Security Policy

EFFECTIVE DATE: October 25, 2018


At Canopy we take the protection of customer data extremely seriously. This Canopy Security Policy describes the organizational and technical measures Canopy implements platform wide designed to prevent unauthorized access, use, alteration or disclosure of customer data. The Canopy services operate on Amazon Web Services (“AWS”); this policy describes activities of Canopy within its instance on AWS unless otherwise specified.

Security Team

Our infrastructure and security team includes people who’ve played lead roles in designing, building, and operating highly secure Internet facing systems at companies ranging from startups to mature software providers.

Best Practices

Incident Response Plan



Data Transfer


Permissions and Admin Controls

Application Monitoring

Security Audits and Certifications

Payment Processing

All payment instrument processing for purchase of the Canopy services is performed by Stripe. For more information on Stripe’s security practices, please see

Customer Responsibilities