Trust Operations · CloudTrust360 by AIVONS

AI-Native Trust Operations for Cloud, Data, and AI.

CloudTrust360 unifies cloud security, cost intelligence, compliance, identity, data, and AI governance into one trust graph. TrustCloud, TrustFinOps, TrustIQ, TrustM365, and TrustData ship today — security posture, verified savings, board-ready narratives, Microsoft 365 posture & savings, and metadata-first data security posture. Future modules plug into the same graph and TAU pricing model.

Start with a six-month pilot where CloudTrust360 only earns from verified savings. Then scale with transparent TAU pricing for security, compliance, and executive reporting outcomes.

Start a Trust Pilot See the product
Read-only access · no agents
AWS · Azure · GCP
14-day TAU dispute window
BYO LLM keys · zero AI training on your data
CloudTrust360 multi-cloud dashboard showing AWS, Azure, and GCP rollups side by side — $1,209 in total spend, 38 findings (10 critical), $43 in savings opportunities, 51% compliance score, plus a 30-day cost trend chart and findings-by-severity donut
AI-Native, in production Always-on product expertise Get real-time help from an AI assistant that understands CloudTrust360 in depth — setup, sync, permissions, billing, remediation.
See it in action
Why CloudTrust360

Aligned incentives, by design.

Most cloud platforms charge for access. We charge for results. Your bill grows only as we produce more verified outcomes — across cloud security, cost, and compliance.

One platform, three domains

TrustCloud, TrustFinOps, and TrustIQ — security posture, cost intelligence, and executive narrative — in one trust graph. No swivel-chair between Wiz, Cloudability, and Drata for a board-ready story.

Pay-for-outcomes pricing

Trust Action Units convert each finding resolved, dollar saved, and summary delivered into a transparent line item. Every charge traces to a specific event you can audit. We only win when you win.

Read-only, AES-256-GCM encrypted

IAM roles for AWS, service principals for Azure, Workload Identity Federation for GCP — no static service account keys. Credentials encrypted at rest. Per-tenant Row-Level Security. Zero changes to your infrastructure.

The model

One trust graph. Every domain. Every outcome.

Live cloud, cost, compliance, identity, data, and AI signals feed one shared trust graph. AI reasons over it to produce verifiable outcomes — and every outcome is a TAU you can audit.

☁ Cloud $ Cost ✓ Compliance ⚿ Identity ▤ Data ✦ AI Governance Trust Graph TrustIQ Narratives Board-ready, source-backed TAU Outcomes Every charge auditable

Solid lines = shipping today (TrustCloud, TrustFinOps, TrustIQ, TrustM365, TrustData). Dashed = arriving into the same platform (TrustOps, TrustIdentity, TrustAI) on the roadmap.

AI-Native operational support

AI-Native support, built into the platform.

CloudTrust360 includes a product-aware Support Expert that understands the platform, your setup flow, sync failures, permissions, billing, RBAC, and remediation workflows.

Teams can ask questions, paste errors, attach files, and get immediate guidance — without waiting for a first-line ticket response.

  • Resolve common issues instantly. Escalate only when human support is needed.
  • Product-aware, not generic. Knows your modules, your sync history, your active errors.
  • Generates verification scripts for permissions, IAM policies, and connection tests — read-only, you run them.
  • Approval required for any production action. The Support Expert recommends; humans decide.
CloudTrust360 in-product Support Expert: an AI-native assistant helping a user troubleshoot a sync failure with step-by-step guidance, attached file context, and a verification script generated for the customer's specific environment.
Integrations & connectors

Plugs into the stack your team already runs.

Read-only cloud connections, Kubernetes API access, your existing alerting tools, and your own AI provider keys. No new platforms to adopt.

Alerts & notifications
Slack
Microsoft Teams
Generic webhook
Cloud & SaaS providers
AWS
Microsoft Azure
Google Cloud
Microsoft 365 / Entra
Kubernetes
Amazon EKS
Azure AKS
Google GKE
AI providers (BYO keys)
Anthropic Claude
OpenAI

All cloud connections are read-only via IAM roles (AWS), service principals (Azure), Workload Identity Federation (GCP), and Microsoft Graph application permissions (Microsoft 365). Kubernetes access uses provider-native RBAC view roles. Your LLM provider keys stay yours.

Multi-cloud, agentless, ready in minutes

The Platform

One trust graph. Multiple modules.

