Infrastructure & Reliability
How Colby is deployed, scaled, monitored, and protected on Google Cloud Platform.
Cloud Platform
Colby is built on Google Cloud Platform (GCP), leveraging Google's enterprise-grade security and reliability infrastructure. GCP provides the foundation for our compute, storage, secrets management, and key management services.
Compute
Colby runs on Google Cloud Run — fully managed, auto-scaling serverless containers deployed across US regions for low latency.
Auto-Scaling Serverless
Automatic scaling from zero to handle demand spikes. Resources are provisioned on-demand and released when not in use.
Sub-Second Cold Starts
Optimized container images ensure fast cold start times, so requests are handled promptly even during scale-up events.
US Regional Deployment
Deployed across US regions to minimize latency for North American users and comply with data residency requirements.
Secrets & Key Management
- Google Cloud Secret Manager — all sensitive credentials are stored in Secret Manager. No secrets are stored in code or environment files.
- Google Cloud KMS — encryption key lifecycle management including automatic key rotation, with keys used for envelope encryption of session data.
Availability & Scaling
Auto-Scaling
Request-based auto-scaling handles traffic spikes automatically without manual intervention.
Health Checks
Continuous health check endpoints are monitored to detect and respond to degradation immediately.
Status Page
Public status page at status.getcolby.com with real-time uptime data.
Notifications
RSS feed and subscription options available for incident and maintenance notifications.
Security Infrastructure
Security Headers
All responses include HSTS, X-Frame-Options, X-Content-Type-Options, and other security headers to prevent common web vulnerabilities.
Rate Limiting
Rate limiting on all sensitive endpoints protects against abuse and ensures fair resource allocation.
CORS Restrictions
Cross-origin resource sharing is restricted to Salesforce domains and the Colby extension only — no third-party access.
SSL/TLS Enforced
All connections require SSL/TLS — plaintext HTTP is never accepted for any endpoint.
Deployment Pipeline
Code Review
All changes require peer code review before merge. Git-based version control with branch protection rules.
CI/CD Pipeline
Automated testing and build via GitHub Actions and Google Cloud Build. Every change runs through the full test suite.
Containerized Deployment
Every deployment is containerized with Docker for consistency across environments. No configuration drift between staging and production.
Post-Deployment Health Checks
Automated health checks run after each deployment to verify service health before routing traffic.
Monitoring & Observability
- LLM call tracing — performance monitoring for all AI model interactions to ensure response quality and latency targets
- Structured logging — with automatic sensitive data redaction before log persistence
- Action-level audit logging — all Salesforce operations (reads, writes, updates) are logged with full context
- Real-time health monitoring — service health dashboards with alerting for anomalies
Incident Response
Public Status Page
Incident history and maintenance windows are published at status.getcolby.com.
Uptime Tracking
Uptime tracked across 24h, 7d, 30d, and 90d windows with real-time visibility.
Subscribe to the RSS feed or status page notifications to receive alerts about incidents and planned maintenance windows.
SOC 2 Compliance
Colby maintains an active SOC 2 compliance program tracked via Vanta.
Our compliance posture is continuously monitored. For detailed compliance information, including evidence of controls and policies, visit our Vanta Trust Center.