We run on our own controls.

You're buying compliance infrastructure, so you should audit the vendor first. This page is that audit: how the platform behind this product is built, what data it holds, and what happens when you cancel.

What personal data we hold

Two fields: the email address you used at checkout and theGitHub username(s) you assign to seats. Nothing else. No analytics, no trackers, no cookies set by us on this site. Payment data lives with Paddle (merchant of record) — we never see card numbers.

Where and how it runs

  • EU-only: all infrastructure in AWS eu-central-1 (Frankfurt); this site is served by Cloudflare's EU-compliant edge.
  • Encryption: customer records encrypted at rest with a customer-managed KMS key with annual rotation — the same TSOV-CRY-001 control the library enforces. TLS-only in transit.
  • Serverless, minimal surface: three single-purpose functions (webhook, activation, revocation sweeper). No servers to patch, no SSH, no admin panel.
  • Webhook integrity: every Paddle event is HMAC-verified with replay and out-of-order protection before anything is written.

How we deploy

  • No stored cloud keys: CI authenticates to AWS via GitHub OIDC federation with repository-pinned trust — the library's TSOV-CIC-001 control, dogfooded.
  • Repository access automation authenticates with short-lived, single-repository GitHub App tokens.
  • Every infrastructure change is code-reviewed, planned, and applied by pipeline — no console changes.

Access lifecycle

Seats are granted as read-only outside collaborators on the library repository — never org membership. On cancellation you keep access until the end of the paid period plus a 7-day grace window; then revocation is automatic, including pending invitations. Your seat records are deleted on revocation.

Subprocessors

ProviderPurposeData touched
PaddleMerchant of record, checkout, VATBilling details, email
Amazon Web Services (EU)Platform hosting, eu-central-1Email, GitHub usernames (CMK-encrypted)
GitHubLibrary delivery, seat managementGitHub usernames
CloudflareWebsite + API edgeTransit only

Reporting a vulnerability

support@terrasov.dev with subjectSECURITY: — acknowledged within 2 business days, fixes ship as[SEC] patch releases with the affected controls listed. Full policy in the library's SECURITY.md.

Show your posture

Subscribers gating their infrastructure with TerraSov can embed the badge:

EU sovereign IaC — gated by TerraSov

[![EU sovereign IaC](https://img.shields.io/badge/EU_sovereign_IaC-gated_by_TerraSov-7c5cff)](https://terrasov.dev)