Security

Warble Cloud is built by engineers who run production AI on Kubernetes. Security is not bolted on — it is the product.

Infrastructure

• Hosted on Google Cloud Platform (GKE, Cloud Run, Firestore, Cloud Storage) in regions you select.
• VPC Service Controls and private Google access for production workloads.
• All data in transit is TLS 1.3. Data at rest is encrypted with Google-managed keys; CMEK available on enterprise plans.

Authentication & authorisation

• Firebase Authentication with Google and GitHub OAuth providers.
• Optional SSO (SAML / OIDC) for enterprise customers.
• Least-privilege IAM enforced via per-service Google service accounts.

Application

• Static + dynamic dependency scanning on every CI build.
• Container images scanned for CVEs; ShrikeOps gates Helm/manifest deploys.
• Secrets stored in Google Secret Manager — never in repos or images.

Monitoring & response

• Cloud Logging + Grafana with anomaly alerting.
• Reflexion on-call agent for first-line triage (human-gated for blast radius > 3 nodes).
• Incident response process documented; customers notified of relevant incidents within 72 hours.

Responsible disclosure

If you discover a vulnerability, please email security@warblecloud.com. We commit to acknowledging within 48 hours and coordinating disclosure. We do not pursue legal action for good-faith research that follows safe-harbour rules (no data exfiltration, no service disruption, no social engineering of staff).

Compliance

SOC 2 Type II in progress. GDPR & DPDP-aligned data handling. Sub-processor list available on request.