<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=348068&amp;fmt=gif">
Couchdrop Cloud SFTP logo Couchdrop
Features/Product |
Features
Cloud Storage - SFTP Gateway
Turn Dropbox into a SFTP server. Couchdrop works with your storage

Users and Access Controls
Configure additional users, read only accounts and complex permissions

Developer Friendly
Learn about our API, webhooks and integrations

Virtual Data Room
The data room includes an upload/download portal, secure links and other features
to help clients send you data

Customisable and Enterprise Ready
Dedicated instances, whitelabelling and enterprise security features


Security Center
Security Overview GDPR Compliance HIPAA Compliance Frequently Asked Questions
Pricing |

At Couchdrop we understand that your data is sensitive and valuable and that is why we put data security at the forefront of everything we do.

Here are some of the ways that Couchdrop keeps your data secure.

 

Data encryption

All data that passes between you and Couchdrop is encrypted using industry-standard security protocols.

Couchdrop encrypts all data at rest with AES-256, including databases, document files, backups and logs.

Data is protected in transit using HTTPS with TLS 1.2 and above and SSL via SFTP and FTPS.

Key management 

Couchdrop follows strict and modern key management techniques using 1password and Doppler for password and production key/config management

 

Access control and Infrastructure

Couchdrop's server instances, file storage and databases are provided and hosted by either Digital Ocean or Amazon Web Services.

Digital Ocean and Amazon Web Services have achieved SOC2 (SAS70 Type 2) and ISO 27001 certifications.

Only explicit engineering team members have access to production systems and data. Access is governed by internal security policies and requires CTO approval.


Background verification checks

All new staff undergo police and reference checks prior to being employed. 

 

Confidentiality requirements

All employees are subject to perpetual confidentiality agreements.

Security awareness

All new employees participate in an information security induction and are required to review and sign Couchdrop's information security policies prior to their first day.

New employees also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.

Couchdrop conducts periodic security awareness sessions for all staff annually on selected security and privacy related topics

 

Development process

All changes to the Couchdrop platform go through formal change control procedures. Couchdrop follows a Lean Kanban approach to development ensuring that Couchdrop is constantly delivering value to its customers. 

 

Couchdrop follows OWASP security principles by design and all development is peer reviewed before going through approval gates by a software architect, QA manager and senior management prior to production release.

 

Updates and patches

Couchdrop's web and file servers run the Ubuntu Linux operating system distribution (currently, version 18.04 LTS) which is delivered via Docker containers. 

 

Couchdrop subscribes to the security announcement mailing lists for Linux, Ubuntu and Python, as well as other platform dependencies. Critical security updates are deployed as soon as possible once they are released, this is done by using the automatic package upgrade installation system.

 

Couchdrop utilises Docker Hub's vulnerability scanning platform and Datadog's SCIM platform for security event monitoring.

Request a copy of our security pack

The Couchdrop Security pack contains everything your organisation needs to get started on a security assessment of Couchdrop.

 

contact us

security_whitepaper_screenshot