Modernization, Security & Cost Intelligence (AI)
QuickCloud is built for organizations modernizing sensitive cloud infrastructure and legacy codebases. We prioritize security, customer control, and minimal data exposure at every layer of the platform.
Last updated: April 2026
Secure by Architecture
We minimize risk by design rather than compensating controls. Key principles:
- Customers can run workloads in their own cloud environments — AWS, Azure, or GCP — so sensitive data never leaves their perimeter.
- Sensitive data can be scrubbed or excluded prior to processing.
- We avoid persistent storage of customer code or artifacts unless explicitly required by the workflow.
- Deployments follow a least-privilege access model throughout.
- Customer source code is processed using transient, ephemeral storage and is continuously synchronized back to customer-controlled repositories (e.g. GitHub) throughout the processing lifecycle — your environment remains the system of record, not ours.
- Temporary data is automatically deleted on job completion with controls to prevent persistence in logs, backups, or secondary storage.
Core Security Controls
We implement industry-standard controls across the platform:
Encryption in transit
TLS 1.2+ on all connections
Encryption at rest
AES-256 for all stored data
Access control
Role-based (RBAC) with least-privilege enforcement
MFA
Required for all administrative access
Audit logging
System activity and access events, tamper-evident
Vulnerability management
Continuous monitoring and patching cadence
Penetration testing
Periodic third-party pen testing
Dependency scanning
Automated SAST/dependency review in CI pipeline
Compliance Alignment
SOC 2
In progressWe are currently SOC 2 ready and have implemented controls aligned with the SOC 2 Trust Services Criteria. We plan to pursue formal certification.
HIPAA
Our systems are designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA), including safeguards for protecting sensitive health information. We support Business Associate Agreements (BAAs) where applicable.
GDPR
We support GDPR requirements and offer Data Processing Agreements (DPAs). Customers retain ownership of their data, and we process data only as necessary to deliver our services.
ISO/IEC 27001 Alignment
Our internal security program is informed by ISO/IEC 27001 principles — risk management, access control, asset management, and incident response. We have not yet pursued formal certification.
PCI DSS
All payments are processed by Stripe, a PCI DSS Level 1 certified provider. We do not store, transmit, or process cardholder data on our systems, which significantly reduces our PCI compliance scope.
SOX Support
Our platform is designed to support customers subject to Sarbanes-Oxley (SOX) requirements through reliable processing, immutable audit logging, and controlled access with separation of duties.
Subprocessors
We use the following third-party subprocessors to deliver our services. All subprocessors are bound by data processing terms consistent with our obligations to customers.
| Subprocessor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | United States |
| Clerk | Authentication & identity | United States |
| Resend | Transactional email | United States |
| Vercel | Application hosting & CDN | United States / Global |
| Amazon Web Services | Cloud infrastructure | United States / Global |
| Anthropic | AI model inference (Claude) | United States |
| OpenAI | AI model inference (GPT) | United States |
Incident Response
We maintain a formal incident response process to detect, contain, and resolve security events. In the event of a material security incident affecting customer data, we will notify affected customers in accordance with applicable laws and contractual obligations. Our target for initial notification is within 72 hours of confirmed discovery.
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities. If you believe you have found a security issue in our platform, please report it to us privately before any public disclosure — we commit to responding within 5 business days and working with you toward a resolution.
Please do not attempt to access, modify, or delete data that does not belong to you as part of any research.
Need security documentation?
Enterprise and regulated-industry customers can request our controls documentation, templates and questionnaires as needed.
Request Security Docs