Back to CloudJaeger
Trust & Security

Trust & Security

How CloudJaeger protects your data and your cloud. Built for the security and procurement teams who review us before we ever touch an account — read-only by design, EU-hosted, encrypted end to end.

Encryption
Your data is encrypted everywhere it lives and everywhere it moves.
  • At rest: AES-256 via AWS KMS-managed keys on every database, object store, and backup.
  • In transit: TLS 1.3 for all client and service-to-service traffic; HTTP is redirected to HTTPS.
  • Stored cloud credentials are additionally encrypted at the application layer before they ever touch the database.
Data residency
Application data is hosted in the EU.
  • Primary hosting region: AWS Europe (Frankfurt) — eu-central-1.
  • Database, object storage, and backups for the CloudJaeger application stay in-region.
  • The only data that leaves the region is the narrow, validated LLM context described below (US-based model providers).
Least-privilege access
We connect to your cloud with read-only, scoped permissions — and never store standing keys.
  • AWS is connected via a customer-owned IAM role you create from our CloudFormation / Terraform template — read-only, scoped to cost & inventory APIs.
  • We assume that role with short-lived STS credentials; there are no long-lived access keys to leak.
  • Azure and GCP use equivalently scoped, read-only service principals / service accounts.
  • You can revoke our access at any time by deleting the role — independent of CloudJaeger.
Secrets handling
Secrets are managed by AWS Secrets Manager, never committed or logged.
  • Database URLs, API tokens, and signing keys live in AWS Secrets Manager and are injected at runtime.
  • Application logs are scrubbed of credentials; error traces sent to monitoring are stripped of secrets.
  • No customer cloud credentials are written to logs, ever.
Safety posture: advise by default, you approve execution
CloudJaeger is read-only by default. We surface savings, forecasts, and recommendations — we do not change your infrastructure on our own.

Every recommendation is presented with the math behind it. Nothing is applied to your cloud without an explicit, human approval — there is no silent autopilot.

  • Optional autonomous execution is opt-in, gated behind a safety case (owner, ticket/PR, blast-radius proof, canary metric, rollback plan), and proceeds one reversible step at a time through the Safe-Autonomy Conveyor.
  • Every consequential action is written to a tamper-evident, SHA-256 hash-chained activity log (who did what, when) — each entry commits to the previous one, so any edit or deletion is detectable on demand.
  • Access to your account is read-only unless you explicitly enable a scoped, reversible action.
Autonomy modes — un-armed by choice
The full range of what CloudJaeger can do — and, just as clearly, what it will not. Four modes are live today; the two that touch your cloud are visibly locked.
Observe
Live
Read-only visibility.
Advise
Live
Ranked recommendations with evidence.
Dry-run
Live
Rehearses the exact action against your caps — nothing changes.
Approve-to-apply
Live
A named human approves; you make the change; CloudJaeger tracks and measures it.
Armed (with approval)
Locked
One approved action at a time, inside an owner-signed mandate.
Autonomous (within mandate)
Locked
No per-action approval — only inside a narrow, expiring, capped mandate; reversible actions only.

Live purchasing is un-armed by choice — hardcoded off in this build. It arms behind a mandate you write, not a toggle we flip.

Access model
Role-based access control inside your workspace.
  • Owner / admin / member / viewer roles scope what each teammate can see and do.
  • Every workspace is tenant-isolated; queries are scoped by organization so one customer can never read another's data.
  • Enterprise SSO (SAML / OIDC) and automated provisioning (SCIM 2.0) are available.
  • The audit log is restricted to owners and admins.
Data handling
What we collect, and what we never send anywhere.
  • We read cost & usage data and resource inventory metadata — not the contents of your workloads.
  • Our LLM providers receive only validated recommendation summaries and aggregated cost figures — never credentials or raw line items.
  • LLM providers operate under API terms that do not permit training on data we submit.
  • See the full subprocessor list for every third party and exactly what each one processes.
Compliance roadmap
Where we are today — stated honestly. These are commitments and in-progress efforts, not certifications we already hold.
SOC 2 Type II
Planned

We are preparing our control set for a future SOC 2 Type II audit. No auditor is engaged yet and the observation window has not started — we do not claim SOC 2 compliance. We'll publish the report if and when an audit completes.

ISO/IEC 27001
Planned

On our roadmap to follow SOC 2. No certification is claimed today.

GDPR
Supported

EU-hosted with a Data Processing Agreement available. See the DPA.

Vulnerability reports
Always open

Email security@cloudjaeger.com to report a security issue or request our latest documentation.

Product support
Monitored

For product questions, account issues, or beta feedback, email support@cloudjaeger.com. Vulnerability reports belong to security@ above.

Policies & documents

Our legal documents are available for your team to review before you connect an account.