Security Practices
at Cloudwick

Data
Encryption

Data is encrypted both in-transit using TLS and at rest, utilizing AES-256 encryption standards.

Secure Software Development

Cloudwick utilizes a variety of manual and automated data security and vulnerability checks throughout the software development lifecycle.

Penetration
Tests

Cloudwick works with industry-leading security firms to perform annual network and application layer penetration tests, ensuring up-to-date threat visibility and remediation.

Continuous Security Control Monitoring

Cloudwick uses Drata's automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allow Cloudwick to demonstrate its security posture any day of the year, while building a security-first culture across the team.

Employee
Trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Role and Attribute Based Access Controls

Cloudwick solutions use fine-grained access controls to ensure only authorized users can access sensitive data—enforcing least privilege by default.

Audit Logging and Lineage Tracking

All platform activities, data access, and transformations are logged and traceable, supporting audit requirements for frameworks like HIPAA and SOC 2.

AI
Governance

Use of Large Language Models (LLMs) is tightly controlled with role-based model access, secure prompt handling, and audit trails for GenAI-related operations.

Partnering for
a Secure Future

Our achievements in obtaining the SOC 2 Type II and HIPAA attestation reports are significant milestones in our ongoing journey to ensure a secure environment for our clients. Yet, we believe that security isn’t a destination but an ongoing endeavor. We’re continually adapting and refining our strategies to counteract emerging threats and vulnerabilities.

Cloud-Native.
Government-Ready

Cloudwick’s Amorphic Platform is built on more than
80 AWS services and adheres to the AWS Well-
Architected Framework, ensuring:

High availability and resilience
Encrypted storage and compute layers
Regional failover capabilities
Customer-managed encryption keys (KMS)

Whether you're automating workflows, enabling GenAI, or integrating siloed data, security and governance are built into every layer of the architecture.

Vulnerability
Disclosure Program

If you believe you’ve discovered a bug in Cloudwick’s security, please contact us at security@cloudwick.com.
Our team promptly investigates all reported issues.

HIPAA-Compliant-logo
soc-logo

See What’s Possible
with Cloudwick

Contact the Security Team

For more details on our security practices or to request specific documentation, check out Drata or please contact our team at security@cloudwick.com.

Trust Starts With Transparency

Explore our latest privacy, security, and compliance policies -
verified, signed, and always up to date.