Information Security & Data Protection Q&A - cloudbricksio/ServiceBusCloudExplorerSupport GitHub Wiki
We take security and privacy seriously at Cloud Bricks.
This page answers the most common security and compliance questions about Service Bus Cloud Explorer (SBCE).
Table of Contents
Privacy & Data Practices
What routine information do you collect?
We may collect IP addresses, browser details, timestamps, and referring pages for administrative and maintenance purposes. This does not personally identify users.
Do you use cookies or local storage?
Yes β only to store preferences or session state for a better user experience.
Do you handle or store customer Service Bus data?
No. Customer Service Bus data never passes through or is stored by Cloud Bricks. All data flows directly from the userβs browser (single-page app) to Microsoft Azure APIs.
How are API endpoints secured?
- OAuth2 Authorization Code Flow with PKCE
- Implicit and hybrid flows disabled
- Encryption in transit and at rest
How do you manage dependencies?
Every release pipeline includes a security audit. Packages with higher than βlowβ vulnerabilities are blocked.
What personal data do you store?
- User email address (from Azure Marketplace subscription creator)
- Azure AD Tenant ID (for directory-wide access)
Both are deleted within 48 hours after subscription cancellation.
When was your privacy policy last updated?
Effective March 17, 2022. We notify subscribers of updates by email or in-app notice.
Data Protection
Do you process personal data?
Only minimal subscription metadata (email + tenant ID). No customer business data is stored or processed.
Where is data stored?
In Microsoft Azure (Australia region).
Do you transfer data outside the EU/EEA or use subcontractors?
No.
How do you delete customer data?
Subscription metadata is deleted within 48 hours of cancellation.
Are employees bound to confidentiality?
Yes β all employees are under confidentiality and data protection agreements.
Information Security
Do you hold ISO certifications?
Not directly, however, SBCE runs fully on Microsoft Azure, which is ISO 27001, ISO 27701, and SOC 2 certified. More Information.
How do you secure access?
- Entra ID (Azure AD) with RBAC
- Multi-Factor Authentication (MFA) enforced
- Least privilege principle
What tools do you use for monitoring?
- GitHub Dependabot (package security)
- Microsoft Defender for Cloud
- OWASP ZAP Proxy
Is customer data encrypted?
- In transit: TLS 1.2/1.3
- At rest: AES-256 (Azure defaults)
Do you support SSO?
Yes β via Azure AD / Entra ID (SAML2 / OpenID).
Do you run penetration tests?
Yes β annually and after major changes.
How do you handle incidents?
- Immediate customer notification
- Continuous monitoring of logs, privileged access, and suspicious activity
How do you ensure availability?
- App is deployed through a global CDN (Content Delivery Network)
- SLA available here: SLA β Availability
Do you use AI in SBCE?
No.
Contact
For any security or compliance questions, please reach out:
π§ [email protected]
β
This page is meant for external stakeholders evaluating Cloud Bricks security and privacy practices.
For the full Privacy Statement, see Privacy Statement.