Five modules ship today. More on the roadmap. Every module plugs into the same TAU pricing model — no contract renegotiation when new capabilities arrive.

● Shipping
Cloud Security Posture

TrustCloud

Continuous multi-cloud security posture across AWS, Azure, GCP — plus EKS, AKS, and GKE. 25+ detectors with auto-resolve on re-sync. Blast Radius impact analysis for critical findings. Network flow inference for east-west exposure. CIS framework scoring per provider.

  • 16 AWS · 5 Azure · 4 GCP security detectors + Kubernetes workload findings
  • Blast Radius — resource impact analysis for triage
  • Flow inference — network exposure across VPCs & subnets
  • Slack, Microsoft Teams & webhook alerting with smart dedup
● Shipping
FinOps & Cost Intelligence

TrustFinOps

Cost ingestion, forecasting, and anomaly detection across all three clouds. 28 savings detectors. Commitment management for AWS RIs & Savings Plans, Azure RIs, and GCP CUDs. Per-account and per-department budgets with multi-state pacing alerts.

  • End-of-month forecast with backtest accuracy
  • Anomaly detection: sudden-spike & new-service triggers
  • Commitments — AWS RI+SP, Azure RI, GCP CUD coverage & recs
  • Department budgets with pacing pills + Teams alerts
  • Cost allocation by tag with untagged-spend triage
● Shipping
Executive Trust Reporting

TrustIQ

The board-ready narrative your CFO actually reads. Live data becomes the executive summary, the compliance evidence, and the cross-domain story. Monthly Exec Summary, Cost Variance, and Open Findings Aging reports run on demand or save to your history.

  • Command Center cross-domain executive view
  • AI executive summaries with source-backed evidence
  • Reports — Monthly Exec, Cost Variance, Findings Aging
  • SOC 2 · HIPAA · PCI DSS · ISO 27001 · NIST CSF · CIS
  • BYO LLM keys (Claude, OpenAI) with smart caching
● Shipping
Microsoft 365 Posture & Savings

TrustM365

Microsoft 365 security posture, license utilization, SharePoint exposure, and Copilot adoption — from one read-only Graph API connection. Four product views with per-tab AI executive summaries.

  • Secure Score posture: MFA gaps, legacy auth, conditional access
  • License utilization — inactive seats, recoverable spend with owner & department evidence
  • SharePoint & OneDrive exposure, ownership gaps, archive savings
  • Copilot adoption — inactive seats & reclaimable spend
  • Per-tab AI Executive Summaries
● Shipping
Data Security Posture & Flow

TrustData

Metadata-first data security posture across AWS S3, Azure Blob, and GCP Cloud Storage — encryption, public access, versioning, logging. Per-asset detail with classification & encryption pills. Flow page traces data movement across services.

  • S3 buckets · Azure Blob containers · GCS buckets in one inventory
  • 12+ posture detectors (public access, encryption, logging, versioning)
  • Exposure classification per asset (private · restricted · public · critical)
  • Flow inference — runtime data movement across services
  • Reuses existing cloud accounts — no new IAM setup

On the roadmap — same trust graph, same TAU pricing, no contract changes

TrustAI Next major direction
AI system inventory, shadow-AI detection, AI-to-data lineage, agent governance, and NIST AI RMF / EU AI Act evidence — the next major direction for CloudTrust360.
TrustOps
Supervised remediation with approvals, simulation, and rollback
TrustIdentity
Identity graph, privilege paths, AI agent identity governance
platform context

Built for the gap between security, cost, and compliance platforms.

Wiz, Orca, Defender, Cloudability, and Drata are strong in their domains. CloudTrust360 connects the context between them — so one finding ties to its cost impact, its failing control, and its board-level narrative without the swivel-chair.

Best-in-class for…

Wiz · Orca · Defender for Cloud

Strength Deepest cloud security detector libraries · runtime CWPP · code-to-cloud coverage
Buyer Enterprise security teams with six-figure budgets and weeks of implementation runway
Gap No FinOps. No executive narrative tying findings to spend and compliance.
CloudTrust360

One trust graph across security, cost, and compliance

Strength Cross-domain context · outcome-based pricing · mid-market accessible
Buyer CISO, CFO, and audit committee — reading the same screen, not three different tools
Time-to-value Hours to first insight · same-day pilot · no professional-services dependency
Best-in-class for…

Cloudability · Flexera · Drata

Strength RI / SP optimization automation · audit-prep workflow · evidence collection at scale
Buyer Dedicated FinOps team or compliance lead with a single-domain mandate
Gap Each lives in its own tool. No cross-domain link to security context or board narrative.

