Product Security

Your data is never used to train AI

Other AI-based platforms use your data and prompts to train and store information. Collato does not. Your information is never used to train our model, and all data stays yours.

What does this mean for you? It means your confidential documents remain just that—confidential. No other Collato users outside of your organization can see or use your information.

Your data is encrypted

We have implemented strong encryption technologies to protect customer data both at rest and in transit.

We use Transport Layer Security (TLS) >= 1.2, the industry standard for secure communications, to encrypt all data in transit. This means that all data transmitted between our customers and our servers is protected against eavesdropping and tampering, ensuring that it remains private and secure.

We also use Advanced Encryption Standard (AES) 256-GCM, the most secure encryption method currently available, to encrypt all data at rest. This means that all data stored on our servers is protected against unauthorized access, ensuring that it remains confidential and secure.

Our strong encryption in transit and at rest protocols are designed to meet or exceed the highest industry standards, providing our customers with the peace of mind that their data is always protected.

Authentication via OAuth 2.0

Collato employs OAuth 2.0, the industry-standard protocol for secure authorization. This facilitates secure data exchange, leveraging encrypted transactions to shield user information during the authentication process. Rely on a platform fortified with proven security features designed to protect user data effectively.

HTTPS with Strong Ciphers

All of our API traffic uses HTTPS, the industry standard for secure data transfer, in conjunction with industry-standard ciphers, to ensure that all API traffic is secure point-to-point. HTTPS encrypts the data being transferred between systems, making it impossible for third parties to intercept and read the information. By using industry-standard ciphers, we ensure that the encryption methods we use are up-to-date and secure.

SSO available on request

Collato understands the importance of Single Sign-On (SSO) for streamlined access management. We provide SSO integration upon request, ensuring a  smooth authentication process for all users.

Compliance

SOC 2 Type II Compliant

Collato has undergone third-party audits in order to become SOC 2 compliant. External auditors have thoroughly examined our security controls and data handling procedures, and have provided attestation reports without exception. These reports outline our robust Governance, Risk Management, and Compliance (GRC) practices which are continuously tested and monitored.

If you would like to request a copy of our SOC 2 report, please visit our Trust Report.

DPA Complying with GDPR

We understand the complexities of data processing regulations and the importance of compliance for our users. We have made it a priority to comply with regulations such as the GDPR.

A DPA is a legal contract between a data controller and a data processor that sets out the terms and conditions for the processing of personal data. It helps customers comply with data processing regulations by outlining the responsibilities of both parties and providing a clear understanding of how personal data will be handled. Our DPA is designed to help customers comply with data processing regulations by clearly defining the roles and responsibilities of both parties. This includes the protection of personal data, security measures, data breaches, and more. It also provides a clear understanding of the data processing activities and any subprocessors involved.

Certified and Supported by Vanta

Collato uses Vanta, a renowned platform for data and security monitoring, to monitor our compliance. Visit our data and security monitoring page here to learn more about our commitment to protecting your valuable information.

Comprehensive Data Policy

We understand the importance of data privacy. Collato's data policy is elaborated on our website here. Take a look to see how we handle your data securely and responsibly.

Advised by Data Guard

We are regularly advised by a data privacy consultant. You can contact our data protection officer at DataCo GmbH Dachauer Straße 65 80335 Munich Germany.

Infrastructure Security

Servers Hosted in Germany

All personal data is stored in an encrypted way on German servers in Frankfurt am Main, with the strictest security standards in place. Germany has the highest standards of security compliance, ensuring that your data is kept private.

Secure Infrastructure Provider

All data is stored in physically secure AWS facilities that include 24/7 on-site security, camera surveillance, and more. All customer data is hosted in data centers that are SOC 2 Type 2, ISO 27001, and HITRUST compliant.

Continuous Backups

Data availability and continuity of operations are crucial to us. We have a robust data backup and recovery system that ensures that our users’ data is always safe and accessible. Our data backup and recovery system is regularly tested to ensure that it is working correctly and that we are able to quickly restore data in case of emergency. We also ensure that all backups are encrypted to protect sensitive information.

Infrastructure Scanning

We regularly assess and audit our infrastructure, including user-facing and backend systems, and internal tooling and resources, using infrastructure configuration scanning to ensure our infrastructure is secure and configured correctly.

Security Incident Reporting

All users are required to report known or suspected security events or incidents, including policy violations and observed security weaknesses. Incidents shall be reported immediately or as soon as possible by sending an email to: support@collato.com. In your email, please describe the incident or observation along with any relevant details.