Skip to main content

Compliance

At Cerebro Cloud, we take compliance, security, and privacy seriously.
Our infrastructure and operational practices are designed to meet the needs of organizations working in regulated environments while providing transparency and trust for all customers.

Industry standards and certifications

We partner exclusively with data centers and infrastructure providers that meet recognized industry standards. This includes facilities that hold ISO 27001 and SOC 2 certifications, with additional frameworks (such as HIPAA, PCI DSS, and GDPR readiness) available for customers with specific regulatory requirements.

Data privacy and protection

We operate in alignment with global privacy regulations, including the General Data Protection Regulation (GDPR). Data handling practices are clearly documented, with strict controls over retention, access, and deletion. Customer data is never shared with third parties except as required by law or when explicitly authorized.

Interactions with Data Centers

Partnering with some of the most secure and reputable data centers globally is a point of pride and a testament to our commitment to excellence. However, it's crucial for our clients to understand the nature of this partnership.

While we oversee and guarantee the integrity and security of data within our platform's domain, the physical hardware, and by extension, its security and compliance, is managed by our data center partners. This means that:

  • Physical security
    Measures like surveillance, access controls, and on-site security personnel are managed directly by our data center partners. They have the expertise and infrastructure to ensure the physical integrity of the hardware.
  • Compliance adherence
    Different data centers have varying compliance certifications. While we ensure that all our partners uphold stringent standards, the respective data center directly manages the specifics of each compliance.
  • Data handling
    While we encrypt and secure data during transit and processing, the physical storage and its associated security protocols are under the purview of the data centers.

It's a relationship built on trust, specialization, and a shared vision of offering unparalleled services. We offer our clients a robust and secure platform by focusing on what we excel at, orchestrating and monitoring, and by letting our data center partners concentrate on their strengths.

General security measures

Client isolation

  • Clients are isolated from other clients. In case of virtual machines, clients are isolated from each other with separate networks. In case of bare metal machines, clients are isolated from each other with separate domain and subnet.
  • Clients only have access to their own data
  • Data is destroyed immediately when clients delete instances

Responsible Operations

We conduct due diligence on all infrastructure providers and regularly review their compliance status.
Our internal security processes include:

  • Regular audits and vulnerability assessments
  • Documented incident response procedures
  • Immediate notification to affected customers in the event of a security incident

Transparency and Trust

We believe compliance is a shared responsibility.
We are committed to working with customers to meet their specific regulatory needs and are happy to provide additional documentation or details about our security controls upon request.

Need More Information?

For detailed compliance documentation or to discuss your specific security needs:

To discuss your unique compliance needs and how our solutions fit within your framework, please schedule a consultation with our compliance team here .