Security

We take security very seriously, and our team has built world-class infrastructure to protect your data

SOC 2 Compliance

Coda undergoes regular Service Organization Controls audits (SOC 2 Type II) performed by an independent third-party auditing firm. Contact your account manager or

sales@coda.io⁠

to request a copy of our most recent report.

Data is encrypted in transit and at rest

Our customers' data is encrypted when in transit and at rest, using the highest industry standard procedures and protocols, including TLS 1.2, FIPS 140-2 validated HSMs (AWS KMS), and AES-256 symmetric encryption algorithms where appropriate.

Data access is controlled

Access to customer data is strictly limited to a small set of oncall engineers, is protected by auditing & alerting systems, and only available when debugging a specific problem (usually by customer request). Access to the Coda admin interfaces are compartmentalized by information type, and access to data is granted only when required for a particular job function.

We take organizational security seriously

We're a startup, but you wouldn't know it when you see our badge access, locked monitors, and machine generated, high complexity passwords. (Well, you won't see those.) All Coda employees undergo an annual security training, and we undergo regular 3rd party penetration tests to ensure all our security practices and systems are top-notch.

Data Privacy

We're GDPR and CCPA compliant and have entered into DPAs with all our subprocessors; we have a DPA available for customers in the EU upon request.

⁠
`More details on our security page`⁠
⁠

Gallery

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.