Caido

Caido Cloud

Caido Cloud is comprised of your account dashboard (accessible at https://dashboard.caido.io) and an API that handles instance registration and authentication.

INFO

For transparency, the OpenAPI specification of the cloud API can be viewed at https://github.com/caido/caido/blob/main/api/cloud_instance.yaml.

Data Collection

NOTE

We are aware that tying Caido to a cloud may be controversial to some. However, we do not collect any data stored on your instances. View our privacy policy for more information.

The data collected upon account registration (name, email address, and user-agent information) allows for:

  • Billing on a per-user basis rather than per-license, so Caido can be installed on multiple devices.
  • Access control to facilitate collaboration on instances belonging to the same account workspace.
  • Complementary services such as the Assistant and sharing capabilities (planned for a future release).

INFO

Accounts can always be deleted upon request by contacting us at security[at]caido.io.

The data collected as you use Caido (IP address and API call actions/timestamps) facilitates instance registration to your account and authenticated sessions. The associated API calls mainly relate to:

  • /instance/alive: Instance startup and active status is tracked once per 24H.
  • /instance/user/session / /instance/user/profile: Instance interaction is tracked upon first interaction and once per hour.
  • /instance/assistant/complete: Assistant token usage is tracked (message content data is not collected).

Location & Security

  • Our cloud services are currently hosted on on Render in their Oregon (US) region. Refer to Render's Security and Trust page for more information.
  • The Assistant uses OpenAI services hosted in the US. Data sent to it can be stored for up to 30 days.
  • The public facing portion of our API is protected by Cloudflare.
  • We perform daily backups that are stored encrypted for 30 days on Google Cloud in the US.
  • Our data in transit uses HTTPS with TLS 1.2 and data at rest uses AES-256.
  • Our production environment can only be accessed by the founding team using Tailscale.

TIP

To report a security issue, please contact us at security[at]caido.io.