Security
CloudyBot AI is operated by CloudAxis Labs LLC (Wyoming, USA). We design the product for confidentiality, integrity, and availability of customer data in line with our Privacy Policy, Subprocessors, and Terms.
Operational posture (summary)
- Data in transit is protected with TLS for web and API traffic appropriate to production deployment.
- Sensitive configuration and production access are limited; administrative actions are logged where practicable.
- Backups and database practices are described in our operations documentation; retention is covered in the Privacy Policy.
- Safety signals (including upload and content screening where enabled) may invoke operator review per Trust & Safety.
We list material infrastructure and third-party processors in Subprocessors. This page is not an audit report; it is a high-level customer-facing summary.
Vulnerability disclosure
We welcome coordinated disclosure of security vulnerabilities affecting CloudyBot. Please report to info@cloudybot.ai, which is also published in /.well-known/security.txt per RFC 9116.
We aim for an initial triage response within 48 hours and prioritize fixes for confirmed issues; our target is a meaningful patch or mitigation within 7 days for critical vulnerabilities where feasible. We will not take legal action against researchers who act in good faith, avoid privacy violations, do not exploit issues beyond what is necessary to demonstrate impact, and coordinate with us before public disclosure.
Legal requests & subpoenas
Email legal@cloudaxis.ai (subject: “Legal Request”) for court orders, preservation requests, MLATs, and similar process. See also Trust & Safety.