SOC 2 Type II · GDPR-ready · CCPA compliant

Built for trust,
from the ground up

Your business data, VA access, and AI interactions are protected by enterprise-grade security. Here's exactly how.

Request a DPAContact security team

Our security pillars

Your data

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We never use your business data to train AI models. You can request full deletion at any time.

AI models

We use Anthropic Claude for task summarisation and email triage. Model inputs are not logged by default. Zero-retention agreements are in place with all AI providers.

Your VA

Every VA passes a 3-stage background check, signs an NDA, and operates under a code of conduct. Access is scoped to the tools you explicitly connect — nothing more.

Infrastructure

Hosted on AWS us-east-1 with multi-AZ redundancy. Supabase Postgres with point-in-time recovery. Vercel edge network for API routes. 99.9% uptime SLA.

Sub-processors

We use the following third-party services to deliver Coop. All are bound by data processing agreements.

Provider
Purpose
Country
AWS
Cloud infrastructure & storage
USA
Anthropic
AI task assistance
USA
OpenAI
Fallback AI model
USA
Google Cloud
Gmail integration & OAuth
USA
Stripe
Payment processing
USA
WorkOS
SSO & enterprise auth
USA
Datadog
Infrastructure monitoring
USA
Sentry
Error tracking
USA
Twilio
SMS notifications
USA
Resend
Transactional email
USA
Incident response

What happens when something goes wrong

Step 1
Detect
Automated alerts via Datadog + Sentry. On-call engineer paged within 5 min.
Step 2
Contain
Affected systems isolated. Access logs reviewed. Customer data quarantined if needed.
Step 3
Notify
Customers notified within 72 hours. Status page updated in real time at status.coop.work.

Security FAQ

Where is my data stored?
All data is stored in AWS us-east-1 (N. Virginia). We do not replicate data outside the United States without explicit consent.
Who can see my workspace data?
Only your workspace members and your assigned Coop VA can access your workspace. Coop staff access data only when you open a support ticket.
How do I revoke VA access?
You can disconnect integrations and end an assignment from your workspace settings at any time. Access is revoked immediately.
Do you have a data processing agreement (DPA)?
Yes. Request our standard DPA from support@mycoop.ai. Enterprise customers can negotiate custom terms.
How are security incidents handled?
We notify affected customers within 72 hours of a confirmed breach, as required by applicable law. See our incident response runbook below.
Questions about security?
Email us at support@mycoop.ai — we respond within one business day.
Talk to our team