At Canopy Analytics, we prioritize the security and protection of our data, as well as the data entrusted to us by our valued customers. We understand the importance of maintaining the confidentiality, integrity, and availability of sensitive information. This security information page provides an overview of the measures we have implemented to safeguard our systems and data.

SOC2 Compliance: We are committed to upholding the highest standards of data security and privacy. As part of this commitment, we have initiated the SOC2 compliance process. SOC2 (Service Organization Control 2) is a widely recognized auditing standard that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy. We are in the final stages of this process and anticipate completing a successful audit in the near future.

• Encryption for Customer Data at Rest: We employ industry-standard encryption techniques to protect customer data when it is at rest. This ensures that even if unauthorized access occurs, the data remains encrypted and unreadable without the proper decryption keys.
• Firewall Protection: To safeguard our production application from potential threats, we have implemented a robust firewall configuration. This protective barrier shields our systems from denial of service attacks and prevents unauthorized access attempts. Additionally, it helps mitigate the risk of bot traffic disrupting our services.
• Employee Hard Drive Encryption and Monitoring: To ensure the security of sensitive information stored on our employees' devices, we have made encryption mandatory for all company-provided hard drives. This measure adds an extra layer of protection, particularly in the event of device loss or theft. Furthermore, we actively monitor employee hard drives to promptly identify any suspicious activities and address potential security risks.
• Access Control and Data Privacy: We have established a well-defined and documented process for granting access to resources within our organization. This process ensures that only authorized personnel have access to specific data and systems. Additionally, we strictly adhere to the principle of least privilege, which means employees are granted access to anonymized customer data on a need-to-know basis. This approach minimizes the risk of unauthorized access and ensures the privacy of our customers' information.
• VPN/Private Space implementations: Protect remote machines from unauthorized access via the Internet. Only HTTP/S ports are made publicly available, and there are no web servers listening at those ports.

Continuous Improvement and Commitment: At Canopy Analytics, we recognize that data security is an ongoing process. We remain dedicated to continuously improving our security practices and staying up to date with industry best practices. By regularly monitoring emerging threats and implementing robust security measures, we strive to provide our customers with a secure and reliable platform for their data analytics needs.

If you have any further questions or concerns regarding the security of our systems or the protection of your data, please don't hesitate to contact our dedicated security team at security@canopyanalytics.com.

Note: While every effort has been made to ensure the accuracy and effectiveness of the security measures mentioned above, no system can guarantee absolute security. We work diligently to minimize risks and maintain a strong security posture, but it is important for users to remain vigilant and follow recommended security practices when using our services.

If there are any questions regarding this security policy, you may contact us using the information below.

• By email: support@canopyanalytics.com.
• By phone number: +1 (855) 280-6222.