GDELT Cloud is a cloud-native API and agent data service. This page describes the practical controls we operate today, written for security reviewers and technical buyers rather than for marketing.
Administrative access to GDELT Cloud production systems is restricted to authorised personnel. Multi-factor authentication is used where supported by the underlying provider.
Production credentials are kept separate from development credentials. Service-to-service access uses scoped API keys or service-role tokens stored outside the codebase.
GDELT Cloud uses HTTPS/TLS for all customer-facing traffic, including the web app, API, and MCP endpoints.
Application data, account data, and analytical data are stored using managed infrastructure providers that support encryption at rest. See our subprocessors list for the providers involved.
GDELT Cloud runs on Vercel for application hosting, Supabase for authentication and the operational database, ClickHouse Cloud for analytical event storage, Google BigQuery for upstream raw GDELT data, Horizon (Prefect) for MCP server hosting, and LangSmith for hosting the research agent runtime. Global Energy Monitor data is loaded offline directly from GEM's published registries, separate from the GDELT ingest pipeline.
Each provider maintains its own security programme and infrastructure controls. We monitor vendor posture and maintain a current list of subprocessors.
Code is version controlled. Production deployments ship through Vercel's controlled deployment workflow. Secrets are kept out of the codebase and managed through environment configuration.
Production-impacting changes are reviewed before release. We monitor application errors, runtime telemetry, and core service availability and act on regressions before they reach customer dashboards or agents.
We collect operational logs, API usage records, and error telemetry to operate the service, debug failures, investigate abuse, enforce plan limits, and improve reliability.
We do not sell customer data. Logs are retained for the time needed to operate the product and support customers.
Security issues can be reported to security@gdeltcloud.com. For confirmed incidents that materially affect customer data or service integrity, we investigate promptly and notify affected customers as appropriate to the scope of the incident.
If you believe you have found a security vulnerability in GDELT Cloud, please email security@gdeltcloud.com with reproduction steps and any supporting context. We will acknowledge receipt and coordinate a fix.
We do not currently operate a public bug bounty, but we appreciate good-faith reports and will not pursue researchers acting in good faith and avoiding privacy, availability, or data-integrity harms.
GDELT Cloud is not currently SOC 2 certified. We are implementing operational controls aligned with SOC 2 Security, Availability, and Confidentiality criteria and will pursue formal attestation as customer demand and production deployments justify it.
For commercial evaluations and vendor reviews we can share a security overview, our subprocessors list, data retention practices, and reasonable vendor questionnaire answers.
GDELT Cloud currently targets 99.5% monthly availability for paid API access, excluding scheduled maintenance, upstream provider outages, customer-side issues, and beta or experimental features.
We publish service status and incident history at status.gdeltcloud.com, and live data-ingestion freshness on the data status page.
