Arrow pointing to left
All posts

Copper news

How Copper CRM is Keeping Your Data Safe

Copy blog urlTwitter share logoLinkedin share logoEmail to logo
Article featured image

Erin Sumpmann

*We've since moved on from being hosted on AWS to GCP!

Every strong relationship is based on a foundation of trust, and when it comes to data, trust is knowing that anyone handling your data is keeping it secure. We sat down with two of our Copper security experts, Isaac (CISSP, Director of Operations) and Kelly (Chief Technology Officer), to get every detail on how we’re keeping data safe.

Read on, or watch the webinar recording:

What is data security?

Data security is a hot topic today, but what does it really mean and how do SaaS companies like Copper think about it?

Because security is a key priority for Copper, we take a top-down approach. This means that security initiatives are led and championed by our management team, then systematically percolated down to operations staff. Effectively managing security risk means putting in the right governance, the right technology as well as supporting processes and ongoing training.

We’re constantly evaluating our overall security using clear InfoSec policies, training, and third-party penetration and vulnerability scanning. Through the monitoring of critical systems and following up after service incidents, we’re always improving and strengthening our technological detection measures to identify attacks and observe system performance. We’ve also developed and documented a response and recovery plan that activates as soon as evidence of a possible incident occurs.

Copper has three main focuses when it comes to security. We’re going to walk you through each of these in detail in this blog post. We believe a good defensive posture is based on:

  • Prevention - understanding the threat (for example, a hacker) relative to organizational vulnerability
  • Detection - establishing mechanisms to detect an imminent or actual breach
  • Response - establishing a capability that immediately deals with incidents to minimize the loss of any data


We’ve implemented measures to make certain Copper will be accessible and available when you need it.

Secure data centers

We only trust the best of the best to host your data, so all compute and data servers are hosted on Amazon Web Services (AWS) ISO 27001 certified data centers. These are US-based centers using multiple availability zones.

Failover functionality

We designed our CRM to use scalable and reliable architecture models. This decreases the chance for a system failure that prevents customers from accessing their data. We use many identical servers that provide automatic failover to another healthy system and/or data center location.

Continuous backups

If there is an unusual loss of data, some of our databases can be restored from a specific point in time in one minute increments. We and our vendors make regular backups to encryption-enabled AWS S3 buckets that are usually kept for 10 days.

Disaster recovery

In the unlikely event of extended service outages caused by factors beyond our control (e.g., natural disasters or third-party service interruptions), Copper has a plan in place with multiple backups to make sure your CRM access isn’t interrupted.

How we protect your data

Data protection is kept front and center for Copper at all times as we continue to innovate on our CRM software.

Data security training

Copper provides Security Awareness Training for all employees and requires that they review and sign the Employee Code of Conduct that outlines the guidelines for network security and data protection.

Vulnerability testing

We participate in third-party vulnerability scanning and penetration tests to identify, track, and remediate any application vulnerabilities.

Data encryption

Encryption enhances the security of a message or file by scrambling the content. Copper encrypts your data both in transit and at rest, so it’s safe no matter what.

User access management

Employee and vendor access to all customer data is tightly regulated and restricted to a need-to-know basis using role-based access controls.

Two-factor authentication

Copper’s internal instance requires two-factor authentication for any admin access to prevent the wrong person from accidentally accessing data.

Regular data access reviews

Our employee access to resources is regularly evaluated and terminated promptly to make sure we’re always up to date with role changes and employment termination.

Your internal security controls

We’ve built functionality into Copper that allows you to maintain data integrity internally. With team permissions and visibility, you determine which departments and teams see what data and correspondence inside your CRM.

With read-only fields, Copper admins are able to specify which fields can’t be edited by non-admin users, so your data is always consistent and reliable. Required fields also allow admins to capture critical data points for business operations.

Copper's certifications

Copper’s data policies and procedures are externally validated (so you can take more than just our word for it).

SOC 2-Attested Service Provider

System and Organization Controls (SOC) is a series of third-party audits and reports run on a service provider. As a SOC 2 Attested Service Provider, our policies and procedures have been validated by an independent CPA auditing firm that has reviewed our controls around security, availability, and confidentiality to ensure they match or exceed industry-best practices.


The General Data Protection Regulation (GDPR) is a new set of laws that regulate how you access and process the personal data of EU citizens. GDPR affects any company doing business with EU citizens, regardless of their physical location. Copper is GDPR-compliant and has established security controls and secured DPAs from all vendors who touch contact data. Learn more about how we got there.


Copper is TrustArc (formerly TRUSTe) Certified. These privacy certifications outline practices for companies to establish and maintain privacy. They are a Privacy Shield partner.

Privacy Shield-Compliant

The EU-U.S. Privacy Shield Framework was designed to align companies on both sides of the Atlantic along common data protection requirements when transferring personal data. Copper worked with TrustArc to audit our policies and procedures, as well as certify our compliance with this framework.

And that’s all, folks! If you have any questions surrounding data security that weren’t addressed here, don’t hesitate to either reach out—or if you’ve been working with a partner, contact them directly.

Thanks for tuning in!

Try Copper free

Instant activation, no credit card required. Give Copper a try today.

Ideo graphic
Masterclass graphic
Swell graphic
Bubbles graphic
Try Copper free image

Keep Reading

All posts
Arrow pointing to right
Featured image: Copper CRM product principles … 2023 and beyond

6 min READ

Copper CRM product principles … 2023 and beyond

How and why Copper defined our CRM product principles, and why we think they’ll make a difference for our users.

Featured image: An easy way to track your critical workflows

6 min READ

An easy way to track your critical workflows

Building the right pipeline structure in your client relationship system, for sales or non-sales workflows, can help you better manage key processes. Here's how.

Featured image: How to get more leads and hit your sales quota

3 min READ

How to get more leads and hit your sales quota

Skip the looming dread of missing your sales quota with these expert tips on how to get more leads.

Featured image: Case study: SportsDataIO powers a personalized email marketing strategy with Copper X Mailchimp

2 min READ

Case study: SportsDataIO powers a personalized email marketing strategy with Copper X Mailchimp

Fast-growing sports data provider added our Mailchimp integration to Copper CRM to power up their email marketing with personalized newsletters.