> For the complete documentation index, see [llms.txt](https://docs.coupler.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.coupler.io/help-and-support/security-and-privacy/gdpr-and-security-compliance.md).

# GDPR and Security Compliance

#### How does Coupler.io operate in terms of security? <a href="#how-does-couplerio-operate-in-terms-of-security-wdmll" id="how-does-couplerio-operate-in-terms-of-security-wdmll"></a>

* Our product is designed to store data for a period of time required to provide users with stable integrations with different applications in a secure and encrypted state, prioritizing the protection of sensitive information. With robust encryption protocols in place, we ensure that your data remains confidential and its integrity remains intact.&#x20;
* Coupler.io securely encrypts importer settings and credentials provided by users when setting up an importer.
* User data is automatically deleted within 7 days upon a user's request for account deletion. Users can also request full data deletion earlier by contacting our support team.

As for **infrastructure security**:

* All HTTP requests forcefully require SSL connections.
* We are also using the Heroku cloud provider with automatic data backup and failover handling.

#### Which data does Coupler.io collect, and how is my data security guaranteed? <a href="#which-data-does-couplerio-collect-and-how-my-data-security-is-guaran-uo8si" id="which-data-does-couplerio-collect-and-how-my-data-security-is-guaran-uo8si"></a>

To review information about collected data, data security, and data retention measures at Coupler.io, please read our [Privacy Policy](https://www.coupler.io/privacy-policy).

#### Does Coupler.io have an Information security policy that is updated annually? <a href="#does-couplerio-have-an-information-security-policy-that-is-updated-an-o6jkl" id="does-couplerio-have-an-information-security-policy-that-is-updated-an-o6jkl"></a>

We take all the needed measures, keep our technical stack up to date, monitor all vulnerabilities, and apply changes. We have internal rules and processes in place for managing the security of our product, which is regularly monitored and maintained. At the same time, we don't have this document publicly available.

#### What kind of security attestation does Coupler.io have? <a href="#what-kind-of-security-attestation-does-couplerio-have-example-soc2-t0kji" id="what-kind-of-security-attestation-does-couplerio-have-example-soc2-t0kji"></a>

Coupler.io is SOC 2 Type II certified, and our infrastructure is hosted on Google Cloud, which complies with multiple security standards and certifications, including SOC 2 Type II, ISO/IEC 27001, HIPAA/HITECH, FedRAMP, GDPR, and many others.

#### Does Coupler.io provide a guarantee for availability? Are your organization's contractual terms consistently met or exceeded? <a href="#does-couplerio-provide-a-guarantee-for-availability-are-your-organi-bsiok" id="does-couplerio-provide-a-guarantee-for-availability-are-your-organi-bsiok"></a>

We provide all guarantees that are stated in the [Coupler.io Terms of Use](https://www.coupler.io/terms-of-use).

#### Does Coupler.io provide Security Awareness Training to its employees? <a href="#does-couplerio-provide-security-awareness-training-to-its-employees-afgma" id="does-couplerio-provide-security-awareness-training-to-its-employees-afgma"></a>

Our team stays up to date with actual security measures, but we don't organize official training.

#### Is there a non-disclosure agreement in place between parties? <a href="#is-there-a-non-disclosure-agreement-in-place-between-parties-bzcdz" id="is-there-a-non-disclosure-agreement-in-place-between-parties-bzcdz"></a>

* We have an NDA signed between all our employees and contractors.&#x20;
* Our [Privacy Policy](https://www.coupler.io/privacy-policy) states the use of customers' information.&#x20;
* We can sign an additional NDA upon request between Coupler.io and its customer.

#### Is there a business continuity plan in place? Is your business continuity plan updated at least annually? <a href="#is-there-a-business-continuity-plan-in-place-is-your-business-continu-ztomd" id="is-there-a-business-continuity-plan-in-place-is-your-business-continu-ztomd"></a>

Our business and product are stable. We don't share our business continuity plan publicly; however, we’ve taken all the measures required for technical product stability:&#x20;

* &#x20; regular data backups&#x20;
* &#x20; product monitoring&#x20;
* &#x20; failover systems&#x20;

Our team processes are also built in a way to ensure our business continuity regardless of incidents, such as:

* a distributed product team
* polished remote work processes

#### Does your platform use AI or machine learning?

Coupler.io does not use customer data to train internal AI or machine learning models.

Our platform may act as a secure intermediary to transfer your data to third-party AI tools for analysis. In such cases, data is transmitted strictly for query execution and is not retained or used for model training by Coupler.io.

#### Where is customer data hosted and processed?

Customer data is primarily hosted and processed in the United States using Google Cloud Platform (GCP). At this time, localized data residency options in the EU or UK are not available. To ensure compliance with GDPR, Coupler.io relies on its Data Processing Agreement (DPA), which incorporates Standard Contractual Clauses (SCCs) and the UK Addendum.

You can find more details here:

* <https://www.coupler.io/dpa>
* <https://www.coupler.io/security>

#### How is my data kept secure when using AI Agent?

Coupler.io protects your data at every step. We're SOC 2 certified and GDPR, HIPAA, and DORA compliant.

You control exactly what data the AI Agent can access: only filtered, approved by you data is analyzed. When you talk with your data, the AI Agent only accesses it after you send a prompt.

The AI system that powers AI Agent by Coupler.io never connects directly to your apps; it works only with sample rows and aggregated data through Coupler.io's secure layer.

Your data and conversations are never used to train the AI model that powers AI Agent by Coupler.io.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.coupler.io/help-and-support/security-and-privacy/gdpr-and-security-compliance.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
