CooVexCooVex
← Legal

Data Protection

Last updated: June 26, 2026

🔒
AES-256 Encryption
🛡
TLS 1.2+ In Transit
🇪🇺
GDPR Compliant
🏗
EU Data Centers

Technical Measures

  • Encryption at rest: All data is encrypted using AES-256.
  • Encryption in transit: TLS 1.2 minimum for all data transmission.
  • Database security: Row-Level Security (RLS) via Supabase. Each tenant's data is isolated.
  • Access control: Role-based access control (RBAC). Principle of least privilege enforced.
  • Backups: Daily automated backups retained for 30 days. Point-in-time recovery available.
  • Vulnerability scanning: Regular automated scans and penetration testing.

Organizational Measures

  • Employee background checks and NDA agreements.
  • Security training for all team members.
  • Strict data access logging and auditing.
  • Incident response plan with defined escalation procedures.
  • Vendor risk assessments for all third-party sub-processors.

Infrastructure

CooVex uses Supabase (hosted on AWS with EU-West regions available) for database infrastructure. Our application is hosted on Vercel's global edge network. Both providers are ISO 27001 certified and SOC 2 compliant.

Data Minimization

We collect only the data necessary to provide our service. We do not collect sensitive personal data (health, biometric, racial, religious information).

Reporting a Security Issue

If you discover a security vulnerability, please email security@coovex.com. We have a responsible disclosure policy and will respond within 48 hours.