Security

Data in Transit

All connections to WCP Cloud are encrypted with TLS (HTTPS). Unencrypted HTTP requests are automatically redirected. Your data never travels over the wire in plaintext.

Data at Rest

All data is stored on DigitalOcean infrastructure where block storage volumes are encrypted at rest by default using AES-256 encryption. Encryption keys are managed by DigitalOcean. This applies to all stored data including database contents and backups.

Authentication

API tokens are stored as SHA-256 digests — the plaintext token is never stored and cannot be recovered from our database. Session authentication uses secure, HTTP-only cookies.

Tenant Isolation

Every request is scoped to your account. Data isolation is enforced at the application layer — queries are always filtered by your tenant identity. You can only access namespaces you own or have been explicitly invited to.

Access Control

Email verification is required before API access is granted. Namespace sharing is opt-in and controlled by the namespace owner through invite links. Collaborator access can be revoked at any time.

Infrastructure

WCP Cloud is hosted on DigitalOcean, a SOC 2 Type II compliant infrastructure provider. Our servers are located in the United States (NYC region).

What We Don't Do

• We don't sell your data.
• We don't train AI models on your data.
• We don't share your data with third parties for advertising.
• Your data is yours. You can request full deletion at any time.