<!DOCTYPE html><!-- Last Published: Mon Jan 13 2025 16:30:21 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="www.cloudcraft.co" data-wf-page="570c4f511ab5121860b82c1d" data-wf-site="57013820ae28654573965bf2"><head><meta charset="utf-8"/><title>Security - Cloudcraft</title><meta content="Cloudcraft&#x27;s security policy, and the the steps we take to ensure your trust and data safety." name="description"/><meta content="Security - Cloudcraft" property="og:title"/><meta content="Cloudcraft&#x27;s security policy, and the the steps we take to ensure your trust and data safety." property="og:description"/><meta content="https://static.cloudcraft.co/images/opengraph.png" property="og:image"/><meta content="Security - Cloudcraft" property="twitter:title"/><meta content="Cloudcraft&#x27;s security policy, and the the steps we take to ensure your trust and data safety." property="twitter:description"/><meta content="https://static.cloudcraft.co/images/opengraph.png" property="twitter:image"/><meta property="og:type" content="website"/><meta content="summary_large_image" name="twitter:card"/><meta content="width=device-width, initial-scale=1" name="viewport"/><link href="https://cdn.prod.website-files.com/57013820ae28654573965bf2/css/cloudcraftlabs42.webflow.21c6983c3.min.css" rel="stylesheet" type="text/css"/><link href="https://fonts.googleapis.com" rel="preconnect"/><link href="https://fonts.gstatic.com" rel="preconnect" crossorigin="anonymous"/><script src="https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js" type="text/javascript"></script><script type="text/javascript">WebFont.load({ google: { families: ["Open Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic","Lato:100,100italic,300,300italic,400,400italic,700,700italic,900,900italic"] }});</script><script type="text/javascript">!function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o||o.DocumentTouch&&c instanceof DocumentTouch)&&(n.className+=t+"touch")}(window,document);</script><link href="https://cdn.prod.website-files.com/57013820ae28654573965bf2/5702fb0b872353db468e3d8b_favicon.png" rel="shortcut icon" type="image/x-icon"/><link href="https://cdn.prod.website-files.com/57013820ae28654573965bf2/5702fb64aa7b45876aa6cda1_webclip.png" rel="apple-touch-icon"/><link href="https://www.cloudcraft.co/security" rel="canonical"/><script async="" src="https://www.googletagmanager.com/gtag/js?id=UA-69348578-1"></script><script type="text/javascript">window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());gtag('config', 'UA-69348578-1', {'anonymize_ip': false});</script><style> #teconsent a { color: #fff } .comparison-row:nth-child(even) { background-color: rgb(238,238,238); } </style> <script defer data-domain="cloudcraft.co" src="https://p.cloudcraft.co/js/script.js"></script> <script async src="https://www.googletagmanager.com/gtag/js?id=G-0Z3PTJD56N"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-0Z3PTJD56N'); </script></head><body class="body"><div data-collapse="medium" data-animation="default" data-duration="400" data-easing="ease" data-easing2="ease" role="banner" class="navbar w-nav"><div><div class="nav-container w-container"><a href="/" class="w-nav-brand"><img src="https://cdn.prod.website-files.com/57013820ae28654573965bf2/6373f1f26ca49d3926f84529_dd_by_cloudcraft.svg" alt="Cloudcraft logo" class="logo"/></a><nav role="navigation" class="nav-menu w-clearfix w-nav-menu"><div class="login-buttons-box"><a href="https://app.cloudcraft.co" class="button login-button w-button">LOGIN</a><a href="https://app.cloudcraft.co/signup" class="button signup-button w-button">SIGN UP</a></div><a href="/" class="navlink w-nav-link">Home</a><a href="/solutions" class="navlink w-nav-link">Solutions</a><a href="/pricing" class="navlink w-nav-link">Pricing</a><a href="https://blog.cloudcraft.co" class="navlink w-nav-link">Blog</a><a href="/app" class="navlink login-menu-item w-nav-link">LOGIN</a><a href="/signup" class="navlink sign-up-menu-item w-nav-link">SIGN UP</a></nav><div class="w-nav-button"><div class="w-icon-nav-menu"></div></div></div></div></div><div class="content-section"><div class="container w-container"><h1 class="main-header">Security</h1><img src="https://cdn.prod.website-files.com/57013820ae28654573965bf2/5fde840914b4b9424aa405e2_shield-check-light.svg" alt="" class="header-icon"/><h2 class="tagline">We know how critical your data is to you, therefore security is at the forefront of everything we do.</h2><p class="paragraph-3">We鈥檙e committed to keeping your data secure and your private information private. If you have any questions, <a href="mailto:security@cloudcraft.co">please contact us</a>.