Thalassa Cloud Thalassa Cloud
Console Sign up for free

Trust Centre

Security, compliance, and operational transparency for teams evaluating Thalassa Cloud. Hosted in the Netherlands, operated to ISO/IEC 27001 requirements, and built on a clear shared responsibility model.

Platform security

Signed supply chain, least privilege, encryption at rest and in transit, and STRIDE-based threat modelling across every service.

Read platform security

Shared responsibility

We secure the platform; you secure what you deploy. A clear ownership map for risk assessments, audits, and architecture reviews.

View responsibility model

Incident communication

Platform incidents and regional maintenance are published on our status page. Service-specific maintenance is communicated by email.

How we communicate

Abuse reporting

Report spam, phishing, malware, or network abuse originating from Thalassa Cloud infrastructure. We investigate and act promptly.

Report abuse

Compliance & certifications

All infrastructure is hosted in the Netherlands within the European Union. Data is encrypted at rest and in transit. Platform operations are logged for compliance investigation.

Thalassa Cloud operates its information security management system (ISMS) in accordance with ISO/IEC 27001. We are expected to complete certification by the end of Q3 2026.

Shared responsibility model

Security on Thalassa Cloud follows the industry-standard shared responsibility model. Thalassa Cloud secures the underlying platform — data centers, control plane, storage fabric, and managed service runtimes. You secure what you deploy, configure, and operate on top of it.

AreaThalassa CloudYou
Physical & platform infrastructureData centers, hypervisor, control plane, storage backend
Identity and accessAuthentication infrastructure, IAM service, OIDC endpointsUser management, RBAC, service account policies
Network securityNetwork isolation, DDoS mitigation, platform segmentationVPC design, security groups, firewall rules
Data protectionEncryption at rest and in transit; platform service backupsData classification, KMS keys, workload backups
Incident responsePlatform-level incidents on shared infrastructureWorkload incidents, misconfigurations, compromised credentials
Full responsibility matrix

Platform security principles

These principles apply across the control plane, data plane, build systems, and operational tooling that make up the Thalassa Cloud platform.

  • Verify before trust. All platform software is signed with Cosign and verified before deployment
  • Least privilege. Every component, operator, and automation receives only the permissions it needs
  • Authenticate always. No anonymous or implicit trust between services or operators
  • Identity over secrets. Short-lived, federated credentials replace long-lived static tokens
  • Minimise exposure. Internal services stay off the public internet; ingress is deliberate and restricted
  • Automate and test. Changes flow through pipelines and non-production environments before production
Platform security documentation

Incidents & maintenance

status.thalassa.cloud is the authoritative source for platform health. It publishes active incidents, scheduled maintenance, resolved incident summaries, and historical records.

ScopeChannel
Platform or region-wide eventsStatus page
Your Kubernetes clusterEmail + console (within maintenance window)
Your DBaaS instanceEmail (within maintenance window)
Your compute instanceEmail (within maintenance window)
Incident communication guide

Abuse reporting

If you believe abusive activity is originating from an IP address, domain, or service hosted on Thalassa Cloud, submit a report to Thalassa Cloud support with as much detail as possible.

Include date and time, source indicators (IPs, domains, URLs), activity type, evidence, impact, and your contact details.

  • Spam, phishing, and fraud
  • Malware and botnets
  • Network abuse and denial of service
  • Illegal content and intellectual property infringement
Abuse reporting policy Contact support