Your data security is our top priority. Learn about how we protect your information with production security controls.
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your workshop notes and client information are always protected.
SSO via Google OAuth and Microsoft Entra ID. OAuth 2.0 with PKCE and state validation. No passwords stored for production users.
Role-based access control (RBAC) at system, organization, and project levels. Principle of least privilege enforced.
Hosted on Google Cloud Platform with private VPC networking, Cloud Armor WAF protection, and automatic scaling.
Comprehensive audit logs of all user actions. Organization admins can view and export their audit trail for compliance.
Configurable data retention policies. Full data export in JSON format. Data deletion or anonymization upon eligible request within a commercially reasonable timeframe (typically within 30 days), subject to legal and platform-integrity requirements.
We use the following third-party services to provide Exordia Cloud:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure, Database, Storage | United States |
| Anthropic | AI Processing (Claude) | United States |
| Google (Gemini) | AI Processing | United States |
| Google OAuth | Authentication | Global |
| Microsoft Entra ID | Authentication | Global |
| Stripe | Payments and Billing | United States |
| Postmark | Transactional Email | United States |
| Upstash Redis | Rate Limiting and Caching | United States |
We welcome good-faith security research. If you believe you have identified a security issue, please report it to admin@exordiacloud.com.
Please include reproduction steps, impact, and affected endpoints. Do not access data that is not your own, do not disrupt service availability, and do not perform destructive testing.
If you have security concerns or want to report a vulnerability, please contact us.