Security at Column

Nowhere is trust more important than in data security. It’s something we take incredibly seriously, and we’re proud to share the measures that we take to keep your sensitive information safe.

Application Security

All Column data is encrypted in transit and at rest, with its SSL transport receiving a grade A+ rating from Qualys. Additionally, Column applies strict row-level and file-level permissioning to ensure that users cannot access sensitive data outside of their organizations.

Infrastructure Security

Column is entirely hosted on Google Cloud Platform, a best-in-class infrastructure as a service provider. Column’s authentication, database and file storage mechanisms are ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2 and SOC 3 compliant.


All financial transactions facilitated by Column have detailed time-stamped audit-logs. Column is PCI compliant. All card numbers and bank accounts are stored by Stripe, a PCI Service Provider Level 1, the highest available security certification in the payments industry.

Internal Access Controls

Access to Column production data is heavily restricted within Column and only accessible via SSO login. Additionally, all Column employees sign nondisclosure agreements restricting them from sharing any information learned while handling client data.