Security
How we keep your archived data safe, encrypted, and compliant.
How We Protect Your Data
Encryption at Rest
All archived data is encrypted with AES-256 using unique per-backup encryption keys managed by AWS. Every backup gets its own key with encryption context tied to your account.
Encryption in Transit
All data transfers use TLS encryption. API communication and data uploads are encrypted end-to-end.
AWS Infrastructure
Built entirely on managed AWS services with no self-managed servers to patch or secure.
Access Controls
Authentication via JWT tokens and API key support. Role-based access for team plans.
Query Security
Queries are executed in isolated serverless environments with strict guardrails: SQL validation blocks dangerous operations, scan limits prevent runaway queries, and results are size-capped. Data is decrypted only in memory during query execution and never persisted in plaintext.
Compliance
ColdPlane is designed to support data retention and encryption requirements across regulatory frameworks. All archived data is encrypted with AES-256 at rest using unique per-backup keys, encrypted in transit with TLS, and stored on AWS infrastructure with strict access controls — supporting PCI DSS, SOC 2, and GDPR encryption requirements.
For teams required to retain data for regulatory, audit, or compliance purposes, ColdPlane provides indefinite retention on every plan with queryable SQL access — without maintaining additional database infrastructure.
Compliance Roadmap
ColdPlane is built on secure, compliant AWS services and designed to support audit and retention requirements. We do not currently hold SOC 2, HIPAA, or ISO 27001 certifications but these are on our roadmap. If certifications are critical for your organization, contact us to discuss timelines.