Security

Last updated: 2026-05-31

We take security seriously. For the full technical security model — including architecture, encryption, access control, and supply chain integrity — see our product security documentation. This page covers our commitment, reporting process, and compliance posture.

Our Commitment

Security is foundational to Cuitty. We build infrastructure software that operators trust to manage their most sensitive systems — deployments, secrets, configs, and audit trails. That trust demands a high bar:

  • All data encrypted at rest and in transit
  • Least-privilege access controls throughout the platform
  • Supply chain security enforced on every dependency
  • Regular internal security reviews and dependency audits
  • Self-hosted option so your data never leaves your infrastructure

Reporting Vulnerabilities

If you discover a security vulnerability in Cuitty, please report it responsibly. Email [email protected] with a description of the issue, steps to reproduce, and any relevant details.

We commit to the following response timeline:

  • Acknowledgment: Within 48 hours of receipt
  • Triage: Within 5 business days
  • Resolution: Timeline communicated after triage, based on severity

Please do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it. We will not take legal action against security researchers who act in good faith.

Compliance

Cuitty Cloud is pursuing SOC 2 Type II certification. Self-hosted customers operate within their own compliance frameworks. We provide documentation and tooling to support your compliance requirements, including audit logs, data export, and access control configuration.

Contact

For security inquiries, contact [email protected]. For general legal questions, contact [email protected].