Security

Carbon-aware orchestration only works if trust is built in. Security is embedded across product design, infrastructure choices, vendor procurement, and personnel training. We adopt a defense-in-depth approach paired with rigorous change management to minimize the blast radius of any issue.

• Production workloads run in isolated cloud accounts with hardened baselines and infrastructure-as-code.
• Network segmentation separates public, application, and data planes. Only required ports are exposed.
• All ingress passes through managed WAF and DDoS protections with automatic patching.
• Secrets are stored in dedicated secret managers with envelope encryption and rotation policies.

• Data in transit uses TLS 1.2+ with modern cipher suites. Sensitive data at rest is encrypted with AES-256 or better.
• Customer workload intents stay inside customer-controlled enclaves whenever possible, minimizing Clusy’s data exposure.
• Production data is logically separated per customer cohort and is never used to train foundation models without explicit written approval.
• Backups inherit encryption controls and are tested regularly for restoration integrity.

• Employee access follows least-privilege and is tied to role-based access control lists.
• Multi-factor authentication is enforced for all privileged accounts and administrative tooling.
• All access requests, approvals, and revocations are logged and reviewed quarterly.
• Contractors and vendors receive time-bound, auditable access scoped only to their assignments.

• Centralized logging, anomaly detection, and SIEM integrations provide real-time insight.
• Runbooks define severity levels, escalation paths, customer notification windows, and post-incident reviews.
• We simulate incident scenarios at least twice per year to validate tooling and decision trees.

Critical services are deployed across multiple availability zones with automated failover. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are defined for each orchestration service, and the supporting playbooks are reviewed quarterly. Vendor dependencies are evaluated for redundancy, exit strategies, and financial health.

Third-party providers undergo security questionnaires, contractually binding data protection terms, and periodic reassessment. We monitor subprocessor inventory, ensure timely patching, and restrict vendors to the minimum scope necessary to deliver their service.

Security is a shared responsibility. Customers must safeguard credentials, enforce MFA for their operators, observe usage limits, and promptly report anomalies. Where integrations connect to your infrastructure, you are responsible for the controls on your side of the connection.

If you discover a vulnerability, please email security@clusy.io with enough detail to reproduce the issue. We will acknowledge receipt within one business day, provide status updates, and coordinate public disclosure once a fix is in place. We ask that you avoid accessing customer data, disrupting service, or retaining sensitive information during research.