Cortado Pro
Cortado.
Back to Home

Security at Cortado Pro

Your trust is our top priority. We employ enterprise-grade security measures to protect your business data and customer information.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your sensitive information is never stored in plain text.

Infrastructure Security

Our infrastructure is hosted on Google Cloud Platform with SOC 2 Type II compliance. We use isolated networks, firewalls, and intrusion detection systems.

Access Controls

Role-based access control (RBAC) ensures users only access what they need. All access is logged and monitored for suspicious activity.

Data Backup

Automated daily backups with point-in-time recovery. Data is replicated across multiple geographic regions for disaster recovery.

Authentication

Secure authentication powered by Supabase with support for multi-factor authentication (MFA). Session tokens are securely managed and rotated.

Incident Response

We have a documented incident response plan and security team on call 24/7. Any security incidents are communicated promptly to affected users.

Compliance & Certifications

We maintain industry-leading security standards and compliance certifications to ensure your data is protected.

SOC 2 Type II certified infrastructure
GDPR compliant data handling
PCI DSS compliant payment processing via Stripe
Regular third-party security audits
Vulnerability scanning and penetration testing
Employee background checks and security training

Our Data Practices

Data Minimization

We only collect the data necessary to provide our services. We don't sell your data or use it for advertising purposes. Your business data belongs to you.

Data Retention

We retain your data only as long as your account is active or as needed to provide services. Upon account deletion, we remove your data within 30 days and from backups within 90 days.

Data Portability

You can export your data at any time in standard formats. We believe your data should be accessible and portable, never held hostage.

Subprocessors

We carefully vet all third-party services that process your data. Our key subprocessors include Google Cloud (hosting), Stripe (payments), Supabase (authentication), and Resend (email delivery).

Report a Security Vulnerability

We take security seriously and appreciate responsible disclosure. If you discover a security vulnerability, please report it to our security team.

security@cortado.pro