Enterprise-Grade Security

    Your Data Security is Our Top Priority

    CroPilot employs enterprise-grade security measures to protect your data and your customers' privacy. We are committed to transparency and continuous security improvement.

    GDPR Compliant
    CCPA Compliant
    Encrypted at Rest
    EU Data Processing

    Security Contact

    CROPILOT AS

    Org. nr: 937 028 245

    Elisenbergveien 17, 0265 OSLO, Norway

    security@cropilot.ai

    Security Measures

    Multiple layers of security protection for your data

    End-to-End Encryption

    All data transmitted to and from CroPilot is encrypted using industry-standard TLS 1.3. Data at rest is encrypted using AES-256.

    • TLS 1.3 for data in transit
    • AES-256 encryption for data at rest
    • Encrypted database backups
    • Perfect forward secrecy

    Secure Infrastructure

    CroPilot is hosted on Render.com with enterprise-grade security, high-availability architecture, and automated monitoring.

    • Render.com enterprise cloud hosting
    • DDoS protection included
    • Automatic security updates
    • Geographic redundancy

    Access Controls

    Multi-layered access controls ensure only authorized personnel can access your data, with all access logged and monitored.

    • Role-based access control (RBAC)
    • Multi-factor authentication (MFA)
    • Session timeout policies
    • Team member permissions

    Data Pseudonymization

    Visitor tracking data is pseudonymized by default. We do not collect PII unless you explicitly configure goals to do so.

    • Pseudonymized visitor IDs
    • No PII collection by default
    • Configurable data retention
    • Input masking for sensitive fields

    Backup & Recovery

    Automated daily backups with point-in-time recovery ensure your data is protected, even in disaster scenarios.

    • Daily automated backups
    • Point-in-time recovery (30 days)
    • Geographic backup replication
    • Regular recovery testing

    Security Monitoring

    Continuous monitoring for security threats with automated alerts and regular vulnerability scanning.

    • Real-time security monitoring
    • Dependency vulnerability scanning
    • Automated security alerts
    • Regular security reviews

    Where Your Data Lives

    Transparency about our infrastructure and sub-processors

    ServiceProviderLocation
    Application HostingRender.comUnited States
    DatabaseRender.com PostgreSQLUnited States
    Payment ProcessingPaddle.comUK/EU
    Customer SupportIntercomEU
    Product AnalyticsPostHogEU

    For US-based services, we use Standard Contractual Clauses (SCCs) for data transfers.

    Compliance & Regulations

    Meeting industry standards for data protection

    GDPR

    General Data Protection Regulation (EU)

    Compliant

    Data protection by design, consent management, right to erasure, data portability. DPA available on request.

    CCPA

    California Consumer Privacy Act (US)

    Compliant

    Consumer rights to access, delete, and opt-out of data collection. Privacy policy disclosures.

    Norwegian Privacy Law

    Personopplysningsloven (Norway)

    Compliant

    As a Norwegian company, we comply with Norwegian data protection laws and Datatilsynet regulations.

    Incident Response Protocol

    Our 5-step process for handling security incidents

    1

    Detection & Triage

    Automated monitoring detects potential security incidents. Our team triages within 1 hour during business hours.

    2

    Containment

    Immediate containment measures to prevent spread. Affected systems isolated and secured.

    3

    Investigation

    Analysis to determine root cause, scope, and impact. All actions logged for audit.

    4

    Remediation

    Fix vulnerabilities, restore services, and implement additional safeguards to prevent recurrence.

    5

    Notification

    Affected customers notified within 72 hours per GDPR requirements. Transparent communication about impact.

    Security Best Practices for Customers

    How you can maximize security when using CroPilot

    Enable Multi-Factor Authentication

    Add an extra layer of security to your account with MFA. Available in account settings.

    Use Strong Passwords

    Use unique, complex passwords with at least 12 characters. Consider a password manager.

    Review Team Access Regularly

    Audit team member access quarterly. Remove access for former employees immediately.

    Test Experiments Before Production

    Always test A/B experiments in staging before deploying to production to avoid issues.

    Obtain Visitor Consent

    Ensure you have proper consent to track visitors (GDPR, CCPA). Use cookie consent banners.

    Monitor Account Activity

    Review login history and account activity logs regularly for suspicious behavior.

    Report a Security Vulnerability

    If you discover a security vulnerability in CroPilot, please report it to our security team immediately. We take all reports seriously and will respond within 24 hours.

    Email: security@cropilot.ai

    Response Time: Initial response within 24 hours

    Please do not publicly disclose vulnerabilities until we have had time to investigate and remediate. We commit to transparent communication throughout the process.

    Questions About Security?

    Our team is available to answer questions, provide documentation, or discuss your specific security requirements.

    Security Team: security@cropilot.ai

    Privacy & DPA: privacy@cropilot.ai

    General Support: support@cropilot.ai

    Contact Security Team

    CROPILOT AS • Org. nr: 937 028 245

    Elisenbergveien 17, 0265 OSLO, Norway