</p><h2 class="sub-header">Steps we take to ensure your security</h2><h3 class="sub-header">Compliance Program</h3><img src="https://cdn.prod.website-files.com/57013820ae28654573965bf2/5fde643cd4359b50c447204d_soc2.svg" loading="lazy" width="200" alt="SOC2 Certified" class="soc2logo"/><p class="paragraph-3">Cloudcraft maintains active SOC 2 Type II compliance, and is annually audited by an independent, certified third-party. Our SOC 2 Security, Availability &amp; Confidentiality Report is available to current and prospective customers, please contact us at <a href="mailto:security@cloudcraft.co">security@cloudcraft.co</a> for a copy.</p><p class="paragraph-3">All of Cloudcraft&#x27;s infrastructure is hosted on Amazon Web Services (AWS). Cloudcraft uses AWS data centers that are SOC 1, SOC 2 and ISO/IEC 27001 certified in the US East and GovCloud (for our government customers) regions.</p><h3 class="sub-header">Third Party Testing</h3><p class="paragraph-3">Cloudcraft hires an external company annually for penetration and security testing. Our test reports are available to current and prospective customers, please contact us at <a href="mailto:security@cloudcraft.co">security@cloudcraft.co</a>.</p><h3 class="sub-header">Encryption</h3><p class="paragraph-3">All Cloudcraft data and communications are encrypted using industry best practices.</p><ul role="list" class="list"><li><strong>Encryption At-Rest</strong>: All databases and disk volumes are encrypted using AWS KMS (FIPS 140-2 validated) and the industry-standard AES-256 algorithm.<br/><strong>Encryption In-Transit</strong>: All communications with Cloudcraft services and APIs use Transport Layer Security (SSL/TLS 1.2+) for secure connections. <a href="https://www.ssllabs.com/ssltest/analyze.html?d=app.cloudcraft.co">View our Qualys SSL Report</a>.<br/><strong>Encrypted Backups</strong>: All customer data is continuously backed up in an encrypted format, with point-in-time recovery capabilities. We validate our data recovery procedures regularly as part of our business continuity and disaster recovery processes.<br/></li></ul><h3 class="sub-header">Privacy And Confidentiality</h3><p class="paragraph-3">No Cloudcraft staff will access your data unless required for support reasons. When working a support issue we only access the minimum data needed to resolve your issue while respecting your privacy. Access to data is restricted by job function and monitored.</p><h3 class="sub-header">Access Controls</h3><p class="paragraph-3">All data, including your diagrams, is private by default and only accessible by you. If you explicitly share something, you can always revoke the access later. Cloudcraft Pro and Enterprise editions also include role-based access controls for teams.</p><h3 class="sub-header">Single Sign-On</h3><p class="paragraph-3">Cloudcraft Enterprise integrates with your existing corporate directory and authentication methods through the use of SAML 2.0 for SSO. Just-in-Time user provisioning, IdP and SP-initiated logins, as well as strict SAML-only modes are also supported.</p><h3 class="sub-header"><strong>Secure Authentication</strong></h3><p class="paragraph-3">All user passwords are stored salted and hashed (using scrypt) and cannot be recovered by Cloudcraft staff.</p><p class="paragraph-3">When using Enterprise SSO/SAML 2.0 or a Google Account to access Cloudcraft, no user credentials are stored by Cloudcraft, with the identity assertions signed and verified.</p><p class="paragraph-3">Optional Two-Factor Authentication (2FA/MFA) support is available for an additional layer of protection of your account.</p><h3 class="sub-header"><strong>Secure Configuration and Change Management</strong></h3><p class="paragraph-3">Cloudcraft uses code reviews, vulnerability scans, automated testing and automated deployments, with servers continuously kept up to date with the latest security errata. Our configuration and change management processes are documented and audited as part of our SOC 2 certification.</p><h2 class="sub-header">Cloudcraft Live security</h2><p>Cloudcraft Live allows you to auto-generate and sync your AWS and Azure environments with your diagrams. Live was designed from the start to take full advantage of the latest cloud security best practices. Specifically, Cloudcraft makes use of <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html">cross-account roles,聽the secure way to access your AWS聽environment</a>:</p><ul role="list" class="list"><li>No AWS IAM users or access keys need to be created and shared. Exchanging access keys is an outdated practice with inherent security risks.</li><li>Instead, you create a secure read-only IAM role in your AWS account that is specific to Cloudcraft, and easily revoked at any time.</li><li>As an alternative to the basic read-only role, the you can also use a strict <a href="https://help.cloudcraft.co/article/64-minimal-iam-policy">minimal access policy</a>聽to further minimize the amount of data the Cloudcraft role could theoretically access.