How secure is the pack?
Security & Encryption for Coda uses industry-standard encryption methods, including AES-256 and RSA asymmetric encryption, to encrypt and decrypt data. It also undergoes regular Service Organization Controls audits (SOC 2 Type II) performed by an independent third-party auditing firm and adheres to GDPR and CCPA compliance standards.
While our coda pack is not 100% zero knowledge, we want to assure our customers that security is always our top priority. We have taken extensive measures to ensure that your data remains safe and confidential. This means that when the user creates a vault, it generates an RSA key from our backend to secure the connections for the vaults and Secrets. Once generated, the key will be returned to Coda and stored only in the user’s Coda doc.
After the RSA key is generated and stored in Coda, there is no other way to recover it. As a result, no unsecured data is sent over the network or kept on our server. Only those with permission to access the Coda Doc can decrypt the Secrets.