Introducing the Coconut Downloads Center.
Coconut

Security at Coconut.

Security is built into how we design, develop, and operate our platform. We know our customers trust us with sensitive business data, and we take that responsibility seriously.

Architecture

Defense-in-depth

Rather than relying on any single control, we use multiple complementary safeguards to reduce risk, limit the impact of threats, and strengthen resilience across our platform.

Infrastructure

Segmented environments, encrypted backups, automated compliance

Application

Secure coding, peer review, automated testing, dependency management

Identity

RBAC, MFA, least privilege, centralized identity management

Data

AES-256 at rest, TLS 1.2+ in transit, managed key rotation

Engineering

Secure by design

Security is embedded throughout our product lifecycle, from architecture and development to deployment and support.

Threat modeling for new features
Secure coding practices
Peer-reviewed code changes
Automated security testing
Dependency and vulnerability management

Infrastructure

Cloud infrastructure

Hosted on Amazon Web Services (AWS), leveraging enterprise-grade infrastructure security.

  • Segmented environments
  • Infrastructure-as-Code
  • Network isolation
  • Continuous monitoring
  • Encrypted backups
  • Automated compliance checks

Data protection

Encryption

Strong encryption everywhere

  • TLS 1.2+ for data in transit
  • AES-256 encryption at rest
  • Managed secrets and key rotation

Access control

Tightly controlled access

  • Role-Based Access Control (RBAC)
  • Multi-factor authentication (MFA)
  • Least privilege principles
  • Centralized identity management
  • Audit logging for privileged actions
  • Regular access reviews

Monitoring

Active threat detection

  • Continuous infrastructure monitoring
  • Vulnerability scanning
  • Security event logging
  • Incident response procedures
  • Business continuity planning

Assurance

Continuous assurance

Coconut carries out continuous assurance through periodic exercises and automated compliance monitoring.

  • Secure vendor management
  • Regular penetration testing
  • Internal security reviews

Security documentation and assurance artifacts can be provided to customers under NDA where appropriate.

Training

Security education

All employees

Comprehensive security training on onboarding and annually, plus regular threat briefings from the security team.

Engineers

Dedicated live onboarding sessions focused on secure coding principles and practices.

Disclosure

Responsible disclosure

We welcome reports from security researchers and customers. If you believe you've discovered a security issue, please contact us. We will investigate all legitimate reports promptly.

Privacy

Customer data remains customer data.

We do not sell customer data, and we apply strict controls over how data is accessed, processed, and retained.

Questions about security?

We're happy to walk through our security practices, share documentation, or answer specific questions from your team.