> ## Documentation Index
> Fetch the complete documentation index at: https://docs.suji.fr/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> How Suji secures your VMs, your data, and your account.

## Infrastructure

### VM isolation

Each customer runs on their own **dedicated VM**. There is no shared runtime, no shared kernel, no shared filesystem between tenants.

* **Hardware-backed virtualization** — every VM is a separate guest with its own CPU, memory, and storage.
* **No co-tenancy at the app layer** — your containers never share a host with another customer's containers.
* **Network isolation** — your VM has its own public IP; other tenants' VMs aren't reachable from yours.

### Network

* **TLS everywhere** — public app URLs are HTTPS with certificates issued and renewed automatically.
* **Authenticated management channel** — the dashboard's management features reach your VM only over an encrypted, mutually-authenticated connection unique to that VM.
* **Default-deny inbound** — only SSH and Suji's management access are open by default. You opt traffic in via the [Firewall tab](/manage-vm/firewall).
* **Outbound restrictions** — TCP 25 / 465 are blocked at the network layer to prevent abuse; everything else is open.

## Data

### Encryption

* **In transit** — every connection is encrypted: HTTPS for public app traffic and the dashboard, SSH for shell access, an authenticated encrypted channel for management.
* **At rest** — VM disks and snapshots are stored on encrypted storage in the EU.
* **Secrets** — API keys, tokens, and any install field marked secret are encrypted before they are stored.

### Credentials

* The dashboard shows that a secret exists and its last 4 characters only — never the full value after save.
* Secrets never appear in logs or audit metadata.
* Rotating a secret overwrites the old value and redeploys the app with the new one.

### Backups & snapshots

* Snapshots are stored in the EU, separate from the live VM.
* Retention: see [Snapshots](/manage-vm/snapshots) — manual snapshots persist until you delete them while your account is funded; at €0 balance all snapshots and volumes enter a 7-day retention window (lifted if you top up in time).

## Account & access

### Authentication

* Passwords are stored using modern, industry-standard password hashing — never in plaintext.
* **Optional 2FA (TOTP)** — enable in account settings; works with any standard authenticator app.
* Password resets are time-limited and single-use, and changing your password signs out all other sessions.
* Sign-in and other sensitive endpoints are rate-limited and monitored for abuse.

### Audit log

Every meaningful action is recorded with the actor, the IP, the user-agent, and the affected resource. Visible in **Settings → Audit log** at the org level. Members see only their project's actions; org owners see everything.

### Web terminal & file editor

* Available only to authenticated members with access to the VM's project.
* Sessions are limited per VM and closed automatically after 30 minutes of inactivity.

## What you control vs what we control

### You

* The OS-level state of your VM (packages, system config, scheduled jobs, anything you install yourself).
* The data inside your apps (app databases, files, secrets).
* Your firewall rules (within platform-blocked port restrictions).
* Your snapshots, who you invite to the org, and who has access to which project.

### We

* The underlying physical infrastructure (datacenter, hypervisor, host-level patching).
* The management service that powers the dashboard's Terminal / Files / Logs / Metrics tabs.
* The HTTPS ingress that serves your apps' public URLs.
* The Suji platform itself (dashboard, API, billing, audit log).

## Data location & compliance

* **EU-only hosting** — VMs run in Falkenstein, Nuremberg, or Helsinki, depending on the region you pick.
* **EU storage** — disks, snapshots, and backups all stay in the EU.
* **GDPR-aligned** — see our [privacy policy](https://suji.fr/privacy) for the full data-processing picture.
* **Billing records** — kept for 10 years as required by French accounting law.

## Retention after account closure

| Event                     | What happens                                                                                                                       | When                 |
| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
| Balance hits €0           | VM snapshotted, then cloud server deleted; data preserved in the termination snapshot                                              | Day 0                |
| Snapshot retention ends   | Termination snapshot deleted                                                                                                       | Day 7                |
| Account closed (explicit) | 30-day grace window (restorable), then the account and its personal data are permanently deleted; billing records retained per law | Day 30 after closure |

See [Grace period](/billing/grace-period) for the full timeline.

## Reporting a security issue

If you find a vulnerability:

1. **Don't disclose it publicly** — it puts other users at risk.
2. **Email `security@suji.fr`** with the details and reproduction steps.
3. **Expect an acknowledgment within 48 hours.**

We investigate every report, keep you updated on remediation, and credit responsible disclosure if you'd like.

For general support: [support@suji.fr](mailto:support@suji.fr).

## Security best practices

* **Enable 2FA** on your Suji account.
* **Use a unique, strong password.**
* **Keep API keys and tokens out of public logs / repos.**
* **Take snapshots before risky changes** (schema migrations, major app upgrades).
* **Restrict SSH** to your office/VPN IP rather than `0.0.0.0/0`.
* **Review the audit log** periodically for unexpected actions.
* **Export critical data** before destroying VMs you don't intend to keep.
