> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prowler.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.prowler.com/feedback
```json
{
"path": "/security/index",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# Security & Compliance
**Prowler secures itself with Prowler.** As an open-source cloud security platform trusted by thousands of organizations, Prowler applies the same rigorous security standards internally that customers achieve externally.
All security tooling, configurations, and CI/CD pipelines are publicly available in the [Prowler GitHub repository](https://github.com/prowler-cloud/prowler). Transparency is fundamental to open-source security.
## Software Security
All Prowler code goes through the same security pipeline, whether running on Prowler Cloud or self-managed infrastructure: DAST, SAST, SCA, container scanning, and secrets detection on every build.
Security tools and practices applied to all Prowler code.
## Prowler Cloud vs Self-Managed
| | Prowler Cloud | Self-Managed |
| ---------------- | ------------------------------------ | --------------------------- |
| **Deployment** | Fully managed SaaS | Own infrastructure |
| **Region** | EU (Ireland) | Any region or provider |
| **Compliance** | SOC 2 Type II, AWS FTR | Organization responsibility |
| **Data Control** | Prowler managed | Full control |
| **Encryption** | AES-256 at rest, TLS 1.2+ in transit | Configurable |
| **Backups** | Automated | Organization responsibility |
| **Updates** | Automatic | Manual |
Self-Managed includes Prowler App and Prowler CLI. They can run anywhere — any cloud provider, any region, on-premises, or air-gapped environments. Full control over data residency and infrastructure decisions. See the [Prowler App Installation Guide](/getting-started/installation/prowler-app) to get started.
***
## Prowler Cloud
This section covers security and compliance for **Prowler Cloud**, the managed infrastructure.
### Trust & Compliance
Prowler Cloud holds compliance certifications and undergoes regular audits.
| Certification | Status |
| ------------------------------------------- | ---------------------------------------------------------------------------------- |
| **SOC 2 Type II** | [View on Trust Portal](https://trust.prowler.com) |
| **AWS Foundational Technical Review (FTR)** | Passed — [Details](https://aws.amazon.com/partners/foundational-technical-review/) |
Compliance data and reports: [trust.prowler.com](https://trust.prowler.com)
### Security
Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
EU-hosted infrastructure with high availability and disaster recovery.
Static egress IPs for firewall allowlisting.
### Privacy
Prowler Cloud is GDPR compliant in regard to the ["right to be forgotten"](https://gdpr.eu/right-to-be-forgotten/). When an account is deleted, user information is removed from online and backup systems within 10 calendar days.
***
## Report a Vulnerability
Found a security issue? Report it through the [responsible disclosure](https://prowler.com/.well-known/security.txt) process.
## Contact
For security inquiries or general support, visit the [Support page](/support).