Cloud-IAM | DOCS

Appearance

Data Management Reference

Even though your deployments are isolated from one another, they are part of the overall Cloud-IAM infrastructure. As a result, some data may be collected and processed within our monitoring systems.

Data in transit

All data transferred between your deployments, users, and Cloud-IAM services is encrypted using TLS 1.3, ensuring confidentiality and integrity of your information.

Monitoring and Control Plane data

All monitoring and control plane data is aggregated and stored in France in accordance with GDPR regulations, ensuring data protection and privacy for all users within the EU.

Collected data

The following types of monitoring data are gathered for operational purposes:

  • Deployment logs – Captured to track system events and troubleshoot issues.
  • Deployment usage metrics – Aggregated to monitor performance and optimize resource usage.

Control Plane data

All control plane resources are hosted in France, including:

  • Deployment settings and configuration
  • Organization members and permissions
  • Deployment-associated third-party resources
  • Custom extensions installed on deployments

This setup ensures centralized management while maintaining isolation between individual deployments. More details can be found on the control plane architecture page.

Data retention

Cloud-IAM maintains different types of data for operational, monitoring, and backup purposes:

  • Deployment Logs – Retained for 30 days by default to support troubleshooting and auditing.
  • Usage Metrics – Aggregated and stored for 30 days by default to optimize resource usage and monitor performance trends.
  • Database Snapshots – Stored in the deployment region and retained according to your backup policy, 7 days by default.
  • Cold Backups – Centralized in France and retained for 30 days (1 month) by default to ensure durability and regulatory compliance.

Data storage

Database

Databases are located in the cloud provider and region of your choice from the available options.
All databases are automatically encrypted at rest to ensure data security.

More details can be found on the deployment architecture page.

Backups

  • Exports – Stored in the same region as your deployment to ensure fast recovery and data locality.
    More details can be found on the export documentation page.

  • Snapshots – Stored in the same region as your deployment to ensure fast recovery and data locality.
    More details can be found on the snapshot documentation page.

  • Cold Backups – Centralized and stored in France to ensure long-term durability and regulatory compliance.
    More details are available on the backups documentation page.

Access controls and Data security

Cloud-IAM enforces strict access control policies:

  • Role-Based Access – Only authorized personnel can access monitoring data, backups, and control plane resources.
  • Audit Trails – All access to sensitive data is logged and reviewed regularly.
  • Encryption – Data is encrypted at rest and in transit using TLS 1.3 and industry-standard algorithms.

Third-Party transfers

Your Keycloak deployment and its data belong to you. Under no circumstances will Cloud-IAM expose your Keycloak deployment data to third-party providers.

More details can be found on the Terms of Service.