How we protect your data
Hosted on AWS
RakuOps runs on Amazon Web Services with hardened, regularly patched infrastructure and isolated tenant data.
Encrypted in transit and at rest
All traffic is served over HTTPS (TLS 1.2+). Data is encrypted at rest on AWS.
Role-based access control
Granular roles and permissions are enforced server-side, so people only see and do what they should.
SSO and scoped API tokens
Sign in with Google Workspace and enforce SSO for your domain. Programmatic access uses scoped, revocable API tokens.
Audit log
Key actions are recorded in a timestamped, attributable audit log, so you always know who did what and when.
Backups and recovery
Your data is backed up regularly so it can be recovered if the unexpected happens.
Privacy and data rights
RakuOps is GDPR-aware. You get one-click data export and account deletion, a cookie-consent banner that gates analytics until you opt in, and a clear privacy policy. A Data Processing Agreement is available on request. We never sell your data.
Our own compliance posture
We hold ourselves to the same audit-ready standard we give our customers. SOC 2 and ISO 27001 readiness are on our roadmap, and we are glad to walk you through our current controls. Get in touch for our security overview or DPA.
Sub-processors
Questions about security?
Request our security overview or a DPA, or start a free trial and see how RakuOps protects your compliance evidence.
Contact usFrequently asked questions
Is RakuOps SOC 2 or ISO 27001 certified?
We apply the same audit-ready discipline to our own operations, and SOC 2 and ISO 27001 readiness are on our roadmap. We are happy to share our current posture and a DPA on request.
Can I export or delete my data?
Yes. RakuOps gives you one-click data export and account deletion, in line with GDPR.
Who can access my data?
Access is role-based and enforced server-side, with SSO and scoped, revocable API tokens for programmatic access.