Skip to content
Demo

Data security statement

How CloudMonitor reads your Azure data — and what it never touches.

A plain-English explanation of CloudMonitor's data handling. Suitable to share with your security and procurement teams.

Download as PDF
Trust center →

The four guarantees

Four data-handling commitments.

Hosted SaaS

Encrypted in transit and at rest

Read-only

CloudMonitor cannot modify your resources

Revocable

You can cut access from the Azure portal

Audited

ISO 27001 + 9001 certified

What we read

Billing metadata. Nothing else.

CloudMonitor reads the FOCUS-format billing export and a small set of resource metadata fields (resource IDs, types, regions, tags, SKUs) via the Azure Resource Graph.

We do not read application data, customer data, secrets, configuration files, or anything inside the resources themselves. CloudMonitor has no visibility into your VMs, databases, storage contents, or application traffic.

  • FOCUS billing export
  • Resource Graph metadata
  • Azure Advisor recommendations (where available)
  • Resource type, SKU, region, and tag metadata

How we access

Scoped read-only access, revocable any time.

CloudMonitor reads your Azure billing data under scoped, read-only permissions. You control the scope and can revoke access from your Azure portal at any time, without contacting support.

The delegation is read-only and scoped to billing metadata. You can revoke it from the Azure portal at any time — no support ticket needed.

Where the data lives

In the region you choose.

Once ingested, your billing data is processed inside CloudMonitor and stored in your chosen data residency region — encrypted, isolated per customer, and accessible only to your authorized users.

Pick the data residency region at sign-up — Australia, EU, US, or any other supported region — to meet your compliance and sovereignty requirements.

FAQ

Trust & security questions

Can CloudMonitor see our application data?

No. CloudMonitor reads only billing metadata and resource-level metadata (IDs, types, SKUs, tags). It has no access to data inside your resources.

Where is the data stored?

Inside CloudMonitor, in the data residency region you choose at sign-up — encrypted in transit and at rest, isolated per customer.

Can we audit what CloudMonitor reads?

Yes — Azure Activity Log shows every read against your subscriptions. The reads originate from CloudMonitor's authorized identity and are logged like any other Azure action.

What if you have a breach?

Because CloudMonitor does not store your data, a breach of CloudMonitor systems would not directly expose customer billing data. We still notify within 24 hours of any confirmed incident with potential impact.

Need to brief your security team?

We provide NDAs, security questionnaires, and SOC documentation on request.

Request Security Pack
Talk to Sales

CloudMonitor is an Azure FinOps platform that enables companies to automate cost governance and proactively reduce cloud consumption and costs.

Available on

Azure Marketplace

Platform
Customers
Resources
Offices
  • Sydney
    111 Harrington Street, The Rocks, NSW 2000, Australia
  • Melbourne
    Level 2, 311 Lonsdale Street, Victoria 3175, Australia
  • India
    503 & 506 Mauryansh Elanza, Shyamal Cross Rd
Certifications
  • ISO/IEC 27001 Information Security Management
  • ISO/IEC 42001 AI Management System
  • ISO 9001 Quality Management
  • FinOps Foundation member
  • Microsoft Solutions Partner

© 2026 CloudMonitor - a Data-Driven AI company

Terms & Conditions

Privacy Policy

Sitemap