Security & Compliance
Clear operating policies for teams evaluating OggyCloud across cloud, SaaS, and LLM cost workflows.
Last updated: April 25, 2026
In this document
1. Read-Only IAM Architecture
OggyCloud operates on a 'Least Privilege' principle. Our connector policies are limited to 'Describe' and 'Get' actions for infrastructure metadata.
Recommendations are surfaced for human review before any infrastructure changes are made by your team.
2. Data Encryption
All data is encrypted in transit via TLS 1.3 and at rest using AES-256-GCM. Session keys are rotated every 24 hours.
We minimize credential exposure and use platform-supported token or role-based access patterns where available.
3. Compliance & Governance
OggyCloud is SOC2 Type II compliant. Our security framework undergoes semi-annual audits by external cybersecurity firms.
We maintain detailed audit logs of user actions and recommendation review activity for compliance visibility.
Questions about our policies?
Our legal and security teams are available to discuss our compliance framework with your security officers.
Contact Legal TeamNeed a security or policy review?
Share your vendor review questions with us and we will help your team evaluate OggyCloud for cloud, SaaS, and AI spend operations.