Question 1

Is CoffeePals SOC 2 compliant?

Accepted Answer

Yes. CoffeePals is SOC 2 Type 2 compliant. Our most recent report is available under NDA — request it from your account team or via support@coffeepals.com.

Question 2

Where is CoffeePals data stored?

Accepted Answer

CoffeePals data is hosted on AWS in the United States. We follow least-privilege access controls, encrypt data at rest and in transit, and back up daily.

Question 3

Does CoffeePals support SSO?

Accepted Answer

Yes. SSO via Microsoft Azure (Entra ID) is included on the Enterprise plan. SAML 2.0 is also supported. Reach out to support@coffeepals.com to enable SSO for your workspace.

Question 4

Is CoffeePals GDPR compliant?

Accepted Answer

Yes. We act as a data processor for our customers and have a published Data Processing Addendum. We honour data subject access, deletion, and portability requests. See our /gdpr page for the full breakdown.

Question 5

Does CoffeePals get certified by Microsoft?

Accepted Answer

Yes. CoffeePals is Microsoft 365 Certified, which means our app, data handling, and security controls have been independently reviewed by Microsoft. The certification is renewed annually.

Question 6

How does CoffeePals handle subprocessors?

Accepted Answer

Every subprocessor we use is published at /subprocessors. We notify customers of changes in advance and require all subprocessors to meet equivalent security standards.

Question 7

Can I get a copy of CoffeePals’ security questionnaire?

Accepted Answer

Yes. Enterprise customers receive completed CAIQ and SIG-Lite security questionnaires on request. Contact support@coffeepals.com to start the security review.

Enterprise-grade security,
built in from day one.

How we protect your data

Data Encryption

Limited Data Access

Cloud Infrastructure

Access Control

Secure Development

Incident Response

Vendor Management

SSO & Authentication

Need more detail?

Enterprise-grade security,built in from day one.