Arrow iconAll posts

Copper news

How Copper CRM is Keeping Your Data Safe

Copy blog url
Twitter share logoLinkedin share logoEmail to logo
Article featured image

Erin Sumpmann

*We've since moved on from being hosted on AWS to GCP!

Every strong relationship is based on a foundation of trust, and when it comes to data, trust is knowing that anyone handling your data is keeping it secure. We sat down with two of our Copper security experts, Isaac (CISSP, Director of Operations) and Kelly (Chief Technology Officer), to get every detail on how we’re keeping data safe.

Read on, or watch the webinar recording:

What is data security?

Data security is a hot topic today, but what does it really mean and how do SaaS companies like Copper think about it?

Because security is a key priority for Copper, we take a top-down approach. This means that security initiatives are led and championed by our management team, then systematically percolated down to operations staff. Effectively managing security risk means putting in the right governance, the right technology as well as supporting processes and ongoing training.

We’re constantly evaluating our overall security using clear InfoSec policies, training, and third-party penetration and vulnerability scanning. Through the monitoring of critical systems and following up after service incidents, we’re always improving and strengthening our technological detection measures to identify attacks and observe system performance. We’ve also developed and documented a response and recovery plan that activates as soon as evidence of a possible incident occurs.

Copper has three main focuses when it comes to security. We’re going to walk you through each of these in detail in this blog post. We believe a good defensive posture is based on:

  • Prevention - understanding the threat (for example, a hacker) relative to organizational vulnerability
  • Detection - establishing mechanisms to detect an imminent or actual breach
  • Response - establishing a capability that immediately deals with incidents to minimize the loss of any data


We’ve implemented measures to make certain Copper will be accessible and available when you need it.

Secure data centers

We only trust the best of the best to host your data, so all compute and data servers are hosted on Amazon Web Services (AWS) ISO 27001 certified data centers. These are US-based centers using multiple availability zones.

Failover functionality

We designed our CRM to use scalable and reliable architecture models. This decreases the chance for a system failure that prevents customers from accessing their data. We use many identical servers that provide automatic failover to another healthy system and/or data center location.

Continuous backups

If there is an unusual loss of data, some of our databases can be restored from a specific point in time in one minute increments. We and our vendors make regular backups to encryption-enabled AWS S3 buckets that are usually kept for 10 days.

Disaster recovery

In the unlikely event of extended service outages caused by factors beyond our control (e.g., natural disasters or third-party service interruptions), Copper has a plan in place with multiple backups to make sure your CRM access isn’t interrupted.

How we protect your data

Data protection is kept front and center for Copper at all times as we continue to innovate on our CRM software.

Data security training

Copper provides Security Awareness Training for all employees and requires that they review and sign the Employee Code of Conduct that outlines the guidelines for network security and data protection.

Vulnerability testing

We participate in third-party vulnerability scanning and penetration tests to identify, track, and remediate any application vulnerabilities.

Data encryption

Encryption enhances the security of a message or file by scrambling the content. Copper encrypts your data both in transit and at rest, so it’s safe no matter what.

User access management

Employee and vendor access to all customer data is tightly regulated and restricted to a need-to-know basis using role-based access controls.

Two-factor authentication

Copper’s internal instance requires two-factor authentication for any admin access to prevent the wrong person from accidentally accessing data.

Regular data access reviews

Our employee access to resources is regularly evaluated and terminated promptly to make sure we’re always up to date with role changes and employment termination.

Your internal security controls

We’ve built functionality into Copper that allows you to maintain data integrity internally. With team permissions and visibility, you determine which departments and teams see what data and correspondence inside your CRM.

With read-only fields, Copper admins are able to specify which fields can’t be edited by non-admin users, so your data is always consistent and reliable. Required fields also allow admins to capture critical data points for business operations.

Copper's certifications

Copper’s data policies and procedures are externally validated (so you can take more than just our word for it).

SOC 2-Attested Service Provider

System and Organization Controls (SOC) is a series of third-party audits and reports run on a service provider. As a SOC 2 Attested Service Provider, our policies and procedures have been validated by an independent CPA auditing firm that has reviewed our controls around security, availability, and confidentiality to ensure they match or exceed industry-best practices.


The General Data Protection Regulation (GDPR) is a new set of laws that regulate how you access and process the personal data of EU citizens. GDPR affects any company doing business with EU citizens, regardless of their physical location. Copper is GDPR-compliant and has established security controls and secured DPAs from all vendors who touch contact data. Learn more about how we got there.


Copper is TrustArc (formerly TRUSTe) Certified. These privacy certifications outline practices for companies to establish and maintain privacy. They are a Privacy Shield partner.

Privacy Shield-Compliant

The EU-U.S. Privacy Shield Framework was designed to align companies on both sides of the Atlantic along common data protection requirements when transferring personal data. Copper worked with TrustArc to audit our policies and procedures, as well as certify our compliance with this framework.

And that’s all, folks! If you have any questions surrounding data security that weren’t addressed here, don’t hesitate to either reach out—or if you’ve been working with a partner, contact them directly.

Thanks for tuning in!

Try Copper free

Instant activation, no credit card required. Give Copper a try today.

Ideo graphicMasterclass graphicSwell graphicBubbles graphic
Copper try free image

Keep Reading

All postsArrow icon
Featured image: 11 video types to drive growth with video marketing for business

Marketing - 9 min READ

11 video types to drive growth with video marketing for business

Creating marketing videos for your business doesn’t need to be overwhelming. Here’s how to get started.

Featured image: Copper now stores and organizes all the documents you send through Gmail — in one place.

Copper news - 2 min READ

Copper now stores and organizes all the documents you send through Gmail — in one place.

New file organization capabilities automatically sync with Gmail and Calendar and surface your important customer files across CRM records.

Featured image: 7 things to know when switching from Universal Analytics to Google Analytics 4

Sales - 4 min READ

7 things to know when switching from Universal Analytics to Google Analytics 4

There are many reasons to switch to Google Analytics 4 from Universal Analytics — and Google won’t support the old version starting in 2023.

Featured image: A 4-step process for customer research

Marketing - 3 min READ

A 4-step process for customer research

Customer research doesn’t have to be a pain, you just need the right approach. Follow these 4 steps to uncover your ideal customers.