Data Security Policy

Last Updated: February 5, 2026

Codas Labs, LLC (“Codas Labs,” “we,” “us,” or “our”) is committed to protecting the confidentiality, integrity, and availability of information entrusted to us. This Data Security Policy describes the administrative, technical, and organizational measures we implement to safeguard data processed through our products, services, websites, and platforms (collectively, the “Services”).

This Policy applies to all Codas Labs products, services, brands, and affiliated entities, including Codas Media.

1. Scope

This Policy applies to:
• Personal Data processed on behalf of customers
• Data collected directly by Codas Labs
• Business, operational, and system data
• Messaging, automation, AI-assisted workflows, APIs, and integrations

This Policy should be read in conjunction with our Privacy Policy, Terms of Service, and Data Processing Agreement (DPA).

2. Security Governance

Codas Labs maintains a risk-based security program designed to:
• Protect against unauthorized access, disclosure, alteration, or destruction
• Detect and respond to security incidents
• Support compliance with applicable data protection laws

Security responsibilities are assigned internally and reviewed periodically as systems, threats, and regulations evolve.

3. Administrative Safeguards

We implement reasonable administrative controls, including:
• Confidentiality obligations for personnel and contractors
• Role-based access principles (least privilege)
• Security awareness and internal access controls
• Vendor and third-party risk review processes
• Policies governing acceptable use, access, and data handling

Access to production systems is restricted to authorized personnel only.

4. Technical Safeguards

Codas Labs uses a layered security approach that may include:
• Secure authentication mechanisms
• Encryption in transit using industry-standard protocols
• Encryption at rest where appropriate
• Network segmentation and firewall protections
• Monitoring, logging, and anomaly detection
• Secure development and deployment practices

Specific technical configurations are confidential and subject to change.

5. Physical Safeguards

Where applicable, Codas Labs relies on:
• Secure, access-controlled data centers operated by reputable cloud service providers
• Physical security controls such as surveillance, badge access, and visitor restrictions
• Environmental protections (power, cooling, redundancy)

6. Incident Response

Codas Labs maintains incident detection and response procedures designed to:
• Identify suspected security events
• Assess scope and impact
• Contain and remediate issues
• Notify affected customers where required by law or contract

Security incidents involving Personal Data are handled in accordance with our Data Processing Agreement and applicable legal obligations.

7. Data Access & Segregation

Customer data is logically segregated where feasible. Access to customer environments is limited to authorized personnel for legitimate business purposes such as:
• Customer support
• Infrastructure maintenance
• Security monitoring

Codas Labs does not access customer data for marketing or training purposes unless expressly authorized.

8. Messaging & Communications Security

For messaging services (email, SMS, voice, automation):
• Codas Labs provides infrastructure and delivery tooling
• Customers control message content, recipients, and campaigns
• Customers are responsible for consent, compliance, and sender-of-record obligations
• Carrier and provider policies may apply

Additional requirements are described in our Messaging Policy / Acceptable Use Policy.

9. AI & Automated Processing

Where AI-assisted features are used:
• Outputs are generated based on customer inputs or system context
• Codas Labs does not guarantee accuracy, outcomes, or decisions
• Customers are responsible for reviewing and validating outputs
• AI features are not intended for regulated decision-making unless expressly stated

AI models and vendors are selected using commercially reasonable security and privacy standards.

10. Third-Party Providers

Codas Labs may engage third-party vendors to support:
• Hosting and infrastructure
• Payments and billing
• Messaging and telecom delivery
• Analytics and monitoring
• AI and automation capabilities

We seek to contractually require appropriate security and confidentiality protections, but cannot guarantee third-party compliance in all circumstances.

11. Data Retention & Disposal

Data is retained only as long as necessary to:
• Provide Services
• Meet legal and contractual obligations
• Resolve disputes
• Enforce agreements

When data is no longer required, it is deleted or anonymized in accordance with internal procedures and applicable law.

12. Customer Responsibilities

Customers are responsible for:
• Protecting their login credentials and API keys
• Configuring security settings appropriately
• Managing user access within their accounts
• Ensuring lawful data collection and use
• Maintaining endpoint and internal security

Codas Labs is not responsible for security failures caused by customer misconfiguration or unauthorized credential sharing.

13. Limitations

While Codas Labs implements reasonable safeguards, no system can be guaranteed to be 100% secure. Customers acknowledge and accept the inherent risks associated with electronic data transmission and storage.

To the maximum extent permitted by law, Codas Labs disclaims liability for unauthorized access caused by factors outside its reasonable control.

14. Changes to This Policy

We may update this Data Security Policy from time to time. The most current version will always be posted on our website. Continued use of the Services constitutes acceptance of the updated Policy.

15. Contact

Security-related questions or reports may be sent to:

Codas Labs, LLC
PO Box 555 Wake Forest, North Carolina, 27588 United States
Email: support [at] codaslabs.com
Phone: +1 743-300-5227

CodasLabs

Terms of Service     Privacy Policy     Legal

© Codas Labs LLC, All rights reserved.