Security Policy
We take the security and privacy of your data on Unreal Cloud very seriously. We understand the importance of keeping your data private and strive to keep it this way.
Network and Application Security
Secure Authentication
Unreal Cloud securely stores encrypted authentication credentials.
Permissions
Owner permission ensure only authorized users can remove team members, change other teammates' permission levels, and take other critical actions.
Member permission allows teammates to interact with your project without being able to take critical or destructive actions.
Data Hosting and Storage
Unreal Cloud uses Google Cloud Platform (GCP) to host all of our applications and static resources. They’re one of the top hosting providers in the world – used by companies like Paypal, Equifax, Deutsche Bank, and Twitter. Only Unreal Cloud engineers have access to these machines, via key-based SSH login.
Data is only accessible by the same group of Unreal Cloud engineers who have access to hosting machines. Your private data will not be accessed by our team except as absolutely needed to resolve issues.
We update system software whenever updates are available. To learn more, read about GCP security policies.
Failover and Disaster Recover
We have the ability to leverage multiple GCP availability zones and we will be able to quickly restore availability should any data center fail.
Encryption
All data sent to or from Unreal Cloud is encrypted in transit. All credentials stored by Unreal Cloud are encrypted at rest, using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
Backups and Monitoring
We use GCP backup services to reduce any risk of data loss in the event of a hardware failure, backup to multiple data centers and utilize a number of monitoring services to alert the team in the event of any failures affecting users.
People Security
Employee Vetting
Unreal Cloud performs background checks on all new full-time employees in accordance with local laws. The background check includes employment verification and criminal checks for employees.
Confidentiality
All Unreal Cloud employees are required to sign a confidentiality agreement before they begin.
Training
Our engineers are competent and have experience working on highly reliable, scalable, and secure systems. We always have someone on call to address any issues or outages as fast as possible.
Access and Identity
Authentication and Authorization
Access to Unreal Cloud infrastructure is limited to authorized employees who require it for their role. Changes are automated using access roles with the least required permissions.
Unreal Cloud pages and API and service is served over HTTPS and requires proper authentication and authorization.
We have a strong password policies on GitHub, Google Workspace, GCP and other critical tools and services to ensure access to cloud services are protected. When employees leave Unreal Cloud, accounts tied to employee emails are disabled.
Least Privilege Access Control
Unreal Cloud adheres to the principle of least privilege with respect to identity and access management.
Compliance
PCI Compliance
All payments made to Unreal Cloud go through our payments partner, Stripe. Details about their security setup and PCI compliance can be found here.
SOC 2 Compliance
Unreal Cloud is currently evaluating SOC 2 Type 2 compliance process and vendors.
\
\
If you have any remaining questions or concerns about Unreal Cloud, don’t hesitate to reach out to support@unrealcloud.io.