Infrastructure
CloudyBot runs on hosted infrastructure with deployments centered in the United States for our primary production environment. Traffic is encrypted in transit (TLS). We apply industry-standard safeguards for data at rest and access control appropriate to a hosted SaaS product.
Customer workspaces are isolated — your data is not accessible to other users.
Authentication and access
Third-party integrations you connect (for example messaging providers) use industry-standard authorization flows such as OAuth where applicable — we do not store your raw passwords for those services. You can revoke third-party access from your CloudyBot dashboard or through the provider’s app settings.
CloudyBot uses session-based authentication with secure token handling for logged-in users.
Data handling
Zero training policy — we do not use your content to train foundation AI models for general model improvement.
We use content safety and moderation tooling (including third-party providers) to help prevent misuse of the service, consistent with our policies and applicable law.
We monitor dependencies and apply security updates as part of ongoing operations.
Responsible disclosure
If you discover a security vulnerability, please report it to security@cloudaxis.ai. We aim to acknowledge reports within 48 hours.