Skip to content
CloudVNO
Security & Compliance

Security you can trust. Compliance you can verify.

CloudVNO is built for companies that take security seriously. We comply with GDPR and international data protection standards, and apply carrier-grade security practices to everything we ship.

Security practices

Encryption everywhere

All data in transit uses TLS 1.3. Data at rest is encrypted with AES-256. API keys are hashed with bcrypt. We never store plaintext credentials.

Access controls

Principle of least privilege for all internal access. MFA required for all employee accounts. Production access is logged, audited, and reviewed quarterly.

Infrastructure security

Infrastructure runs in SOC 2-certified Tier-4 data centers. Network segmentation isolates customer data. DDoS protection via Cloudflare.

Audit logging

All API requests, authentication events, and admin actions are logged with tamper-evident storage. Logs retained for 12 months.

Penetration testing

Annual third-party penetration testing of our platform and infrastructure. Results shared with enterprise customers under NDA.

Data residency

Primary data processing in secure, geo-distributed data centers. Customers requiring specific data residency can request custom data processing regions through our DPA.

Compliance & certifications

Current compliance status and upcoming certifications.

GDPRCompliant

Full GDPR compliance. DPA available for EU customers.

View →
SOC 2 Type IIIn Progress

SOC 2 Type II audit in progress. Expected Q3 2026.

ISO 27001Planned

ISO 27001 certification planned for Q4 2026.

STIR/SHAKENCompliant

Full STIR/SHAKEN attestation for all US voice traffic.

TCPA / A2P 10DLCCompliant

A2P 10DLC registration support and TCPA compliance tooling.

ePrivacy DirectiveCompliant

ePrivacy Directive compliant for all EU messaging operations.

Network redundancy & uptime

CloudVNO's infrastructure is deployed across multiple geo-distributed data centers in an active-active configuration. There is no single point of failure for our core API or carrier connectivity.

We maintain direct SIP and SMPP connections to multiple tier-1 carriers per country. Our routing engine continuously monitors delivery rates and automatically fails over to alternative carriers within 30 seconds of degradation detection.

We target 99.99% monthly uptime for core services. See our SLA for credit terms.

Responsible disclosure

We take security vulnerabilities seriously. If you discover a vulnerability in CloudVNO's platform, APIs, or infrastructure, please report it responsibly.

How to report

  1. 1. Email security@cloudvno.com with a description of the vulnerability
  2. 2. Include steps to reproduce and potential impact
  3. 3. We'll acknowledge receipt within 24 hours
  4. 4. We'll keep you informed of our fix timeline
  5. 5. We'll publicly credit you (if you wish) once fixed

Please do not publicly disclose vulnerabilities before we have had a reasonable opportunity to fix them.

Have questions about our security practices?

Our security team is available to answer questions from enterprise customers and prospects.

Contact Security Team