Data Security

is of Utmost Importance

international Security Standards

Canopy meets international information security standards and is IS0-27001 certified


Security is of utmost importance to us. We have taken several steps to ensure your data is safe when it is stored and sent back to you.


All our databases are encrypted with 256-bit keys (AES-256). Industry consensus is that it would take a supercomputer millions of years to crack the encryption via a brute force attack.


All data sent to the web browser is encrypted (with technology such as HTTPS). This means that third parties need to break the encryption to see what is being sent to your browser.

Infrastructure Security

We have implemented a number of security measures to protect our systems.

Ethical hackers

We regularly engage professional ethical hackers to try break into our infrastructure and assess all security aspects.

Active monitoring

We use active monitoring tools that ensure all our software code matches the highest security standards.


Our infrastructure is secured behind advanced firewall systems. We also have high-end anti-virus and anti-malware scanning our systems.

2FA Authentication

We practice two factor authentification. 2FA provides an additional layer of security beyond strong passwords.

Security Procedures

We have rigorous processes in place to control access to the data and regularly review access permissions.


Our developers do not directly deploy any updates to the software. All updates and improvements go through code reviews and an independent deployment function.

Restricted access

The software development team does not have access to live client data. Any development that the software team does is done on servers that have dummy data. This reduces the access to sensitive client information.

Staff Training

All employees undergo regular training for cyber security awareness to keep data and systems safe.

Secure design

The Canopy platform has been designed with privacy and security as a top priority.


We have bank level infrastructure security. However our best line of defence is that we do not hold any personally identifiable information on our platform. If we were to suffer a breach the party would encounter anonymous usernames and data.

Frequently asked questions

If you have any remaining questions, please see our FAQ section.