We run on our own controls.
You're buying compliance infrastructure, so you should audit the vendor first. This page is that audit: how the platform behind this product is built, what data it holds, and what happens when you cancel.
What personal data we hold
Two fields: the email address you used at checkout and theGitHub username(s) you assign to seats. Nothing else. No analytics, no trackers, no cookies set by us on this site. Payment data lives with Paddle (merchant of record) — we never see card numbers.
Where and how it runs
- EU-only: all infrastructure in AWS eu-central-1 (Frankfurt); this site is served by Cloudflare's EU-compliant edge.
- Encryption: customer records encrypted at rest with a customer-managed KMS key with annual rotation — the same TSOV-CRY-001 control the library enforces. TLS-only in transit.
- Serverless, minimal surface: three single-purpose functions (webhook, activation, revocation sweeper). No servers to patch, no SSH, no admin panel.
- Webhook integrity: every Paddle event is HMAC-verified with replay and out-of-order protection before anything is written.
How we deploy
- No stored cloud keys: CI authenticates to AWS via GitHub OIDC federation with repository-pinned trust — the library's TSOV-CIC-001 control, dogfooded.
- Repository access automation authenticates with short-lived, single-repository GitHub App tokens.
- Every infrastructure change is code-reviewed, planned, and applied by pipeline — no console changes.
Access lifecycle
Seats are granted as read-only outside collaborators on the library repository — never org membership. On cancellation you keep access until the end of the paid period plus a 7-day grace window; then revocation is automatic, including pending invitations. Your seat records are deleted on revocation.
Subprocessors
| Provider | Purpose | Data touched |
|---|---|---|
| Paddle | Merchant of record, checkout, VAT | Billing details, email |
| Amazon Web Services (EU) | Platform hosting, eu-central-1 | Email, GitHub usernames (CMK-encrypted) |
| GitHub | Library delivery, seat management | GitHub usernames |
| Cloudflare | Website + API edge | Transit only |
Reporting a vulnerability
support@terrasov.dev with subjectSECURITY: — acknowledged within 2 business days, fixes ship as[SEC] patch releases with the affected controls listed. Full policy in the library's SECURITY.md.
Show your posture
Subscribers gating their infrastructure with TerraSov can embed the badge:
[](https://terrasov.dev)