SimpleGooseSimpleGoose

Security

How ICP protects your data and infrastructure.

Zero Data Exfiltration

ICP runs entirely inside your cloud environment. Your inference data (prompts, completions, embeddings) never leaves your VPC. There are no analytics callbacks, no telemetry beacons, and no data sent to SimpleGoose infrastructure.

You can verify this by deploying a Kubernetes NetworkPolicy that blocks all egress from ICP pods except your own cloud provider endpoints and the marketplace metering API. ICP will continue to function normally.

Credential Management

  • Backend credentials (AWS IAM roles, Azure managed identity, GCP service accounts) are stored in your Kubernetes Secrets.
  • ICP references secrets by name — it never copies credential values into its own database.
  • Supports native cloud identity: IRSA (AWS), Managed Identity (Azure), Workload Identity (GCP). No static API keys required.

Payload Redaction

Decision traces store routing metadata only: token counts, task type, backend selected, cost estimates, and the routing explanation. The actual inference payload is redacted before any trace is persisted.

Access Controls

  • Separate API keys for inference requests and admin operations.
  • The ICP Agent uses scoped tokens that can only execute deployment operations — not access traces, billing, or other tenants.
  • Agent tokens support rotation and immediate revocation.
  • All admin actions logged in an audit trail with before/after state.
  • All authenticated API calls logged for SOC 2 compliance.

Supply Chain Security

  • Container images signed with cosign/sigstore.
  • SBOM (Software Bill of Materials) published with each release.
  • Automated dependency vulnerability scanning — no known critical/high CVEs at release.
  • Provenance attestation for container builds.

Compliance

  • SOC 2: Access logging, audit trails, failed auth logging, encryption in transit.
  • GDPR: Data export and purge APIs for tenant/session data. Since ICP runs in your environment, you have full control over all data.
  • Data residency: Policy engine enforces region restrictions. Requests that violate residency rules are blocked before they reach any backend.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@simplegoose.com. We take all reports seriously and will respond within 48 hours.