Our customers' data is encrypted when in transit and at rest, using the highest industry standard procedures and protocols, including TLS 1.2, FIPS 140-2 validated HSMs (AWS KMS), and AES-256 symmetric encryption algorithms where appropriate.
Data access is controlled
Access to customer data is strictly limited to a small set of oncall engineers, is protected by auditing & alerting systems, and only available when debugging a specific problem (usually by customer request). Access to the Coda admin interfaces are compartmentalized by information type, and access to data is granted only when required for a particular job function.
We take organizational security seriously
We're a startup, but you wouldn't know it when you see our badge access, locked monitors, and machine generated, high complexity passwords. (Well, you won't see those.) All Coda employees undergo an annual security training, and we undergo regular 3rd party penetration tests to ensure all our security practices and systems are top-notch.
We're GDPR and CCPA compliant and have entered into DPAs with all our subprocessors; we have a DPA available for customers in the EU upon request.