Trust & Security
At Copyleaks, we are committed to the security of your data and privacy. We understand that our customers are entrusting us with their data, and we take that responsibility very seriously.
We have implemented a comprehensive security program that includes administrative, technical, and physical safeguards to protect your data from unauthorized access, use, or disclosure.
This page provides an overview of our security program, including our security architecture, data handling policies, and compliance certifications.
Our Commitment to Security
Section titled “Our Commitment to Security”Our approach to security is built on several key pillars:
Security Architecture and Infrastructure
Section titled “Security Architecture and Infrastructure”Our platform is built on a robust and secure foundation to protect your data at every level.
- Secure Network Design: All platform components communicate through a secure internal company network. Access to this network is highly restricted, even for Copyleaks employees, and requires identity verification via an SSL client certificate. All communication within the internal network is secured using TLS v1.2 or newer.
- Cloud-Based Architecture: We leverage a secure, cloud-based system architecture to provide scalable and reliable service.
- On-Premises Option: For organizations requiring complete control over their data infrastructure, we offer on-premises Cloud Private Hubs. This allows you to retain all sensitive data within your own secured digital environment while utilizing our advanced detection technology.
- Continuous Monitoring: Our systems are monitored 24/7, enabling us to respond instantly to any downtime or security incidents as they are detected.
Data Encryption
Section titled “Data Encryption”Data safety is a cornerstone of our security mechanisms. We employ military-grade encryption to ensure your data is protected at all times.
- Encryption in Transit: All data transferred to and from our platform is sent exclusively over secure channels (100% HTTPS) using SSL connections.
- Encryption at Rest: All data saved on our platform is encrypted using the AES-256 standard. Encryption keys are managed by our Cloud providers and are rotated automatically to ensure maximum security.
- Data Backup: We perform daily data backups, which are stored securely in our backup data centers.
Compliance and Certifications
Section titled “Compliance and Certifications”Our products routinely undergo independent verification of privacy, security, and compliance controls to meet global standards and earn the trust of our users.
- SOC 2 & SOC 3: Copyleaks is SOC 2 & 3 certified, demonstrating our commitment to securely managing data to protect our customers’ interests and privacy. Our SOC 3 report, audited by KPMG, is publicly available and outlines our high-powered system’s adherence to security, privacy, and confidentiality standards.
- GDPR: We are fully committed to adhering to the guidelines of the EU General Data Protection Regulation (GDPR). For our European customers, we offer the
copyleaks.eusite with servers located in Germany, ensuring data processing remains within Europe. - PCI DSS: We adhere to the Payment Card Industry Data Security Standard (PCI DSS). All payments are processed through Stripe, and we do not access or store any personal credit card information within the Copyleaks system.
- NIST RMF: We meet the guidelines of the NIST Risk Management Framework (RMF), a systematic process for managing information security risk developed by the U.S. National Institute of Standards and Technology.
- Accessibility: We believe technology should be accessible to everyone. Our platform is designed to be user-friendly for all, and our Voluntary Product Accessibility Templates (VPATs) are available for review.
Application and Operational Security
Section titled “Application and Operational Security”We maintain a rigorous application security program to protect our platform from threats.
- Vulnerability Management: We routinely run vulnerability scans of our system components and use static code analyzers to detect problematic code before it is deployed.
- Regular Updates: We regularly update the security of our products to protect against emerging threats.
- Responsible Disclosure: We take security and privacy very seriously and encourage our users to report any identified vulnerabilities. If you believe you have found a security vulnerability, please submit a report with details such as your account email and a screenshot of the issue so our team can investigate.