Where customers need depth in any single domain, we integrate, not compete. Where they need cross-domain context — a finding that ties to a cost driver that ties to a failing control that ties to a board narrative — that's our wedge, not theirs.

See it in action

This is what your team actually sees.

Click through the modules. Real product screenshots from the running platform — no mockups, no roadmap-ware on the live tabs.

Module · TrustCloud

One pane of glass across AWS, Azure, and GCP.

The home dashboard rolls up active accounts, monthly spend, open findings by severity, and compliance posture across every connected cloud. The change feed shows what moved in the last 24 hours. Sync failures are flagged with an investigate link. Drill into any cloud, finding, or cost bucket in one click.

Per-cloud rollup (AWS / Azure / GCP) 24h change feed (new / resolved / cost delta) Findings by severity (donut) Sync failure alerts with deep-link Cost trend (30 days)
CloudTrust360 Multi-Cloud Dashboard showing AWS, Azure, and GCP rollups side by side with monthly spend ($1.2K, $0.0K, $0.0K), findings count (18, 10, 2), and critical-severity counts (8, 0, 2); below that a 'What's new in the last 24h' change feed with 2 new critical findings, 8 findings resolved, cost down 100%; a sync failures alert; total spend $1,209.72, 38 findings, $43 savings, 51% compliance; cost trend line chart, and findings-by-severity donut chart
Built on: Real-time queries against Supabase with per-tenant Row-Level Security · No data leaves your tenant.
Module · TrustCloud + CT360 Copilot

Every finding ships with a structured AI remediation plan.

Open any finding and you get the full AI Analysis: executive summary, why it matters, the attack scenario, and a step-by-step remediation runbook with verify commands you can paste into a terminal. Severity-aware confidence. Model name and version stamped on every output — no anonymous AI.

Executive summary Why this matters Attack scenario 5-step remediation runbook Verify commands Model attribution shown
Security Finding Details modal in CloudTrust360 showing a 5-step GCP firewall remediation runbook, AI Analysis section attributed to claude-haiku-4-5, Fix Immediately priority block, executive summary, why-it-matters narrative, and attack scenario explanation
BYO LLM: Bring your Anthropic or OpenAI key. Your data never trains a model · 7-day cache reduces token spend.
Module · TrustIQ

The board-ready narrative your CFO will actually read.

One click generates an Executive Summary: top risks ranked, blast radius for each, the "do this first" call-out with estimated time-to-fix and risk reduction, plus cost overview and compliance notes. Generated from live data — not a snapshot from last Tuesday.

Top risks (1-2-3 ranked) Blast radius per risk "Do this first" priority action Cost overview Compliance notes 1-hour smart cache
CloudTrust360 AI Executive Summary panel generated by claude-haiku-4-5, showing top risks for Tara Corp — RDS instance publicly accessible, S3 bucket admin.tara-tok.com publicly accessible, root account access keys — with blast radius for each, a 'Do This First' priority action with ~15 minute fix estimate and ~45% risk reduction, plus cost overview
Earns its TAUs: Each delivered summary = 25 TAUs · Cached 1 hour · Smart-invalidated by the change feed.
Module · TrustFinOps

Cost intelligence with verifiable, ROI-ranked actions.

Spend rollups by cloud. Optimization opportunities ranked by ROI, with effort and confidence on each. The AI Cost Summary opens a panel that grades the account, explains the math behind it, and tells you what to do this week vs this quarter. 28 savings detectors across AWS, Azure, and GCP.

ROI-ranked recommendations Effort + confidence on every action AI Cost Summary with letter grade 28 savings detectors 30-day persistence validation Tag-based cost allocation
CloudTrust360 Cost Analysis page showing $1,209.72 rolling 30-day total spend across AWS Azure GCP, $43/month in optimization opportunities including bursty EC2 rightsizing and RDS Reserved Instances, plus an AI Cost Summary panel with a B-grade rating, top actions ranked by ROI, and 'do this week' recommendation list
Persistence-validated: Provisional savings only become billable TAUs after 30 days of real cost reduction at ≥ 90% of predicted amount.
Module · TrustM365

Microsoft 365 posture, license waste, SharePoint exposure, Copilot adoption — one connection.

