Security & Privacy

From day one, we’ve built our platform with security and privacy at the core. Trust is the foundation of every relationship we form with our customers. Protecting your data is not just a feature - it’s a responsibility we take personally. Every engineering and business decision we make is measured against a single standard: keeping your information safe, private, and compliant.

Clarence & Kao
Cofounders, Coverbase

Security & Privacy Program Highlights

We follow rigorous security practices and partner with independent experts to validate our approach. Our program is built to not only meet industry standards, but to exceed them.

SOC 2 (Type II) Compliant

Independently audited against the AICPA Trust Services Criteria (security, availability, confidentiality).
Regularly updated controls and continuous monitoring of our environments.

Independent Penetration Testing

Partnering with leading security firms for annual penetration tests.
Frequent internal vulnerability scanning, SAST, and DAST to identify and remediate issues before they reach production.

Single Sign-On & Identity Management

SSO and SAML provisioning with Okta, Microsoft Entra, Google, and other identity providers.
Multi-factor authentication (MFA) required for all production access.

Data Protection & Privacy

GDPR and CCPA compliant, with clear processes for data subject rights.
AES-256 encryption at rest, TLS 1.2+ in transit.

Internal Controls & Auditability

Comprehensive audit logs covering all system and data access.
Strict least-privilege access model, reviewed quarterly.
Employees undergo mandatory security and privacy training, and no customer data resides on employee devices.

Building Trust, Together

Some of the world’s most innovative and security conscious enterprises trust us to safeguard their data. We see security and privacy not as checkboxes, but as an ongoing promise to our customers.

For questions about our security program or to report a vulnerability, please contact us at security@coverbase.ai