At Copper, we are committed to keeping your data private and secure. This page is designed to answer questions we commonly receive from customers about how we protect, store, and process your data. If you have questions that aren’t answered here, please submit a ticket and select 'Security Audit/Questionnaire Request' under 'Request Type'.
Frequently Asked Questions - Click a question to see the answer.
What is Copper's approach to information security risk management?
- At Copper, we have a security program that includes the creation, maintenance and enforcement of security policies and procedures and designates responsibility and authority over security to trained personnel.
What features does Copper have to increase application and user security?
- Close integration with Google using OAuth, which eliminates storing passwords by Copper.
- User management is strictly delegated to only the account owner in the customer’s organization.
- Session timeouts with lock-out after repeated failed attempts.
- Penetration tests along with vulnerability scanning to identify and remediate any application vulnerabilities.
- An annual Google Security Audit to ensure Copper is meeting Google’s security and privacy standards for G Suite integration with Email, Calendar, and Contacts.
- For a description of Copper’s data safeguards, see https://www.copper.com/safeguards.
Is Copper compliant with NIST 800-58, NIST 800-171 or FedRamp?
- At this time, Copper does not meet the specific data security requirements NIST 800-58, NIST 800-171 or FedRamp.
Is Copper HIPAA compliant?
- Copper does not meet HIPAA's specific data protection requirements and is not HIPAA compliant at this time. Customers may not store any personal health information in Copper.
How does Copper support uptime and availability?
- Copper works to maximize uptime and availability of the Copper application through our use of secure Cloud hosting redundancy and tested disaster recovery plans that utilize backups to restore service.
Is my data backed up?
- Yes. Copper backs up its customers' data through one or more data storage providers. For information about Copper's storage of customer data, see our Terms of Service.
Does Copper have two-factor authentication?
- Yes. Copper supports Google Authentication and Okta two-factor authentication login systems.
- Read about our SAML based SSO here.
Does Copper have access to the data that is being stored within Copper instances?
- By default no. Specific individuals as defined by our Information Security Policy have access to data when supporting customer requests and for explicit purposes only.
Where is customer data stored?
- Copper stores all of its data in the United States.
Can I elect to store my data in a country other than the United States?
- No, Copper is unable to accommodate requests to store data in other locations.
Does Copper screen its employees?
- Our hiring practices include criminal background checks, confidentiality agreements, annual security awareness training, and employee performance evaluations.
Does Copper store email contents?
- Copper stores email contents and email attachments that are sent or received between a Copper user and any email address associated with a Person record. When a new Person is added, Copper scans for previous email interactions using that Person record’s associated email address.
- Email contents are stored in order to allow users to access features such as the search function and activity feeds.
How long does Copper store data after an account expires?