Security

Development Process

We follow industry best practices, so security is baked right into our product and regular development processes – including security design reviews, code reviews, unit & integration tests. All engineers are required to know OWASP vulnerabilities and use libraries, frameworks, and mitigations vetted and recommended by the security community.

Vulnerability Scanning

We regularly update our servers, tools, and libraries, upgrading and patching vulnerabilities as they are discovered. Out-of-date libraries and services are scanned, detected, and flagged automatically.

Admin Controls

Team administrators can manage team-wide settings, including requiring single sign-on and two-factor authentication, managing integrations, and deactivating users.

Encryption

We adhere to the highest industry standards for data encryption, requiring the latest recommended protocols to encrypt all traffic in transit and at rest.

Our website runs entirely over SSL. We store no passwords and rely on GitHub to provide secure authentication. Billing information is completely managed by our PCI-compliant payments provider (Stripe) and never stored.

Secrets Management

Secrets are stored securely and never in source code. Access to our infrastructure and related services requires SSH and two-factor authentication when possible.

Monitoring and Logging

We are committed to making CloudCosts highly available. Our infrastructure runs on fault-tolerant systems and backups are made daily. We leverage redundant third-party providers to provide 24/7 monitoring and alerting of any downtime.

Account Deletion

Account deletion is offered at any time. Within minutes all of your information will be fully purged from the system.