CoffeePals prioritizes Security,
SOC2 Type 2 Compliant

We understand that security is top of mind for you. We're committed to data security and privacy processes in order to ensure CoffeePals keeps any and all customer information secure and protected.

CoffeePals undergoes an annual SOC2 Type 2 audit to ensure compliance. Additionally, we are audited annually by Microsoft as part of the Microsoft 365 App Compliance Program.

We've selected cloud vendors that are SOC2 Type I, Type II, ISO27001 and PCI-DSS compliant. We operate an information security and risk management program.

Soc2 Type 2 Compliance BadgeMicrosoft 365 Compliance Badge

Teams Messages Access

CoffeePals has limited access to the messages within Microsoft Teams. This is a function of the security features that Microsoft implements within their bot SDK.

Physical and Network Security

CoffeePals is hosted on Heroku (owned by Salesforce) which employs strict security measures.

Application Security

CoffeePals is built with security in mind. These are some of our key practices in security.

Operational Security

These are some of our key operational security practices.

We can share more information about our practices and policies under NDA. To understand how we handle data, read our Privacy Policy and Terms of Service. If you have specific enquiries or vulnerability disclosures, please email