Read-only by design
InfraTwin connectors are scoped to read-only IAM roles. We do not request, accept, or store credentials capable of mutating your cloud.
Trust Center
Security and privacy that match the systems you're protecting.
InfraTwin is built like the infrastructure it reviews — least-privilege, regional, auditable, and reversible by design. Every page in our security program is downloadable below.
SOC 2 Type IIISO/IEC 27001ISO/IEC 27017ISO/IEC 27018GDPRHIPAA-readyPCI DSS environmentFedRAMP Moderate (in process)
Customer-managed encryption
Bring your own KMS for at-rest encryption. Disable HeapOverflow access entirely with break-glass approval flow.
Regional residency
Run InfraTwin in US, EU, or single-tenant private regions. Configuration and telemetry never leave the region you choose.
Tenant isolation
Strong logical isolation by default. Single-tenant infrastructure available on Enterprise plans for the highest-stakes environments.
Continuous monitoring
Penetration testing each quarter. Continuous internal red-team. Bug bounty program with disclosed scope and active payouts.
Audit-grade evidence
Tamper-evident audit log. Every simulation, verdict, approval, and configuration change attributed and exportable.
Trust documents
The full security package
SOC 2 Type II report, penetration test summaries, sub-processor list, DPA, BAA, and architecture diagrams. Available under NDA-free download for procurement teams.