Security Policy

At Costory, we prioritize the security of your data. Transparency is a core principle for us, and we aim to be as clear and open as possible about how we manage security. If you have any questions regarding our security practices, please reach out to [email protected], and we will respond promptly. This document outlines the administrative, technical, and physical controls applicable to Costory, including but not limited to our platform and the services running on our infrastructure.

Costory operates on a multi-tenant architecture designed to segregate and restrict access to the data you and your users share via our platform, based on business needs.

Costory’s services are hosted on public cloud infrastructure, leveraging the robust and secure platforms provided by Google Cloud Platform (GCP)​

The complete list of sub processors is available here: https://help.costory.io/en/articles/12067410-subprocessors-list

We conduct regular security assessments through both internal personnel and external security firms. These assessments include periodic and targeted audits of our platform to identify and mitigate vulnerabilities. Automated scanning of our web application is continuously employed to maintain security standards.

Costory aligns with industry best practices and standards. Our cloud providers, GCP, maintain certifications such as ISO 27001 and SOC 2 Type II, ensuring that our infrastructure meets rigorous security requirements​​.

Detailed access logs are maintained and available to our administrators. We log every account sign-in attempt, including the device type and IP address. Administrators can remotely terminate sessions and sign out authenticated devices as needed​.

Customer data is encrypted both in transit and at rest using GCP’s proprietary services. Data retention policies are customizable, allowing for the secure deletion of data based on customer-defined durations​​.

Our network is protected by firewalls configured according to industry best practices. Two-factor authentication (2FA) is enforced for all server access. Automated vulnerability scans are performed on our production environments, with remediation conducted promptly as needed.

All new features and major updates undergo a thorough security review process. Automated and manual code reviews are conducted to ensure the highest security standards are maintained throughout the development lifecycle.

Costory, along with authorized external entities, monitors its platform for unauthorized intrusions. We plan to deploy Google Cloud Armor to bolster our security defenses further​.

Logs from systems and applications accessing customer data are maintained in Google Cloud Storage (GCS) and are backed up regularly. These logs are analyzed for security events using automated monitoring tools. Access to logs is restricted and follows stringent security protocols​​.

Costory maintains a robust incident management policy, which includes procedures for timely notification of impacted customers in the event of a data breach. We are committed to transparency and will provide status updates through appropriate channels during any significant security incidents​.

Data transmitted between Costory and our customers is encrypted using industry-accepted encryption protocols. We closely monitor advancements in cryptographic standards to ensure that our encryption practices are up to date and secure​.

Costory's infrastructure is designed to be fault-tolerant, with automated backups and replication to ensure high availability and quick recovery from potential disasters. We rely on Render and GCP's serverless systems to provide automatic failover and maintain high reliability across our services​.

All employees are required to sign confidentiality agreements and undergo security training as part of their onboarding process. Regular security awareness training is conducted to ensure all personnel are up to date on the latest security practices and policies​.

We utilize Google Workspace for secure employee authentication, including 2FA. Additionally, our infrastructure relies on Clerk for secure management of customer credentials and authentication, ensuring compliance with best practices for login security​.

Customers may request the return of their data within 30 days after contract termination. Data deletion is conducted securely and promptly in accordance with our data retention policy, ensuring that no residual data remains on our production systems after deletion​.

Tanguy Compagnon de la Servette, co-founder and CTO, act as the CISO or DPO. Formal security policies and procedures are in place and enforced.

Our Application is secured using Clerk (https://clerk.com/) which provides state of the art security and is used by leading companies. Clerk provides access logs which are reviewed regularly by our CTO. Most clients chose to use OAuth authentication on Google & Microsoft providers. We also offer passwordless authentication. If Password Auth is chosen, we have configured the strongest password enforcement rule on Clerk. We have in the app an elevated privilege role 'Admin' which is given to the org admin and allows for team member administration.

Our Backend is authenticated by Google Workspace using roles and different level of permissions.

Data is stored on GCS & Regional BQ which offer time travel, delete protection and replication across multiple AZ. Code is fully in Github including Infra layer as IaC (Terraform).

An external pentest will be conducted in 2025 and results will be available for clients requesting.

Yes, upon termination of service, we have a defined process to delete churned client data. This involves securely deleting the client’s data from their dedicated BigQuery datasets and the associated Google Cloud Storage (GCS) bucket. This ensures that all structured and unstructured data tied to the client is permanently removed from our systems.

As we evolve, we plan to formalize this into a documented data deletion policy, with audit logs and retention period controls to further align with regulatory and client expectations.