Security is built into how CloudPerch runs — isolated sites, encrypted data, daily backups, and continuous monitoring, so your site stays on safe high ground.
Last updated · 1 June 2026
Security is not a bolt-on at CloudPerch — it's part of how the platform is built. Every site we host runs on hardened nodes with sensible defaults already in place, so you don't have to be a security engineer to run a safe website. We'd rather ship a platform that's safe out of the box than hand you a checklist.
We design with a few plain principles: isolate everything we reasonably can, keep the smallest amount of data we need, encrypt it coming and going, and assume things will eventually go wrong so recovery is always close at hand. The sections below describe the practices we hold ourselves to.
Sites that share a node should never share a fate. On CloudPerch, each site runs under its own dedicated system user with its own separate PHP-FPM pool, so one site can't read, write, or starve the resources of another. A compromise of one tenant stays contained to that tenant.
We encrypt your data both while it travels and while it sits still. Every site we host gets free, auto-renewing SSL/TLSso traffic between your visitors and our edge is encrypted by default — there's nothing to buy, install, or remember to renew.
Your site sits behind our global CDN spanning 12 edge regions, which does more than make pages fast — it acts as a buffer between attackers and your origin. Malicious traffic is absorbed and filtered at the edge before it ever reaches the node your site runs on.
We take daily backups of every site and keep them for 30 days, so a bad plugin update, a fat-fingered edit, or a worst-case incident is something you can roll back from rather than rebuild around.
We treat access to your data as something to be earned and audited, not assumed. Internal access follows the principle of least privilege — people and systems get only the access they genuinely need, and no more.
We watch the platform around the clock and keep it current. Our nodes are monitored 24/7for health, availability, and unusual activity, and security updates are applied promptly so you're not left running known-vulnerable software.
If you believe you've found a security vulnerability in CloudPerch, we want to hear from you. Please email security@cloudperch.io with enough detail for us to reproduce and verify the issue. We read every report and will work with you to confirm and resolve it.
We support good-faith research. If you make a sincere effort to follow these guidelines, we won't pursue or support legal action against you for your research:
Acting in good faith under this policy is considered authorised, and we'll do our best to respond quickly and keep you updated.
Even on a well-run platform, things can go wrong — and when they do, how we respond matters as much as how we prevent. We have a plan for containing, investigating, and recovering from security incidents, and our priority is always to protect customer data and restore service quickly.
These are the security practices we hold ourselves to. We describe them as ongoing commitments rather than badges — security is work that's never finished, and we'd rather earn your trust by how we operate than by a logo on a page.
To understand what data we hold and how we handle it, see our Privacy Policy, the Cookies page, and our Terms.
Security questions, concerns, or vulnerability reports are always welcome. The fastest way to reach our security team is security@cloudperch.io.
For suspected abuse of a site we host, email abuse@cloudperch.io. For anything else, you can reach us at hello@cloudperch.io or from the contact page.
Questions about this policy? Email hello@cloudperch.io or reach our team from the contact page.