Security at Codat

Welcome to Codat’s Trust Portal

We take the responsibility of looking after your data very seriously. On this page, you’ll find everything related to Codat’s security, compliance, and privacy policies. Please reach out to your Account Manager if you have any questions.


Codat’s Security Compliance program is built and continually improved in line with industry-recognized and SOC2 TSP and ISO27001 standards. We undergo audits every year for both of these. If you’d like to see our latest SOC 2 Type II, just ask your Account Manager.

Application and data security

Attack prevention

To defend against attacks, Codat has a Web Application Firewall in place.

Bug bounty and penetration testing

Codat conducts annual penetration testing and operates a managed private bug bounty program.

Data encryption

When your data is in storage, it is encrypted using Advanced Encryption Standards (AES-256). When on the move, your data is encrypted via industry best practices using Transport Layer Security (TLS 1.2).

User access

Codat employees will not have access to your Codat Portal instance unless you explicitly grant permission. You will retain full control over user access at all times, including privileged administrative rights.

Cloud infrastructure

Shared responsibility model

Codat uses Microsoft Azure’s Platform as a Service (PaaS) offering to provide its products. This means that Azure is responsible for the patching and maintenance of the operating system, in addition to the physical data centers and network security.


Azure regularly undergoes independent verification of security, compliance, and privacy controls against both ISO27001 and SOC2 standards, as well as many more. More information on Azure’s security can be found here.

Endpoint devices

Anti-virus & malware protection

All Codat devices are fully covered by our endpoint detection and response system.

Mobile device management

Devices are fully managed, including patch management, security policies, and other best practices where applicable.

Our people

Employee lifecycle

Codat’s onboarding process involves comprehensive interviewing of candidates, background screening, and a structured onboarding period. Exiting employees have their access to Codat systems terminated within one business day.


All Codat employees undergo security training when they start with us, and then at least annually thereafter. We also conduct regular in-house phishing campaigns and ad hoc training.

We encourage responsible disclosure

If you discover vulnerabilities in our web application, or in our APIs, we ask that you alert our team by completing the form below.