This message was deleted.
# getting-started
s
This message was deleted.
g
3. and 4. are kinda easy to answer. 3. - everything that is part of a Stack config + Stack State. 4. You are not able to deploy or destroy resources PS pulumi provides a Secret service to encrypt secrets, you can use your own KMS to encrypt those secrets and then Pulumi will only ever see the hashes
✅ 1
r
Thanks, no. 1 is kind of the main point for the company
g
yeah I'd be really curious about 1. and 2. myself!
what email did you send your question to? I'd recommend using
<mailto:sales@pulumi.com|sales@pulumi.com>
for these questions
r
We used the contact form I think, will forward the mail to
sales
as well, thanks! I’ll post their response here
w
@rough-intern-34947 Sorry about missing the original inquiry, but we did receive the request sent to
sales@
and will follow up.
🙌 1
r
Thanks @witty-candle-66007 !
We got our response, thanks once again! I will paste the relevant parts so that other people can reference those as well:
Copy code
1. Exactly what kind of data does Pulumi have access to? 

Pulumi stores metadata about your infrastructure so that it can manage your cloud resources. This metadata is called state. 
 Pulumi state does not include your cloud credentials. Credentials are kept local to your client — wherever the CLI runs — even when using the managed Pulumi Service backend. Pulumi does store configuration and secrets, but encrypts those secrets using your chosen encryption provider.

2. Can you provide any evidence about information security? 

I have attached a copy of a white paper that provides additional detail on the security of our SaaS 

3. Can you provide more details about the your SOC2 certification? 

The Pulumi SaaS is SOC II Type 2 certified, the entire report can be shared under NDA.

4. No provision on confidentiality is in the regular T&C only in the Professional Services Agreement. Will the Professional Services Agreement be applicable to us?

Unless we enter into a professional services engagement this is not usually 

5. Is somewhere in the terms stated that we will be informed in case of changes to general terms and conditions or use of product/services?

This is covered in Section 14 of the terms & conditions 
<https://www.pulumi.com/terms-and-conditions/> 

6. What is the operational impact of Pulumi being unavailable? Would we be unable to still do deployment?

In the event that you loose access to the Pulumi service you would be unable to access the Pulumi console or to access changes made by other users. You would still be able to make changes to your cloud infrastructure by accessing them directly.