Access our Trust Center and download our compliance pack
You can visit our Trust Center for detailed information on our security posture.
.svg){kind=logo}
Platform
Pricing
Login
Platform
Couchdrop SFTP
SFTP built for the cloud
Couchdrop Automate
File automation and workflows to simplify backend file transfers
Couchdrop Inboxes
Simple and secure file retrieval and sharing
Security Center
Info Center
Platform:
SFTP built for the cloud
File automation and workflows to simplify backend file transfers
Simple and secure file retrieval and sharing
Security Center:
Info Center:
Getting Started:
At Couchdrop we understand that your data is sensitive and valuable and that is why we put data security at the forefront of everything we do.
Here are some of the ways that Couchdrop keeps your data secure.
Couchdrop SFTP
Couchdrop is the SFTP and MFT platform for the cloud that is trusted by compliance based organization's globally.
Movebot
Movebot makes data migrations frictionless and is built on Couchdrop's cloud technology. Movebot supports MSPs and enterprises with their migration projects.
Data encryption
All data that passes between you and Couchdrop is encrypted using industry-standard security protocols.
Couchdrop encrypts all data at rest with AES-256, including databases, document files, backups and logs.
Data is protected in transit using HTTPS with TLS 1.2 and above and SSL via SFTP and FTPS.
Key management
Couchdrop follows strict and modern key management techniques using 1password and Doppler for password and production key/config management
Access control and Infrastructure
Couchdrop's server instances, file storage and databases are provided and hosted by either Digital Ocean or Amazon Web Services.
Digital Ocean and Amazon Web Services have achieved SOC2 (SAS70 Type 2) and ISO 27001 certifications.
Only explicit engineering team members have access to production systems and data. Any access is governed by internal security policies and requires CTO approval. You as a customer have the ability to disable Couchdrop access to your account through the product.
Background verification checks
All new staff undergo police and reference checks prior to being employed.
Confidentiality requirements
All employees are subject to perpetual confidentiality agreements.
Security awareness
All new employees participate in an information security induction and are required to review and sign Couchdrop's information security policies prior to their first day.
New employees also participate in an online security awareness training program as part of their onboarding and receive refresher training annually thereafter.
Couchdrop conducts periodic security awareness sessions for all staff annually on selected security and privacy related topics
Development process
All changes to the Couchdrop platform go through formal change control procedures. Couchdrop follows a Lean Kanban approach to development ensuring that Couchdrop is constantly delivering value to its customers.
Couchdrop follows OWASP security principles by design and all development is peer reviewed before going through approval gates by a software architect, QA manager and senior management prior to production release.
Updates and patches
Couchdrop's web and file servers run the Ubuntu Linux operating system distribution (currently, version 18.04 LTS) which is delivered via Docker containers.
Couchdrop subscribes to the security announcement mailing lists for Linux, Ubuntu and Python, as well as other platform dependencies. Critical security updates are deployed as soon as possible once they are released, this is done by using the automatic package upgrade installation system.
Couchdrop utilises Docker Hub's vulnerability scanning platform and Datadog's SCIM platform for security event monitoring.
Security and Compliance Certifications
. 
