CloudGenie

Legal

Security

Last updated: 2026-02-05

How CloudGenie protects your data — in transit, at rest, and in the operating environment.

Placeholder document. This page is a stub while we finalise the formal legal review. The final version will land before public launch. In the meantime, if you have specific compliance questions email hello@cloudgenie.co and we'll respond within one working day.

In transit

TLS 1.2+ enforced everywhere. HSTS with 2-year max-age. All subdomains proxied through AWS CloudFront with modern cipher suites only.

At rest

MongoDB Atlas encryption-at-rest with AWS KMS. Sensitive customer data (cloud credentials, API keys) additionally encrypted at the application layer via a KMS customer-managed key — two layers of encryption before disk.

Access controls

Role-based access control (Owner · Admin · Billing Admin · Cloud Admin · Developer · Viewer). Session cookies are HttpOnly + Secure + SameSite=Lax. API keys are scoped, expire, and can be rotated or revoked instantly.

Monitoring

Structured logs, per-request tracing IDs, immutable audit logs, and 24/7 error tracking via Sentry.

Compliance roadmap

UK GDPR-compliant at launch. SOC-2 Type I prep begins 6 months after first paying customer. ISO-27001 follows.