Security

ColonyCore is built with security best practices so teams can adopt self-serve without a sales or security review call.

Security practices

In transit: Encrypted over HTTPS/TLS.
At rest: Encryption where supported by our infrastructure and storage providers.

Network controls: Segmentation and firewalling where supported by the hosting environment.
Access controls: Least-privilege access for administrative systems.
Hardening: Regular dependency and platform updates.

Backups: Designed to support recovery from mistakes or outages.
Recovery: Recovery objectives depend on the underlying infrastructure and incident type.

Monitoring: Service health and error monitoring.
Logging: Operational logs for troubleshooting and security review.
Incident response: We investigate and remediate issues as quickly as possible.

We aim to support common privacy expectations (access, deletion, and data handling requests) and will work with customers on reasonable requests.

If you need a DPA, subprocessor details, or a security questionnaire, contact support and we’ll provide what we can.

We do not claim certifications on this page unless we can provide supporting documentation.

If you have regulated requirements, contact us so we can confirm fit before you rely on ColonyCore for a specific compliance program.

We aim to collect and retain only what’s needed to provide and improve the service.

We keep this page intentionally conservative to avoid promises we can’t operationalize.

ColonyCore is a custodian of your data. You retain ownership and control.

See our Privacy Policy for details on data handling and tracking.

We use third-party providers to deliver the service (e.g., hosting, email, analytics). If you need a current subprocessor list, contact support.

We aim for reliable uptime, but the service may be interrupted at times. Terms of Service governs any availability commitments.

If you need a DPA, security questionnaire, or have security/privacy questions, contact support.