Scoped access
Customer environments are integrated with least-privilege, cross-account access patterns so reviews can run without broad standing credentials.
Back to home
Security
Security practices for The Cloud Lighthouse.
We design the platform to minimise access, keep sensitive workflows explicit, and make it easy to report issues responsibly.
Protected data handling
Application data is protected with authenticated access controls, provider-managed encryption, and separated billing workflows for payment details.
Operational safeguards
The platform is built around explicit auth boundaries, audit-friendly workflows, and server-side validation for privileged actions.
Disclosure channel
If you discover a security issue, contact security@thecloudlighthouse.dev with reproduction details and we will investigate promptly.
Need a security conversation?
Reach out if you need help reviewing deployment architecture, discussing trust requirements, or reporting a vulnerability. Include as much technical detail as you can so we can triage quickly.