Security at Codnov
Enterprise-grade security is built into everything we do. Your data, your intellectual property, and your operations are protected at every layer.
End-to-End Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API communication uses HTTPS exclusively with certificate pinning.
Role-Based Access Control
Granular permissions ensure team members only access what they need. Admin, staff, and client roles are strictly separated.
Audit Logging
Every action is logged with timestamps, user IDs, and IP addresses. Audit trails are immutable and retained for compliance.
Infrastructure Isolation
Each client environment runs in isolated infrastructure. No shared databases, no shared compute, no cross-tenant data access.
SOC 2 Aligned
Our security practices are aligned with SOC 2 Type II requirements. We follow the Trust Services Criteria for security, availability, and confidentiality.
Vulnerability Management
Automated dependency scanning, regular penetration testing, and a responsible disclosure policy. Security patches are deployed within 24 hours.
Organizational policies
Security is a company-wide practice, not just a technical feature.
All employees complete security awareness training annually
Access to production systems requires multi-factor authentication
Code changes require peer review before deployment
Incident response plan tested quarterly with tabletop exercises
Data retention policies aligned with client contracts and regulations
Subprocessors are evaluated against our security requirements
Report a vulnerability
Found a security issue? We take all reports seriously. Please email us directly and we'll respond within 24 hours.