How is data stored and who can access it?
Where your register data is hosted, how access within your organisation is managed, and what happens to your data when your subscription ends.
Covered on this page:
Where data is stored
Your data in Copla Registry is stored within the European Economic Area — specifically in Lithuania and Frankfurt am Main, Germany.
It is hosted on AWS infrastructure distributed across multiple availability zones for resilience, and is not transferred outside the EEA without documented client instruction.
Data is encrypted at rest using dual-layer server-side encryption and in transit using TLS 1.3 where supported, with HTTPS enforced across all services. Uploaded files are stored in encrypted S3 buckets. All backups are encrypted and stored with restricted access.
Copla holds ISO/IEC 27001:2022 certification.
Who within the organisation can access it
Access to Copla Registry is managed through a role-based permission system scoped to your organisation's team. Users can only access data within their authorised team — complete data isolation between teams is enforced at the platform level.
Access rights are granted, reviewed, and revoked through the platform's access management controls. When a user's role changes or they leave the organisation, their access can be updated or removed without affecting the underlying register data.
What happens to data if the subscription ends
Personal data — including user account information — is retained during the subscription and for 30 days after the service agreement ends. At the end of that period, or upon request, personal data is either deleted or returned to you, with deletion confirmed to you upon request.
For questions about what happens to your register data specifically at the end of a subscription, contact us directly.