Security Policies — CloudCode

General Professional Services Security Policies Support Policies

General Information

These "CloudCode Craft Security Terms" are incorporated by reference into the CloudCode Craft service terms and conditions agreement and describe the contractual requirements for information security provided by CloudCode to the subscriber in connection with the provision of Craft services.

Security Program

Security Standard

CloudCode maintains an information security program that includes technical, administrative and physical safeguards designed to protect the confidentiality, integrity and availability of customer data.

Infrastructure

All Craft service infrastructure is hosted on Amazon Web Services (AWS), which holds the following certifications:

ISO 27001 - Information Security Management
SOC 2 Type II - Security and Availability Controls
PCI DSS - Payment Card Industry Data Security

Access Control

CloudCode implements strict access controls including:

Multi-factor authentication for administrative access
Principle of least privilege for all access
Periodic review of permissions and access
Logging and auditing of all system access

Data Encryption

All customer data is encrypted both in transit and at rest using industry-level encryption standards (AES-256 for data at rest, TLS 1.2+ for data in transit).

Incident Response

CloudCode maintains a security incident response plan. In the event of a security breach affecting customer data, CloudCode will notify the subscriber within 72 hours of discovering the incident.

Security Contact

To report vulnerabilities or security incidents, contact us at contacto@cloudcode.cl.