All Column data is encrypted in transit and at rest, with its SSL transport receiving a grade A+ rating from Qualys. Additionally, Column applies strict row-level and file-level permissioning to ensure that users cannot access sensitive data outside of their organizations.
Column is entirely hosted on Google Cloud Platform, a best-in-class infrastructure as a service provider. Column’s authentication, database and file storage mechanisms are ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2 and SOC 3 compliant.
All financial transactions facilitated by Column have detailed time-stamped audit-logs. Column is PCI compliant. All card numbers and bank accounts are stored by Stripe, a PCI Service Provider Level 1, the highest available security certification in the payments industry.
Access to Column production data is heavily restricted within Column and only accessible via SSO login. Additionally, all Column employees sign nondisclosure agreements restricting them from sharing any information learned while handling client data.