</li><li>Cloudcraft always uses an external ID when assuming the cross-account role, to protect against so called &quot;confused deputy&quot; attacks. Roles are not transferable across AWS accounts or between Cloudcraft users and therefore have no accidental disclosure risk, unlike secret access keys.</li><li><strong>Cloudcraft does not store the live data from your AWS and Azure environments. </strong>Cloudcraft saves unique identifiers for cloud provider resources within your diagram that allows us to link the live data to components at runtime. The data from your cloud environment is streamed in real-time to your browser via Cloudcraft&#x27;s own cloud environment and the role based access, and is temporarily stored client-side while you&#x27;re using the application. When you close the application, the live data is gone.</li></ul><p>Cloudcraft Live provides a safe and secure way for you to visually explore and plan your AWS and Azure environments.</p><h2 class="sub-header">Credit card security</h2><p>If you subscribe to Cloudcraft&#x27;s paid plans, your credit card data is not transmitted through nor stored on our systems. We use a payment processor called Stripe, a company entirely dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. <a href="https://stripe.com/docs/security/stripe">Read more about Stripe鈥檚 security</a>.</p><h2 class="sub-header">Need to report a security vulnerability?</h2><p>Please email us directly at聽<a href="mailto:security@cloudcraft.co">security@cloudcraft.co</a></p><h3>Responsible Disclosure</h3><p>We strive to keep Cloudcraft safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.</p><h3 class="sub-header">Questions?</h3><p>If you have questions regarding a specific policy or general inquiries regarding security, <a href="mailto:security@cloudcraft.co">please contact us</a>.</p></div></div><div class="footer"><div class="container-2 w-container"><div class="w-layout-grid grid footergrid"><div id="w-node-b848c148-a267-fc64-cf6d-13b19fcd6cb3-3a7a6841" class="logo-block"><img src="https://cdn.prod.website-files.com/57013820ae28654573965bf2/57013a1ff31eee4673af9209_cloudcraft.svg" alt="Cloudcraft logo" class="footer-logo"/><p class="copyright">Copyright 漏 2025<br/>Datadog, Inc.</p><p class="nyc">Made in NYC</p></div><div><h1 class="footer-heading">Product</h1><ul role="list" class="footer-list w-list-unstyled"><li><a href="/" class="footer-link">Home</a></li><li><a href="/solutions" class="footer-link">Solutions</a></li><li><a href="/pricing" class="footer-link">Pricing</a></li></ul></div><div><h1 class="footer-heading">Support</h1><ul role="list" class="footer-list w-list-unstyled"><li><a href="mailto:cloudcraft-support@datadoghq.com" class="footer-link">Email Support</a></li><li><a href="https://docs.datadoghq.com/cloudcraft" class="footer-link">Documentation</a></li><li><a href="https://docs.datadoghq.com/cloudcraft/api" target="_blank" class="footer-link">API聽Docs</a></li><li><a href="https://status.cloudcraft.co" target="_blank" class="footer-link">Cloudcraft Status</a></li><li><a href="/security" aria-current="page" class="footer-link w--current">Security</a></li></ul></div><div id="w-node-_53295448-5bb5-cc42-23cf-fb64ad5c958c-3a7a6841"><h1 class="footer-heading">Contact</h1><ul role="list" class="footer-list w-list-unstyled"><li><a href="/request-demo" class="footer-link">Request Demo</a></li><li><a href="mailto:hi@cloudcraft.co" class="footer-link">Email</a></li><li><a href="https://twitter.com/cloudcraftco" class="footer-link">Twitter</a></li><li><a href="https://blog.cloudcraft.co" class="footer-link">Blog</a></li><li><a href="https://careers.datadoghq.com/all-jobs/" target="_blank" class="footer-link">Careers</a></li></ul></div><div id="w-node-e28492fc-4b2d-34cf-b643-51146ba6f95e-3a7a6841"><h1 class="footer-heading">Legal</h1><ul role="list" class="footer-list w-list-unstyled"><li><a href="/terms" class="footer-link">Terms &amp; Conditions</a></li><li><a href="https://www.datadoghq.com/legal/privacy/" class="footer-link">Privacy Policy</a></li><li><a href="https://www.datadoghq.com/legal/terms/" class="footer-link">Website Terms</a></li></ul><div class="w-embed w-script"><div id="teconsent"> <script type="text/javascript" async="async" src="https://consent.trustarc.com/v2/notice/0bckkz"></script> </div></div></div></div><div id="w-node-_05e17004-3937-0a6d-5d32-3013122509e1-3a7a6841" class="cookie-preferences"></div></div><div class="w-embed"><div id="consent-banner"></div></div></div><script src="https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=57013820ae28654573965bf2" type="text/javascript" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script><script src="https://cdn.prod.website-files.com/57013820ae28654573965bf2/js/webflow.0e423f905b96b566233ef119007a1153.js" type="text/javascript"></script></body></html>