Security Measures

Last Updated: February 15, 2026

ColdCheck, Inc. ("ColdCheck") maintains administrative, physical, and technical safeguards designed to protect Customer Data and End User Data against unauthorized access, use, alteration, or disclosure. These measures are aligned with industry practices and relevant privacy laws, including the General Data Protection Regulation (GDPR) and applicable U.S. state privacy regulations.

We regularly review and update these safeguards to address emerging threats and to maintain the security and integrity of the Services.

1. Physical Security

  • Customer Data is hosted on Google Cloud Platform (GCP), which provides secure data centers with controlled access, 24/7 monitoring, environmental controls, and redundancy.
  • Only authorized personnel from GCP can physically access ColdCheck's infrastructure. ColdCheck personnel do not have physical access to servers.

2. Network Security

  • All data in transit between Customers and ColdCheck is encrypted using TLS (SSL).
  • Google Cloud provides firewall protections, DDoS mitigation, and continuous monitoring for intrusion attempts.
  • ColdCheck monitors system health and access logs for anomalies.

3. Application Security

  • Access to the Services is controlled through role-based access controls and authentication requirements.
  • ColdCheck enforces audit logging and periodic internal reviews of security-relevant events.
  • Input validation, code reviews, and vulnerability scanning are conducted to reduce application-level risks.

4. Data Security

  • Customer Data stored by ColdCheck is encrypted at rest using AES-256 (via Google Cloud defaults).
  • Access to Customer Data is limited to authorized personnel who require such access for support or operational purposes.
  • ColdCheck follows the principle of least privilege to minimize exposure of sensitive data.

5. Incident Response

  • ColdCheck maintains a security incident and breach response plan, including notification procedures consistent with GDPR and U.S. state breach laws.
  • In the event of a confirmed data breach affecting Customer Data, ColdCheck will notify affected Customers without undue delay.

6. Business Continuity and Disaster Recovery

  • Services rely on Google Cloud redundancy across multiple availability zones.
  • Backups and recovery protocols are in place to maintain service availability in case of infrastructure failure.

7. Personnel Security

  • ColdCheck employees with access to Customer Data must sign confidentiality agreements.
  • Employees undergo security and privacy awareness training.
  • Access to production systems is restricted to a limited number of authorized employees.

8. Customer Responsibilities

While ColdCheck provides these safeguards, Customers are also responsible for:

  • Securing their own login credentials.
  • Enabling multi-factor authentication (MFA) where available.
  • Managing user access and permissions appropriately.
  • Preventing unauthorized use of Customer accounts.

9. Contact Information

Questions regarding these security measures may be directed to:

ColdCheck, Inc.
Security inquiries: security@coldcheck.ai
General legal: legal@coldcheck.ai