Data Privacy and Security at Copper

At Copper, we strive to make your personal data -- about your leads, customers and the deals -- more relevant, more useful and, ultimately, more profitable to your business. We are also committed to keeping your data private and secure. Moreover, where we use data about you and your usage of the Copper applicable for our business purposes, we strive to do so with full transparency. This page is designed to answer questions we commonly receive from customers about how we protect, store and process your data. If you have questions that aren’t answered here, please contact privacy@copper.com and we will do our best to answer your questions.

Important Links

Copper Privacy Policy
Data Security Webpage
List of Copper Sub-Processors
GDPR Compliance

Frequently Asked Questions - Click a question to see the answer.

What is Copper's approach to information security risk management?

  • At Copper, we have a security program that includes the creation, maintenance, audit and enforcement of security policies and procedures; and designates responsibility and authority over security to dedicated personnel.

What features does Copper have to increase application and user security?

  • Close integration with Google using OAuth which eliminates storing passwords by Copper.
  • User management delegated to account owner(s) in the customer’s organization.
  • Written request required from account owner to change ownership.
  • Session timeouts with lock-out after repeated failed attempts.
  • Annual penetration tests along with regular vulnerability scanning to identify and remediate any application vulnerabilities.

Is Copper compliant with NIST 800-58, NIST 800-171 or FedRamp?

  • At this time, Copper does not meet the specific data security requirements NIST 800-58, NIST 800-171 or FedRamp.

Is Copper SOC 2 compliant?

  • Yes. We completed our SOC 2 audit on 10/19/18. If you need to request a copy of the report, please email privacy@copper.com.

Is Copper HIPAA compliant?

  • Copper does not meet HIPAA's specific data protection requirements, and is not HIPAA compliant at this time. Customers may not store any personal health information in Copper.

How does Copper support uptime and availability?

  • Copper works to maximize uptime and availability of the Copper application through redundancy and hot failover with the use of multiple data-centers and tested disaster recovery plans that utilize backups to restore service.

Is my data backed up?

  • Yes. Copper backs up its customers' data through one or more data storage providers.  For information about Copper's storage of customer data, see our Terms of Service.

Does Copper have two-factor authentication?

  • Yes. Copper supports Google Authentication, Okta and other SAML based two factor authentication login systems.
  • Read about our SAML based SSO here.

Does Copper have an established Information Technology Security and Cyber Risk Policy in place?

  • Yes. Copper has a defined Information Security and Cyber Risk Policy.
  • Copper will make a copy of this policy available to active subscribers upon request, subject to applicable policy requirements.

Does Copper have access to the data that is being stored within Copper instances?

  • By default no. Specific individuals as defined by our Information Security Policy have access to data when supporting customer requests and for explicit purposes only.

Where is customer data stored? 

  • Copper stores all of its data in the United States.

Can I elect to store my data in a country other than the United States?

  • No, Copper is unable to accommodate request to store data in other locations.

Does Copper perform screening of your employees?

  • Hiring practices include criminal background checks, confidentiality agreements, annual security awareness training, and employee performance evaluations.
Was this article helpful? 1 out of 2 found this helpful