Security
Huddle01 Cloud is operated by Graphene 01 Inc.
Huddle01 Cloud has completed a SOC 2 Type 2 examination conducted by an independent third-party auditor. This audit evaluated the design and operating effectiveness of our controls over a 12-month period.
Want the full report? We share our complete SOC 2 report with customers and qualified prospects under NDA.
We assume no traffic is safe. Our infrastructure creates a strict boundary between management and public networks.
Dark Control Plane: Our control servers, storage servers, and compute hypervisors are not reachable from the public internet.
Encrypted Mesh: All administrative communication occurs over encrypted WireGuard tunnels.
Micro-Segmentation: Customer workloads are strictly isolated using kernel-level namespacing and VLAN separation (vRack) to prevent lateral movement.
We have eliminated static keys. Access to Huddle01 Cloud infrastructure is governed by strictly identity-based protocols.
Multi-Factor Authentication: MFA is mandatory for all infrastructure access, code repositories, and cloud provider accounts.
Ephemeral Credentials: We utilize short-lived x.509 certificates for all internal access. No static SSH keys exist on our servers.
Principle of Least Privilege: Access is granted based on role requirements with documented approval workflows.
Just-in-Time (JIT) Privilege: Administrative access is zero-standing. Engineers must request role-based access for specific time windows, which requires explicit approval.
Forensic-Grade Auditing: Every SSH and Kubernetes session is recorded for audit playback, linking every keystroke to a specific identity.
Real-Time Metrics: Infrastructure health is continuously monitored across all regions with automated alerting for anomalies.
Centralized Logging: Security events, access logs, and system events are aggregated centrally with retention policies aligned to compliance requirements.
Session Recording: All administrative sessions are recorded with full playback capability for audit and forensic purposes.
We maintain a formal incident response program:
Classification Framework: Incidents are categorized by severity (Low, Medium, High, Critical) with defined response procedures for each level.
On-Call Coverage: Critical incidents trigger immediate notification to our on-call engineering team.
Post-Incident Reviews: All high-severity incidents undergo post-mortem analysis to identify root causes and prevent recurrence.
We maintain a public status page at status.huddle01.com for real-time visibility into system availability and any ongoing incidents.
Version Control: All code including infrastructure-as-code is managed in version control with full audit history.
Mandatory Review: All changes require peer review before deployment. No single individual can push changes to production unilaterally.
Automated Testing: CI/CD pipelines run automated tests on all changes before they can be merged.
Staged Rollouts: Changes are validated in staging environments before production deployment.
Infrastructure as Code: All infrastructure configurations are managed as code with the same review and approval processes as application code.
Dry-Run Validation: Infrastructure changes are tested via dry-run before application to production.
Emergency Procedures: Emergency changes follow documented procedures with mandatory post-incident review.
Data Classification: We maintain an inventory of stored data with appropriate classification levels.
Data Minimization: We collect only the data necessary to provide our services.
Encryption in Transit: TLS is enforced for all services. Administrative traffic is encrypted via WireGuard.
Encryption at Rest: Sensitive data and configurations are encrypted at rest.
Account Deletion: Users can request complete account deletion once billing is settled.
Tenant Purge: Infrastructure resources (VMs, volumes, images) can be fully purged upon request.
Our data handling practices are documented in our Privacy Policy. We process data in accordance with applicable regulations.
Multi-Region Deployment: Our services are deployed across multiple geographic regions with regional isolation. Regional failures do not cascade.
Load Balancing: Traffic is distributed across multiple targets to prevent hotspots and ensure high availability.
Capacity Monitoring: We monitor resource utilization and plan capacity proactively.
Defined Objectives: We maintain documented Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for critical systems.
Backup Strategy: Critical data is backed up with point-in-time recovery capabilities.
Disaster Recovery: Formal business continuity and disaster recovery procedures are documented and maintained.
Security is a shared responsibility. While we secure the infrastructure, you are responsible for:
Credential Management: Securing your Huddle01 Cloud API keys, account credentials, and enabling MFA on your accounts.
Guest OS Security: Patching your VM operating systems, configuring host-level firewalls, and managing access keys within your VMs.
Application Security: Securing the applications you deploy on our Managed Kubernetes and Container Services.
Data Backup: Backing up your application data to external locations. We provide infrastructure availability, but application-level backup is your responsibility.
Our operations are governed by comprehensive security policies, including:
Information Security Policy
Access Control Policy
Network Security Policy
Data Protection & Privacy Policy
Incident Response & Classification Framework
Change Management Policy
Secure Software Development Lifecycle (SDLC) Policy
Vulnerability & Patch Management Policy
Business Continuity & Disaster Recovery Policy
Third-Party & Vendor Management Policy
These policies are reviewed and approved annually by management.
We're happy to share our complete SOC 2 Type 2 report with customers and qualified prospects under NDA.
For security questions or to report a vulnerability, contact us at: support@huddle01.com
Last updated: January 2026
