Skip to main content
All CollectionsSecurity & Privacy
Security & Privacy Overview
Security & Privacy Overview

What we do to keep your data safe

Updated over a week ago

We take the security and privacy of our customers' information very seriously. As a data company, we understand the importance of safeguarding sensitive data and ensuring compliance with industry standards. That's why we have made a commitment to implementing robust security measures and continuously upgrading our security infrastructure to stay ahead of potential threats. Rest assured that your information is in good hands with us.

You maintain full control over your data. In order to operate, Coho AI requires only an anonymized user identifier. While we do not require transfer of PII (Personal Identifiable Information) for operating the solution. However, in case you choose to do so, you can request the signing of a DPA (Data Processing Agreement) by contacting [email protected].

At Coho, we implemented various controls which help us keep your data safe. Including, but not limited to:

  • Encryption: Your data is encrypted in transit using TLS 1.2, and at rest using the highest encryption standards.

  • Authentication & Authorization: We leverage logical separation of all of our customers data. Access to your data is enforced by strong authentication & authorization protocols.

  • Change Management: We adhere to a strict SDLC policy, where every change to our architecture and platform is reviewed and audited before going to production.

  • Monitoring: We continuously monitor application servers, cloud infrastructure and network to detect threats and potential problems.

  • Penetration Testing: The Coho platform is tested annually for vulnerabilities by an independent third-party. The recent penetration testing report is available upon request by contacting [email protected].

  • Compliance: Coho undergoes SOC 2 Type II audit every year. The recent SOC 2 Type II report is available upon request by contacting [email protected].

  • Cloud Services Provider: All of the data is stored and processed in cloud infrastructure maintained by Amazon Web Services and/or Google Cloud Platform.
    Both providers independently undergo strict compliance audits, including SOC 2, ISO 27001, PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, NIST 800-171 and many more. You can read more about the cloud providers' compliance here: AWS, GCP.
    Your data is stored in one of the following regions (contact [email protected] for more details):

    • AWS Ireland (eu-west-1)

    • AWS N. Virginia (us-east-1)

    • GCP Belgium (europe-west1)

    • GCP Iowa (us-central1)

Did this answer your question?