One read-only Graph API connection unlocks four product views: Secure Score posture (MFA gaps, legacy auth, conditional access), license utilization with per-seat owner & department evidence, SharePoint & OneDrive exposure with ownership coverage, and Copilot adoption tracking. Each tab has its own AI Executive Summary on demand.

Secure Score & identity findings License waste with owner & department SharePoint & OneDrive exposure Copilot adoption & reclaimable spend Per-tab AI Executive Summary Read-only Microsoft Graph permissions
CloudTrust360 Microsoft 365 page showing Secure Score posture, license utilization with owner and department evidence, SharePoint and OneDrive exposure tracking, and Copilot adoption metrics — four tabs spanning posture and reclaimable license spend, all from one read-only Microsoft Graph API connection
Setup in minutes: Wizard-generated PowerShell creates the Entra app registration, requests the right Graph scopes, and ships a one-click admin consent link — no manual Azure portal clicking.
Module · TrustIQ

Compliance scoring auditors recognize, against your real findings.

Real-time scoring against SOC 2, ISO 27001, PCI DSS, HIPAA, NIST 800-53, and CIS benchmarks for each cloud. Every failing control links to the exact open finding causing it, so a failed score isn't a mystery — it's a to-do list. Live data, no periodic snapshots.

SOC 2 · ISO 27001 · PCI DSS · HIPAA NIST 800-53 · CIS AWS / Azure / GCP Control → finding traceability Per-framework passing / failing counts Live data, real-time scoring
CloudTrust360 Compliance Dashboard showing real-time scoring across SOC 2 (0%), ISO 27001 (55%), PCI DSS (50%), HIPAA (25%), CIS AWS (50%), CIS Azure (86%), CIS GCP (71%), and NIST 800-53 (67%) with passing and failing control counts per framework, and a Live data badge at the top right
Auditor-friendly: Activity log captures every control state change with attribution · Exportable on request.
Platform · Trust audit trail

Every sync. Every change. Every TAU. Logged.

The sync history page shows the last 50 sync attempts across every connected cloud account — manual runs and the 6-hourly auto-sync. Per-pipeline status (cost / security / savings), duration, trigger, and outcome on each row. Pair it with the activity log and every TAU on your invoice traces back to a specific event.

Per-account, per-pipeline sync log Success / Partial / Failed filtering Manual + auto-sync (6-hour cron) Duration timing on every run 14-day in-app dispute window
CloudTrust360 Sync History page showing the last 50 sync attempts across connected cloud accounts including GCP_TEST, Tara-AWS, Azure-Test, with columns for account name, time, trigger (manual or auto), per-pipeline status icons for cost/security/savings, duration in seconds, and Success/Partial/Failed status badges; filter buttons at top for All, Success, Partial, Failed
Auditor-grade: Per-tenant Row-Level Security · CSV export · Activity-log retention scales with your tier.
AI posture

AI you can actually show your CISO.

We use AI where it helps you decide faster — and nowhere it could decide for you. Every claim here is true today, in shipping code, not on a roadmap.

● Shipping

Source-backed, not hallucinated

Every AI claim links to its evidence. Executive summaries, finding analyses, and recommendation write-ups all cite the specific data they came from — finding IDs, cost rows, compliance gaps. If we can't show the source, the AI doesn't make the claim.

  • Activity log captures every AI call with inputs & outputs
  • Strict JSON-mode prompts with data-integrity rules
  • You can rebuild any AI conclusion in 5 minutes
● Shipping

Bring your own LLM keys

Your data never trains anyone's model. Connect your own Anthropic or OpenAI API key. Prompts and responses flow directly between your account and your chosen provider — under their zero-retention terms, not ours. We store the result; we don't see the round trip.

  • Anthropic Claude · OpenAI · provider choice is yours
  • Per-org token budget controls runaway costs
  • 7-day per-row cache · 1-hour summary cache
● Shipping

AI assists, humans decide

The platform never acts on your cloud. CloudTrust360 is read-only by design. AI ranks, drafts, and explains — you approve before anything moves. No autonomous remediation, no agentic loops touching your production. The activity log is your audit trail.

  • Zero write permissions on AWS · Azure · GCP
  • AI generates recommendations; you mark them implemented
  • Role-based controls on who can act on AI output
On the roadmap

TrustAI — governance for the AI systems, copilots, and agents running in your environment. AI inventory, shadow-AI detection, AI-to-data lineage, NIST AI RMF and EU AI Act evidence mapping. Talk to us about the design partner program.

