Arrow pointing to left
All posts

Copper news

How Copper CRM is Keeping Your Data Safe

Copy blog urlTwitter share logoLinkedin share logoEmail to logo
Article featured image

Erin Sumpmann

*We've since moved on from being hosted on AWS to GCP!

Every strong relationship is based on a foundation of trust, and when it comes to data, trust is knowing that anyone handling your data is keeping it secure. We sat down with two of our Copper security experts, Isaac (CISSP, Director of Operations) and Kelly (Chief Technology Officer), to get every detail on how we’re keeping data safe.

Read on, or watch the webinar recording:

What is data security?

Data security is a hot topic today, but what does it really mean and how do SaaS companies like Copper think about it?

Because security is a key priority for Copper, we take a top-down approach. This means that security initiatives are led and championed by our management team, then systematically percolated down to operations staff. Effectively managing security risk means putting in the right governance, the right technology as well as supporting processes and ongoing training.

We’re constantly evaluating our overall security using clear InfoSec policies, training, and third-party penetration and vulnerability scanning. Through the monitoring of critical systems and following up after service incidents, we’re always improving and strengthening our technological detection measures to identify attacks and observe system performance. We’ve also developed and documented a response and recovery plan that activates as soon as evidence of a possible incident occurs.

Copper has three main focuses when it comes to security. We’re going to walk you through each of these in detail in this blog post. We believe a good defensive posture is based on:

  • Prevention - understanding the threat (for example, a hacker) relative to organizational vulnerability
  • Detection - establishing mechanisms to detect an imminent or actual breach
  • Response - establishing a capability that immediately deals with incidents to minimize the loss of any data


We’ve implemented measures to make certain Copper will be accessible and available when you need it.

Secure data centers

We only trust the best of the best to host your data, so all compute and data servers are hosted on Amazon Web Services (AWS) ISO 27001 certified data centers. These are US-based centers using multiple availability zones.

Failover functionality

We designed our CRM to use scalable and reliable architecture models. This decreases the chance for a system failure that prevents customers from accessing their data. We use many identical servers that provide automatic failover to another healthy system and/or data center location.

Continuous backups

If there is an unusual loss of data, some of our databases can be restored from a specific point in time in one minute increments. We and our vendors make regular backups to encryption-enabled AWS S3 buckets that are usually kept for 10 days.

Disaster recovery

In the unlikely event of extended service outages caused by factors beyond our control (e.g., natural disasters or third-party service interruptions), Copper has a plan in place with multiple backups to make sure your CRM access isn’t interrupted.

How we protect your data

Data protection is kept front and center for Copper at all times as we continue to innovate on our CRM software.

Data security training

Copper provides Security Awareness Training for all employees and requires that they review and sign the Employee Code of Conduct that outlines the guidelines for network security and data protection.

Vulnerability testing

We participate in third-party vulnerability scanning and penetration tests to identify, track, and remediate any application vulnerabilities.

Data encryption

Encryption enhances the security of a message or file by scrambling the content. Copper encrypts your data both in transit and at rest, so it’s safe no matter what.

User access management

Employee and vendor access to all customer data is tightly regulated and restricted to a need-to-know basis using role-based access controls.

Two-factor authentication

Copper’s internal instance requires two-factor authentication for any admin access to prevent the wrong person from accidentally accessing data.

Regular data access reviews

Our employee access to resources is regularly evaluated and terminated promptly to make sure we’re always up to date with role changes and employment termination.

Your internal security controls

We’ve built functionality into Copper that allows you to maintain data integrity internally. With team permissions and visibility, you determine which departments and teams see what data and correspondence inside your CRM.

With read-only fields, Copper admins are able to specify which fields can’t be edited by non-admin users, so your data is always consistent and reliable. Required fields also allow admins to capture critical data points for business operations.

Copper's certifications

Copper’s data policies and procedures are externally validated (so you can take more than just our word for it).

SOC 2-Attested Service Provider

System and Organization Controls (SOC) is a series of third-party audits and reports run on a service provider. As a SOC 2 Attested Service Provider, our policies and procedures have been validated by an independent CPA auditing firm that has reviewed our controls around security, availability, and confidentiality to ensure they match or exceed industry-best practices.


The General Data Protection Regulation (GDPR) is a new set of laws that regulate how you access and process the personal data of EU citizens. GDPR affects any company doing business with EU citizens, regardless of their physical location. Copper is GDPR-compliant and has established security controls and secured DPAs from all vendors who touch contact data. Learn more about how we got there.


Copper is TrustArc (formerly TRUSTe) Certified. These privacy certifications outline practices for companies to establish and maintain privacy. They are a Privacy Shield partner.

Privacy Shield-Compliant

The EU-U.S. Privacy Shield Framework was designed to align companies on both sides of the Atlantic along common data protection requirements when transferring personal data. Copper worked with TrustArc to audit our policies and procedures, as well as certify our compliance with this framework.

And that’s all, folks! If you have any questions surrounding data security that weren’t addressed here, don’t hesitate to either reach out—or if you’ve been working with a partner, contact them directly.

Thanks for tuning in!

Try Copper free

Instant activation, no credit card required. Give Copper a try today.

Ideo graphic
Masterclass graphic
Swell graphic
Bubbles graphic
Try Copper free image

Keep Reading

All posts
Arrow pointing to right
Featured image: How to say "thanks" to a client or customer for their business

8 min READ

How to say "thanks" to a client or customer for their business

Send automated and handwritten personalized thank you emails and notes to clients with this step-by-step guide on how to thank customers for their business.

Featured image: Recession-proofing your small business in 6 steps

7 min READ

Recession-proofing your small business in 6 steps

You can take steps to protect your organization from economic issues. Learn how recession proofing helps your small business during difficult times.

Featured image: 15 memorable customer appreciation ideas

7 min READ

15 memorable customer appreciation ideas

Surprise them with an upgrade, shine the spotlight on them, or throw a party. Let’s dive into 15 unique ways to say thanks to your customers. Read more ideas!

Featured image: Top CRM questions to ask your sales rep

5 min READ

Top CRM questions to ask your sales rep

Finding the right CRM platform comes down to asking the right CRM software questions before the purchase. Here’s what to ask.