Customer Login SCHEDULE A DEMO

COBALT IS COMMITTED TO SAFEGUARDING YOUR DATA

Cobalt was built with cybersecurity and data privacy at its core. Cybersecurity is the cornerstone of our account controls, compliance audits, and certifications. It also drives our organizational structure, training priorities, and hiring processes. Our systems were architected from the ground-up according to industry standard best-practices for security and confidentiality.

Cobalt is SOC2 Type II certified and has best-practices in compliance with GDPR, CCPA, POPIA, and HIPAA. Our Security principles and practices are designed around three core pillars —Data, People, and Process— all with the purpose of safeguarding customer data and providing reliable, secure services.

People

  • Background Checks
  • Security, HR, & PII Training
  • Stringent Vendor Vetting
  • Proper offboarding
  • Strong Physical Security

Data

  • SOC2 Type II Certified
  • 3rd Party Penetration Testing
  • Network Security
  • Data Access Restrictions
  • Logging & Auditing

Process

  • Full Encryption Management
  • GDPR & HIPAA ready
  • Continuous Verification Checks
  • Vulnerability Management
  • Incident Response Plans

BUILDING A CULTURE OF ACCOUNTABILITY

At Cobalt, cybersecurity starts with people. Everyone is held accountable for the security of our company operations — whether they are engineers, operators, or vendors. During onboarding, all Cobalt employees sign an NDA, accept privacy policies, pass background verifications, and complete security, HR, and PII training. Before working with any external vendors, our team does extensive reviews of their procedures and controls. When employees depart, strict employee off-boarding practices ensure critical information remains secure.

USING BEST PRACTICES

The principle of least privileged is the practice  of limiting access rights to the bare minimum permissions needed to perform work.

SAFEGUARDING CUSTOMER DATA

In order to perform its safety and security functions, the Cobalt robot collects and processes many types of data. All data on the robot is encrypted at rest using AES-256 and in transit using TLS 1.2. Depending on the data type, it may be stored in the AWS cloud, streamed live to our SOC via a Wireguard VPN tunnel, stored encrypted locally, or destroyed. Cobalt ensures customer data is never shared with unauthorized personnel while maintaining critical data storage, access, and retrieval processes for our clients. All data is logged and routinely audited according to guidelines outlined in NIST 800-92.

USING BEST PRACTICES

We encrypt all data both at rest, using AES-256 with SSE-S3 & in transit, using TLS 1.2

ENFORCING PROCESS, PROCEDURES & COMPLIANCE

We hold our governance around security processes and policies to exceptionally high standards. Cobalt holds SOC 2 Type II with no exceptions for the security, availability, and confidentiality trust principles. We maintain annually-reviewed Disaster Recovery and Business Continuity Plans and have implemented network security and access control measures on all Cobalt devices. We employ our own physical security services at all of our office locations and routinely withstand internal and external OWASP 10 penetration tests.