Cophi protects your data with industry-leading standards.
We’re committed to transparency and continuous improvement when it comes to information security.
Your insights are safe with us.
Cophi is designed with data privacy and organisational trust at its core — from encryption to responsible data access.
Fully GDPR Compliant
All data is securely stored and processed within the EEA, with encryption both in transit and at rest.
Access Control & SSO
Enterprise-level access via Single Sign-On and user-level control ensures your teams stay secure.
Ongoing Monitoring
We continuously test, assess, and evolve our platform’s security posture through audits and external penetration testing.
Our Commitment to Data Protection
GDPR Compliance
We comply with the General Data Protection Regulation (GDPR), ensuring transparency, accountability, and control for all users regarding their personal data.
Key aspects of our compliance include:
Lawful Basis for Data Processing: We collect and process personal data only when necessary and under a lawful basis, such as contract fulfillment or user consent.
User Rights: We support data subjects in exercising their rights, including access, rectification, erasure, portability, and objection to data processing.
Data Minimization: We collect only the data necessary for the purposes outlined, avoiding unnecessary or excessive information gathering.
Retention and Deletion Policies: Personal data is retained only as long as necessary, and deletion requests are honored in accordance with GDPR guidelines.
Security Best Practices
We follow a robust set of controls aligned with industry best practices, including:
Data Encryption: We use encryption in transit (TLS) and at rest to protect sensitive data.
Access Control: Role-based access ensures that only authorized personnel can view or manage customer data.
Regular Security Assessments: Our systems undergo routine vulnerability scanning and internal audits.
Secure Development: We integrate secure coding practices throughout our software development lifecycle.
Incident Response Plan: We maintain a clear and tested protocol for identifying, responding to, and notifying customers in the event of a data incident.
Your Data, Your Control
We believe in empowering our customers with visibility and control over their data. You can trust that your information is handled with care and integrity and if you need further information about any of your data or for data access, requests or privacy-related inquiries, please contact our Data Protection Officer (DPO) at info@cophi.io
Our Data Processing Agreement is available at
https://www.cophi.io/dpa-july2025