Security posture

How CloudScrub handles your Azure and GitHub data.

Data residency

• Production runs in Azure East Asia (Hong Kong). Telemetry stays in-region.
• Postgres backups retained for 7 days; geo-redundant backup off by default.

Tenant isolation

• Every tenant row is keyed by tenant_id. Postgres row-level security is enabled and forced on every multi-tenant table; the application role (cs_app) cannot bypass RLS.
• OAuth grants (Azure + GitHub access & refresh tokens) are encrypted with ASP.NET Core Data Protection before being written to the database.

Authentication

• Sign-in uses Microsoft Entra (Azure AD) multi-tenant OAuth — CloudScrub never sees or stores user passwords.
• Session cookies are HttpOnly, SameSite=Lax, and Secure when served over HTTPS.

Marketplace fulfilment

• Subscriptions resolved and activated through the Microsoft commercial marketplace SaaS Fulfilment v2 API.
• Webhook callbacks are guarded by a shared secret and verified in constant time.

Compliance roadmap

• v1: Hong Kong PDPO alignment.
• v2: SOC 2 Type I (planned).
• v3: ISO 27001 (under evaluation).

Responsible disclosure

Report vulnerabilities to security@cloudscrub.io. We acknowledge within 2 business days.