit
- •Provider credentials, virtual keys, webhook secrets, and OAuth tokens encrypted at rest
- •Secrets managed via KMS with key rotation and least-privilege access
- •Access to sensitive material is logged and audited
Access Control
- •Read-only cloud account access — we never modify your resources
- •Role-based access control (RBAC) for all users
- •SSO / SAML support for Enterprise plans
- •Audit logging of all administrative actions
Infrastructure
- •Hosted on Google Cloud Platform with multi-region redundancy
- •Network segmentation with private VPCs
- •WAF and DDoS protection at edge
- •Automated vulnerability scanning of all containers
Data Handling
- •Cost metrics and resource metadata only — never application data
- •No access to your database contents or query results
- •Data retention configurable per customer
- •Complete data deletion on account closure
Authentication
- •OAuth 2.0 with major identity providers
- •Multi-factor authentication (MFA) supported
- •JWT tokens with short expiration and automatic refresh
- •API keys with scoped permissions for CLI/MCP
Compliance
- •SOC 2-aligned security controls and processes
- •GDPR-compliant data handling; DPA available on request
- •Regular third-party penetration testing and vulnerability scanning
- •Documented incident response with timely customer notification
Data residency
Hosted on Google Cloud Platform with multi-region redundancy. Customer data stays within the platform boundary and is deleted on account closure.
Sub-processors
We maintain a current list of sub-processors and notify customers of material changes. The list is available on request.
Documentation on request
Security overview, DPA, and compliance documentation are available to customers and prospects under NDA.
Security Questions?
Contact our security team for detailed documentation, compliance reports, or to discuss your organization's specific requirements.
Trusted Security. Powerful Intelligence.
Bring LLM FinOps, governed model access, and cloud cost optimization into one operating model.