Private, secure, compliant.
Private, secure, compliant.
Our users trust Collato with sensitive data, and we take that trust seriously. Read on to find out exactly how Collato handles your information.
SOC 2 Certified
Servers hosted in Germany
Your data is never used to train AI
Other AI-based platforms use your data and prompts to train and store information. Collato does not. Your information is never used to train our model, and all data stays yours.
What does this mean for you? It means your confidential documents remain just that—confidential. No other Collato users outside of your organization can see or use your information.
Your data is encrypted
We have implemented strong encryption technologies to protect customer data both at rest and in transit.
We use Transport Layer Security (TLS) >= 1.2, the industry standard for secure communications, to encrypt all data in transit. This means that all data transmitted between our customers and our servers is protected against eavesdropping and tampering, ensuring that it remains private and secure.
We also use Advanced Encryption Standard (AES) 256-GCM, the most secure encryption method currently available, to encrypt all data at rest. This means that all data stored on our servers is protected against unauthorized access, ensuring that it remains confidential and secure.
Our strong encryption in transit and at rest protocols are designed to meet or exceed the highest industry standards, providing our customers with the peace of mind that their data is always protected.
Authentication via OAuth 2.0
Collato employs OAuth 2.0, the industry-standard protocol for secure authorization. This facilitates secure data exchange, leveraging encrypted transactions to shield user information during the authentication process. Rely on a platform fortified with proven security features designed to protect user data effectively.
HTTPS with Strong Ciphers
All of our API traffic uses HTTPS, the industry standard for secure data transfer, in conjunction with industry-standard ciphers, to ensure that all API traffic is secure point-to-point. HTTPS encrypts the data being transferred between systems, making it impossible for third parties to intercept and read the information. By using industry-standard ciphers, we ensure that the encryption methods we use are up-to-date and secure.
SSO available on request
Collato understands the importance of Single Sign-On (SSO) for streamlined access management. We provide SSO integration upon request, ensuring a smooth authentication process for all users.
SOC 2 Type II Compliant
Collato has undergone third-party audits in order to become SOC 2 compliant. External auditors have thoroughly examined our security controls and data handling procedures, and have provided attestation reports without exception. These reports outline our robust Governance, Risk Management, and Compliance (GRC) practices which are continuously tested and monitored.
If you would like to request a copy of our SOC 2 report, please visit our Trust Report.
DPA Complying with GDPR
We understand the complexities of data processing regulations and the importance of compliance for our users. We have made it a priority to comply with regulations such as the GDPR.
A DPA is a legal contract between a data controller and a data processor that sets out the terms and conditions for the processing of personal data. It helps customers comply with data processing regulations by outlining the responsibilities of both parties and providing a clear understanding of how personal data will be handled. Our DPA is designed to help customers comply with data processing regulations by clearly defining the roles and responsibilities of both parties. This includes the protection of personal data, security measures, data breaches, and more. It also provides a clear understanding of the data processing activities and any subprocessors involved.
Certified and Supported by Vanta
Collato uses Vanta, a renowned platform for data and security monitoring, to monitor our compliance. Visit our data and security monitoring page here to learn more about our commitment to protecting your valuable information.
Comprehensive Data Policy
We understand the importance of data privacy. Collato's data policy is elaborated on our website here. Take a look to see how we handle your data securely and responsibly.
Advised by Data Guard
We are regularly advised by a data privacy consultant. You can contact our data protection officer at DataCo GmbH Dachauer Straße 65 80335 Munich Germany.
Servers Hosted in Germany
All personal data is stored in an encrypted way on German servers in Frankfurt am Main, with the strictest security standards in place. Germany has the highest standards of security compliance, ensuring that your data is kept private.
Secure Infrastructure Provider
All data is stored in physically secure AWS facilities that include 24/7 on-site security, camera surveillance, and more. All customer data is hosted in data centers that are SOC 2 Type 2, ISO 27001, and HITRUST compliant.
Data availability and continuity of operations are crucial to us. We have a robust data backup and recovery system that ensures that our users’ data is always safe and accessible. Our data backup and recovery system is regularly tested to ensure that it is working correctly and that we are able to quickly restore data in case of emergency. We also ensure that all backups are encrypted to protect sensitive information.
We regularly assess and audit our infrastructure, including user-facing and backend systems, and internal tooling and resources, using infrastructure configuration scanning to ensure our infrastructure is secure and configured correctly.
Security Incident Reporting
All users are required to report known or suspected security events or incidents, including policy violations and observed security weaknesses. Incidents shall be reported immediately or as soon as possible by sending an email to: firstname.lastname@example.org. In your email, please describe the incident or observation along with any relevant details.