Security & Compliance
Last Updated: April 25, 2026
In this document
1. Read-Only IAM Architecture
OggyCloud operates on a 'Least Privilege' principle. Our connector policies are limited to 'Describe' and 'Get' actions for infrastructure metadata.
Remediation actions (if enabled) are limited to specific non-destructive operations like instance type modification or snapshot cleanup.
2. Data Encryption
All data is encrypted in transit via TLS 1.3 and at rest using AES-256-GCM. Session keys are rotated every 24 hours.
We do not store your cloud credentials. All connections are facilitated via cross-account IAM roles or temporary STS tokens.
3. Compliance & Governance
OggyCloud is SOC2 Type II compliant. Our security framework undergoes semi-annual audits by external cybersecurity firms.
We maintain detailed audit logs of all user actions and automated remediation attempts within the platform for your compliance reviews.
Questions about our policies?
Our legal and security teams are available to discuss our compliance framework with your security officers.
Contact Legal Team