For Enterprise plan clients, we offer full transparency regarding our security postures.
Compliance and Certifications
- PCI-DSS Level 1: We do not store full credit card numbers. Everything flows through tokens processed directly by the acquirers (Stripe/Conekta).
- Encryption: Data at rest is encrypted using AES-256. Data in transit utilizes TLS 1.3.
- Independent Audits: Cord undergoes annual penetration testing (pentesting) by third-party security firms.
Requesting a Penetration Report: If your company’s IT or Compliance department requires our latest audit report, please contact your Account Executive. To share it, we require a mutually signed NDA (Non-Disclosure Agreement).