We take privacy and security very seriously at Coconut. Security is a first class citizen and sits at the core of everything we do. Our success at securing your data is at the core of our business.
Like many successful businesses, we use Amazon Web Service (AWS) to provision our cloud infrastructure. AWS implement best practice state of the art security at the heart of their platform services and data centres. More information on this and certifications can be found at the following links:
- We have automated systems in place that monitor the versions and vulnerabilities in all the projects that power Coconut.
- Our database is configured to be encrypted at rest and uses a rotatable key.
- We only use HTTPS so that all traffic is secured.
- We require two factor authentication for user account protection.
- We have third party penetration tests performed regularly.
- We run continous security vulnerability scanners so we are able to react to new threats very quickly.
- Our app only trusts our own servers.
- We use strong password hashing techniques using bcrypt.
- We regularly back up our customers’ data in the event of failures.
All servers and databases are firewalled to permit the minimum traffic necessary to run the service. Access to administration tooling used by Coconut staff requires authentication, and is only accessible from a restricted set of IP addresses.
We use HTTPS (256-bit TLS). This is designed to prevent third parties from seeing sensitive information you are sending to/receiving from Coconut.
Employee Access and Security
We manage separate environments for development, UAT and live infrastructure and employees can only access these environments on a needs basis only with only a few individuals having access to live.
Coconut Support staff have access to some customer data via our internal dashboard in order to be able to service customers effectively and protect customer data.
The job of security is never done. Coconut use proactive monitoring tools to stay ahead of the latest threats and vulnerabilities. We strive to use best practices at all times and will continue to improve everything we do relating to security and privacy.
To find out about how your money is protected, check this out here.