Security at DeployU

Server Security

DeployU is powered by Amazon Web Services (AWS) with multi-region deployment for high availability. All DeployU systems follow the principle of least privilege, restricting access to only essential personnel. Infrastructure deployments are fully automated using Infrastructure-as-Code (IaC), and direct SSH access is disabled on all production systems. All cloud lab environments are isolated using AWS Organizations with Service Control Policies (SCPs) to prevent unauthorized access to student data and cloud resources.

Communications

All data exchanged with DeployU is encrypted in transit using TLS 1.3 protocol. API communications, lab sessions, and authentication requests are transmitted over HTTPS with strict certificate validation. Student cloud credentials are transmitted through encrypted channels and rotated after each lab session.

Data Storage & Access

DeployU student data is stored in Supabase (PostgreSQL) on AWS with encryption at rest using AES-256. Database access is restricted to authenticated application services only, with no direct database access from the internet. We perform automated, encrypted backups to Amazon S3 every 6 hours with point-in-time recovery capability. All backups are encrypted and stored across multiple AWS regions, designed to provide 99.999999999% (11 nines) data durability. Lab session data and cloud credentials are automatically purged after session completion.

Employee Access

No DeployU employee can access your student data or lab environments without explicit permission, except for automated system operations. If you contact support with an issue requiring access to your course data or student records, we will request and await your explicit authorization before proceeding. All employee access to production systems is logged with comprehensive audit trails. We maintain strict separation between student cloud environments and our internal systems. Emergency access to student data is only permitted during critical system-wide incidents and is fully audited and reported.

Maintaining Security

All passwords are hashed using bcrypt with per-user salts and never stored in plaintext. Authentication tokens are filtered from all application logs and monitoring systems. Student cloud credentials (AWS access keys, temporary tokens) are encrypted at rest and automatically rotated after each lab session. Multi-factor authentication (MFA) is available for all accounts and required for instructors and administrators. We conduct regular security audits, penetration testing, and vulnerability assessments to maintain platform security.

Payment Data Safety

When you purchase a DeployU subscription, your payment information is processed by Stripe and Razorpay, both PCI DSS Level 1 certified payment processors. DeployU servers never store or process your credit card information directly. All payment data is handled exclusively by our payment partners' PCI-compliant infrastructure. We only store non-sensitive transaction metadata (invoice IDs, subscription status) necessary for account management.

Cloud Lab Security

Student cloud lab environments are isolated using AWS Organizations with dedicated accounts for each session. Service Control Policies (SCPs) enforce strict resource limits, regional restrictions, and budget caps to prevent unauthorized usage. All lab activities are monitored in real-time with automated validation to ensure compliance with course requirements. Cloud credentials are temporary (2-hour expiration), scoped to minimum required permissions, and automatically revoked after lab completion. Resources are automatically cleaned up after each session to prevent cost overruns and security risks.

For More Information

If you require any further information about our security practices, have questions about compliance, or need to report a security concern, please write to us at security@deployu.ai. For general support inquiries, contact support@deployu.ai.