Copado Essentials is an approved Salesforce AppExchange Partner. We have gone through a rigorous Salesforce security review process to be listed on the Salesforce AppExchange.

Our application is hosted in the same Amazon data centers that a number of Salesforce instances are hosted. These data centers adhere to industry security best practice and a variety of security compliance standards, including: ISO 27001, PCI DSS Level 1, HIPAA, and SOC 1, 2, and 3.

​Copado Essentials is compliant with ISO 27001 and SOC 2 Type 2, and a third-party audit is conducted annually. Third-party penetration tests are also conducted annually. For further information regarding Copado security and compliance, and to download a copy of our ISO 27001 and SOC 2 Type 2 documents, please visit: https://www.copado.com/security/

Our AWS data center is located in Northern California, USA. Our instances are hosted using AWS virtual private cloud, for which external access is blocked at the network level.

Copado security policies and access controls ensure that access is only granted to authorized staff for the purpose of fulfilling job duties. All policies are reviewed at least annually, and system access is formally reviewed quarterly. Please note that Copado Essentials only works with metadata. We do not store any data records from your Salesforce instance.

End-to-end connections between our AWS servers, Salesforce instances and clients’ browsers are secured over TLS 1.2. Data is encrypted during transit and at rest using industry standard encryption algorithm AES 256.