Why it works

Three things this product does that nobody else does in one place.

Cross-domain context. Verified outcomes. AI that's source-backed, not hallucinated.

One trust graph

Security, cost, and compliance — in the same conversation.

Wiz tells you about security findings. Cloudability tells you about cost. Drata tells you about compliance. Every one of those tools lives on a different dashboard with a different mental model. CloudTrust360 puts all three on the same screen — because the decisions your board cares about cross all three.

  • Severity, spend, and compliance score for every connected cloud, side by side.
  • Findings link to the resource, the spend, and the failing control — no swivel-chair.
  • One activity log captures it all — sync runs, AI calls, state changes, team actions.
CloudTrust360 dashboard with cross-domain rollup — AWS, Azure, and GCP each showing monthly spend, findings count, and critical-severity count side by side; below that, total spend ($1,209.72), open findings (38), savings opportunities ($43), and compliance percentage (51%) in a single row of stat tiles
CT360 Copilot

Every AI answer cites its source — and shows the model that wrote it.

When the AI says "this is critical," it shows you the exact rule, resource, attack path, and remediation steps that justify the claim. The model name and version are stamped on every output (you'll see claude-haiku-4-5 in our screenshots — that's BYO LLM in action). No hallucinated severity. No mystery confidence.

  • Executive summary, attack scenario, why-it-matters — all four sections, always.
  • 5-step remediation runbook with verify commands — copy-paste into your terminal.
  • Severity-aware confidence + model attribution stamped on every output.
  • 7-day cache — pay for the analysis once, not every time someone opens the modal.
CloudTrust360 Security Finding Details modal showing AI Analysis section attributed to claude-haiku-4-5, structured into a Fix Immediately priority block, Executive Summary, Why This Matters narrative, and a 5-step remediation runbook with verification commands for a GCP firewall rule allowing SSH from 0.0.0.0/0
TrustIQ · Board-ready

The narrative your CISO sends to the audit committee — generated, not written.

One click produces an Executive Summary that ranks your top risks with blast radius for each, surfaces the "do this first" action with estimated risk reduction and time-to-fix, and folds in cost overview and compliance notes. The CISO emails it. The CFO actually reads it. The audit committee sees it instead of a 30-page deck.

  • Top risks ranked with blast radius (data exfiltration, lateral movement, credential compromise).
  • "Do this first" callout with estimated time and risk reduction (e.g. ~15 min → ~45% risk reduction).
  • Cost overview + compliance notes woven in — one document, three perspectives.
  • 1-hour smart cache with change-feed invalidation — fresh when it matters, free when it doesn't.
CloudTrust360 AI Executive Summary panel for Tara Corp generated by claude-haiku-4-5, listing top risks numbered 1-3 (publicly accessible RDS instance, publicly accessible S3 bucket admin.tara-tok.com, root account access keys) each with blast radius, plus a 'Do This First' priority action card with ~15 minutes estimated fix time and ~45% risk reduction, followed by Cost Overview and Compliance Notes sections
How It Works

From connection to verified outcome.

Four steps. Read-only at every stage. You always approve before anything happens.

1
5 minutes

Connect

Grant read-only access via IAM role (AWS), service principal (Azure), or Workload Identity Federation (GCP). No keys to manage, no agents to install.

2
Hours

Analyze

CloudTrust360 runs the first sync across security, cost, and compliance. AI analysis surfaces the issues that matter and the savings worth chasing.

3
Your pace

Act

Implement recommendations on your terms. Each resolution writes to your activity log. Savings start provisional until verified in your real cost data.

4
Monthly

Settle

Monthly Stripe invoice itemized by TAU category. 14 days to dispute. No long-term lock-in on Pilot or monthly Growth.

Trust Action Units

One TAU pool. Every module. Every outcome.

TAUs are verified outcomes — drawn from one shared pool across every module you use. A resolved finding, a validated saving, a maintained control, an executive summary: each becomes a transparent billable unit at the same TAU rate, whether it came from TrustCloud, TrustFinOps, TrustIQ, or any future module. Nothing is hidden. Nothing is bundled obscurely. No per-module surcharges.

