At Cloudwick, data security is not a feature or a checkbox. It is the foundation every deployment is built on. As we continue to evolve, our investments in comprehensive security practices reflect our dedication to safeguarding your information.Cloudwick holds SOC 2 Type II and HIPAA attestations. Our internal controls and processes are designed to protect customer data and ensure product infrastructure availability.We also prioritize data residency and customer ownership. Amorphic is deployed in your AWS environment, so your data never leaves your control.
Data is encrypted both in-transit using TLS and at rest, utilizing AES-256 encryption standards.
Cloudwick utilizes a variety of manual and automated data security and vulnerability checks throughout the software development lifecycle.
Cloudwick works with industry-leading security firms to perform annual network and application layer penetration tests, ensuring up-to-date threat visibility and remediation.
Cloudwick uses Drata's automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allow Cloudwick to demonstrate its security posture any day of the year, while building a security-first culture across the team.
Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.
Cloudwick solutions use fine-grained access controls to ensure only authorized users can access sensitive data—enforcing least privilege by default.
All platform activities, data access, and transformations are logged and traceable, supporting audit requirements for frameworks like HIPAA and SOC 2.
Use of Large Language Models (LLMs) is tightly controlled with role-based model access, secure prompt handling, and audit trails for GenAI-related operations.
Our achievements in obtaining the SOC 2 Type II and HIPAA attestation reports are significant milestones in our ongoing journey to ensure a secure environment for our clients. Yet, we believe that security isn’t a destination but an ongoing endeavor. We’re continually adapting and refining our strategies to counteract emerging threats and vulnerabilities.
Cloudwick’s Amorphic Platform is built on more than
80 AWS services and adheres to the AWS Well-
Architected Framework, ensuring:
Whether you're automating workflows, enabling GenAI, or integrating siloed data, security and governance are built into every layer of the architecture.
If you believe you’ve discovered a bug in Cloudwick’s security, please contact us at security@cloudwick.com.
Our team promptly investigates all reported issues.
For more details on our security practices or to request specific documentation, check out Drata or please contact our team at security@cloudwick.com.
Explore our latest privacy, security, and compliance policies -
verified, signed, and always up to date.