Security & compliance

MacroCloud Trust Center

Our platform is engineered from the ground up with a zero-trust architecture. We protect your multi-cloud control metadata with rigorous security, identity, and auditing controls.

Security Pillars

The Zero-Trust Security Model

How MacroCloud safeguards operations without ever accessing application data.

Metadata-Only Architecture

MacroCloud operates exclusively as a management plane. We scan cloud configuration details (resource tags, IAM groups, billing records) but never read, copy, or store application payloads, customer databases, or object storage contents.

Military-Grade Encryption

All communication between your browser, target clouds, and our control plane uses TLS 1.3 with secure cipher suites. In-transit metadata and cached configuration records are encrypted at rest using AES-256-GCM.

Identity & Access Control

Integrate natively with your Enterprise Identity Providers (Okta, Ping, Microsoft Entra ID). Force single sign-on (SSO) and multi-factor authentication (MFA) globally, and authenticate API integrations via secure OIDC tokens.

Scoped RBAC Boundaries

Enforce granular, role-based access control (RBAC) boundaries. Map read-only access to developers, billing rights to FinOps teams, and policy definition rights to security administrators across specific cloud workspaces.

Immutable Audit Logging

Every action taken within the MacroCloud platform—whether via visual builder, API, or command-line interface—is permanently logged. Logs are write-once, tamper-evident, and support real-time streaming to your corporate SIEM (Splunk, Datadog).

Least-Privilege Cloud Roles

MacroCloud connects to your cloud accounts using cross-account IAM roles with Workload Identity Federation. No long-lived credentials, access keys, or root secrets are ever stored in our databases.

Security Boundaries

Shared Responsibility Matrix

A clear definition of security duties between our team and your enterprise.

Customer Responsibility
  • Workspace Access Policy: Enforcing MFA and configuring user directory synchronization rules.
  • IAM Role Scope: Establishing the read/write boundaries of MacroCloud's cross-account cross-tenant roles.
  • Application & Database Security: Encrypting application payloads and hardening database servers within target clouds.
  • Secrets Management: Hardening credentials and rotating keys stored in private vaults (Azure Key Vault, HashiCorp Vault).
MacroCloud Responsibility
  • Control Plane Protection: Securing the physical facilities, databases, and network perimeter of the SaaS platform.
  • Metadata Encryption: Guaranteeing that all stored configurations are encrypted using AES-256-GCM.
  • Access Control Immutability: Keeping audit trails and access matrices tamper-evident and continuously available.
  • Subprocessor Security: Continuously auditing and verifying compliance standards for third-party hosting dependencies.
Compliance Tracker

Active Compliance Roadmap

We believe in transparency. Below is our current compliance status and active targets.

Framework Current Status Planned Roadmap / Milestone
SOC 2 Type II Readiness Assessment Complete Controls designed and implemented; observation period started January 2026. Audit scheduled for Q4 2026. Attestation report expected in Q1 2027.
ISO/IEC 27001 Gap Analysis Complete Information Security Management System (ISMS) defined and policies published. Stage 1 audit target Q3 2026. Stage 2 certification target Q4 2026.
GDPR / CCPA Compliant Privacy shield active. No customer payload storage. Scoped data processors contractually bound. Continuous monitoring and annual privacy assessment reviews.
HIPAA BAA Eligible Platform metadata is isolated. Zero PHI (Protected Health Information) is read or stored. Business Associate Agreements (BAA) available for enterprise tier contracts.
Responsible Disclosure

Report a Vulnerability

MacroCloud is committed to platform security. If you believe you have discovered a vulnerability, security bug, or policy exception in our software, we urge you to report it to our team immediately.

We investigate all legitimate reports and make every effort to remediate identified security issues promptly. We ask that you follow responsible disclosure guidelines, avoiding payload storage, denial-of-service, or data exfiltration attempts during your investigation.

Security Operations

Security Team Email

Send encrypted vulnerability reports to: security@macrocloud.in

PGP Key Fingerprint

E8A9 47B5 2C13 D89F 146E 793B CC04 9012 37FA 89B2

Response SLA

Our security response team will triage report submissions and acknowledge receipt within 24 hours.