Outcome TAU Module
Each $1 of verified, persisted savings 1 TrustFinOps
Critical-severity finding resolved 75 TrustCloud
High-severity finding resolved 50 TrustCloud
Medium-severity finding resolved 15 TrustCloud
Low-severity finding resolved 5 TrustCloud
Compliance control maintained (per framework, per month) 2 TrustIQ
Executive AI summary delivered 25 TrustIQ
AI-recommended remediation auto-executed 100 TrustOps
Identity privilege path remediated 40 TrustIdentity

How TAU verification works

Not every detected opportunity bills. Outcomes are verified before they're billed, and you have a window to dispute every charge.

  • 30-day savings persistence. Cost savings start provisional. They convert to billable TAUs only after 30 days of real cost reduction with at least 90% of the predicted amount observed.
  • 14-day dispute window. Every TAU on your invoice can be challenged in-app. The dispute UI shows exactly which event generated the charge.
  • Full audit trail. Every TAU traces back to an entry in your activity log. You can rebuild any invoice line by yourself.
  • One unified TAU pool. Use any module — TrustCloud, TrustFinOps, TrustIQ, and future modules — from a single TAU pool at your tier rate. No per-feature licensing, no module-by-module billing surprises. Bring-your-own LLM keys mean AI inference cost stays between you and your provider.
Sample pricing

One unified TAU pool. Shaped to your scale.

Every plan starts with a six-month savings-share pilot — we earn only from verified cloud savings during this window. From month 7 onward, your one shared TAU pool covers any module you use at a single per-TAU rate tied to your tier. The savings share is permanent for the contract lifetime. Per-TAU rates and annual commitments are tailored to your engagement shape — talk to sales or work with your MSP/reseller for the rate that fits.

Trust Pilot
Test it on one cloud account. Pay only after results.
For small teams & pilots
6-month savings-share pilot · no minimum to start
  • Up to 3 cloud accounts
  • All shipping modules — one TAU pool
  • Bring your own LLM keys
  • Email support & Support Expert
  • Pay-as-you-go after pilot
Start a Trust Pilot
Trust Growth
Mid-market mode. Monthly or annual. Soft ceiling included.
For mid-market organizations
Talk to sales for your TAU rate · annual discount available
  • Up to 25 cloud accounts
  • All modules — one TAU pool, lower rate
  • Soft ceiling protects against runaway bills
  • Slack & webhook alerting
  • Priority email support
Talk to Sales
Trust Enterprise
For organizations with serious cloud spend and compliance scope.
For large enterprises
Talk to sales for your TAU rate · multi-year discount available
  • Unlimited cloud accounts
  • All modules — one TAU pool, enterprise rate
  • Custom soft ceiling negotiated
  • SSO, audit log export, RBAC
  • Named CSM, quarterly reviews
Talk to Sales
Trust Fabric Suite
Every module, every TAU type, lowest per-TAU rate.
For global & regulated programs
Talk to sales for your TAU rate · annual or multi-year
  • Unlimited everything
  • All modules — one TAU pool, lowest rate
  • Future-module TAUs included as shipped
  • Custom integrations & SLAs
  • Design partner advisory access
Talk to Sales

Design partner pricing is available for early customers willing to provide product feedback — talk to sales. All tiers include read-only multi-cloud access, the activity log, the 14-day dispute window, and BYO LLM keys with zero AI training on your data.

Sample monthly invoice ranges

What a typical CloudTrust360 monthly invoice looks like at different scales — after the six-month savings-share pilot completes. Actual TAU rate is set in your contract.

Small Pilot
$0 — $1,500
1–2 cloud accounts
Trust Pilot tier
Growth Customer
$2,500 — $8,000
Mid-market · 5–15 accounts
Trust Growth tier
Enterprise
Custom
25+ accounts · multi-year
Trust Enterprise tier
Verified Savings Share
Permanent
Share % rate-locked for
your contract lifetime

During the six-month savings-share pilot, the only invoice line is your verified-savings share. TAU charges for any module's outcomes begin in month 7 — drawn from one shared pool.

Security & Compliance

Built to be trusted with the most sensitive systems.

CloudTrust360 is read-only by design and helps you measure against the frameworks your auditors care about.

The architecture, in plain terms

Every credential we hold is encrypted at rest with AES-256-GCM. Every database read goes through Postgres Row-Level Security scoped per tenant. Service-role keys never leave our backend.

