Infrastructure
VM isolation
Each customer runs on their own dedicated VM. There is no shared runtime, no shared kernel, no shared filesystem between tenants.- Hardware-backed virtualization — every VM is a separate guest with its own CPU, memory, and storage.
- No co-tenancy at the app layer — your containers never share a host with another customer’s containers.
- Network isolation — your VM has its own public IP; other tenants’ VMs aren’t reachable from yours.
Network
- TLS everywhere — public app URLs are HTTPS with certificates issued and renewed automatically.
- Authenticated management channel — the dashboard’s management features reach your VM only over an encrypted, mutually-authenticated connection unique to that VM.
- Default-deny inbound — only SSH and Suji’s management access are open by default. You opt traffic in via the Firewall tab.
- Outbound restrictions — TCP 25 / 465 are blocked at the network layer to prevent abuse; everything else is open.
Data
Encryption
- In transit — every connection is encrypted: HTTPS for public app traffic and the dashboard, SSH for shell access, an authenticated encrypted channel for management.
- At rest — VM disks and snapshots are stored on encrypted storage in the EU.
- Secrets — API keys, tokens, and any install field marked secret are encrypted before they are stored.
Credentials
- The dashboard shows that a secret exists and its last 4 characters only — never the full value after save.
- Secrets never appear in logs or audit metadata.
- Rotating a secret overwrites the old value and redeploys the app with the new one.
Backups & snapshots
- Snapshots are stored in the EU, separate from the live VM.
- Retention: see Snapshots — manual snapshots persist until you delete them while your account is funded; at €0 balance all snapshots and volumes enter a 7-day retention window (lifted if you top up in time).
Account & access
Authentication
- Passwords are stored using modern, industry-standard password hashing — never in plaintext.
- Optional 2FA (TOTP) — enable in account settings; works with any standard authenticator app.
- Password resets are time-limited and single-use, and changing your password signs out all other sessions.
- Sign-in and other sensitive endpoints are rate-limited and monitored for abuse.
Audit log
Every meaningful action is recorded with the actor, the IP, the user-agent, and the affected resource. Visible in Settings → Audit log at the org level. Members see only their project’s actions; org owners see everything.Web terminal & file editor
- Available only to authenticated members with access to the VM’s project.
- Sessions are limited per VM and closed automatically after 30 minutes of inactivity.
What you control vs what we control
You
- The OS-level state of your VM (packages, system config, scheduled jobs, anything you install yourself).
- The data inside your apps (app databases, files, secrets).
- Your firewall rules (within platform-blocked port restrictions).
- Your snapshots, who you invite to the org, and who has access to which project.
We
- The underlying physical infrastructure (datacenter, hypervisor, host-level patching).
- The management service that powers the dashboard’s Terminal / Files / Logs / Metrics tabs.
- The HTTPS ingress that serves your apps’ public URLs.
- The Suji platform itself (dashboard, API, billing, audit log).
Data location & compliance
- EU-only hosting — VMs run in Falkenstein, Nuremberg, or Helsinki, depending on the region you pick.
- EU storage — disks, snapshots, and backups all stay in the EU.
- GDPR-aligned — see our privacy policy for the full data-processing picture.
- Billing records — kept for 10 years as required by French accounting law.
Retention after account closure
| Event | What happens | When |
|---|---|---|
| Balance hits €0 | VM snapshotted, then cloud server deleted; data preserved in the termination snapshot | Day 0 |
| Snapshot retention ends | Termination snapshot deleted | Day 7 |
| Account closed (explicit) | 30-day grace window (restorable), then the account and its personal data are permanently deleted; billing records retained per law | Day 30 after closure |
Reporting a security issue
If you find a vulnerability:- Don’t disclose it publicly — it puts other users at risk.
- Email
[email protected]with the details and reproduction steps. - Expect an acknowledgment within 48 hours.
Security best practices
- Enable 2FA on your Suji account.
- Use a unique, strong password.
- Keep API keys and tokens out of public logs / repos.
- Take snapshots before risky changes (schema migrations, major app upgrades).
- Restrict SSH to your office/VPN IP rather than
0.0.0.0/0. - Review the audit log periodically for unexpected actions.
- Export critical data before destroying VMs you don’t intend to keep.