  • Read-only at every layer. No write access to your cloud, period. The platform recommends; you execute.
  • Workload Identity Federation for GCP. No static service account keys. Works in locked-down GCP orgs that prohibit key downloads.
  • Role-based access control. Owner, Admin, Security Analyst, DevOps Engineer, and Viewer roles. Enforced at UI, backend, and database.
  • Bring your own LLM keys. Use your Anthropic or OpenAI account for AI features. We never train on your data.
SOC 2
Framework mapping
HIPAA
Healthcare
PCI DSS
Payment Card
ISO 27001
Information Security
NIST CSF
Cybersecurity
CIS Benchmarks
AWS · Azure · GCP
Frequently Asked

Questions, answered.

The questions buyers usually ask in the first call.

How exactly does TAU pricing differ from per-seat or per-account SaaS?

Traditional SaaS charges for access — a flat fee per seat or per cloud account, billed whether the platform produced value that month or not. CloudTrust360 charges for outcomes the platform actually produces. Verified savings, resolved findings, controls maintained, AI summaries delivered: each converts to TAUs at a published rate. Your tier sets the per-TAU price. Your usage sets the volume. Your activity log shows you exactly what drove the bill.

What stops you from inflating TAU counts to drive up bills?

Three protections. One: every TAU traces to a specific event in your activity log — if it isn't there, it isn't billable. Two: savings TAUs require 30-day persistence at 90%+ of predicted amount, observed in your actual cost data. Three: you have a 14-day dispute window in-app where you can challenge any line. The dispute UI shows the source event for each TAU. We can't fabricate outcomes you didn't agree happened.

Which modules ship today and which are roadmap?

Shipping today: TrustCloud (multi-cloud security posture), TrustFinOps (cost intelligence and optimization), TrustIQ (executive AI summaries and compliance scoring).

On the roadmap: TrustOps (supervised remediation with approvals and rollback), TrustIdentity (privilege graph and AI agent identity), TrustData (metadata-first DSPM and AI-to-data lineage), TrustAI (AI system inventory and governance). They ship into the same TAU pricing — no contract renegotiation when they arrive.

How do you compare to Wiz, Cloudability, and Drata?

Wiz, Cloudability, and Drata are strong in their domains. Wiz leads on cloud security detection breadth. Cloudability leads on RI/SP automation. Drata leads on audit-packet workflow. We're built for the gap between them.

CloudTrust360 connects cross-domain context in one product — a single trust graph where a finding, a cost driver, and a compliance control map to the same business risk. Mid-market pricing. Time-to-value measured in hours. Where customers need depth in any single domain, we integrate with the incumbent rather than compete.

What does the cloud connection actually look like?

For AWS: you create an IAM role with read-only scopes; we use a stable external ID for assume-role. For Azure: you create a service principal with Reader plus Cost Management Reader. For GCP: Workload Identity Federation against our OIDC issuer — no static service account keys downloaded. Connection takes ~5 minutes per cloud account via the in-app wizard.

What about data residency and procurement requirements?

Data lives in Supabase (Postgres) regions we deploy to; you can request a specific region. AES-256-GCM credential encryption, Row-Level Security per tenant, and a fully audit-ready activity log are in place today. SOC 2 Type II audit and external penetration testing are in our near-term roadmap — happy to share the current security questionnaire on request via support@aivons.com.

Is there a free trial or pilot?

Yes. Trust Pilot gives you a six-month savings-share pilot — we earn only from your verified cloud savings during this window, and everything else (security findings, compliance scoring, executive summaries) is fully free. From month 7 onward, your one shared TAU pool covers any module you use at the Trust Pilot tier's per-TAU rate (pay-as-you-go, no annual minimum). The savings share is permanent for the contract lifetime — it never converts to a different model. Typically the savings-share pilot window is enough to fully evaluate the platform on one or two cloud accounts before any TAU charges begin.

Who owns the data and the analyses CloudTrust360 produces?

You do. We process your cloud metadata to produce findings, recommendations, and summaries. Those outputs belong to your organization. We don't train models on your data, and the AI features use your own LLM provider keys (Anthropic or OpenAI) — so inference cost stays between you and your provider.

See what your invoice would actually look like.

30-minute pilot conversation. We walk through your environment, connect a single cloud account, and show you the exact TAUs your usage would generate before you commit to anything.

Book a 30-min pilot call Request security questionnaire

First 6 months on savings share · Read-only access · 14-day dispute window · No credit card to start