.svg)
Security
Your data deserves more than promises. Continu delivers enterprise-grade security as standard — so your team can focus on learning, not worrying.
SOC 2 Compliant
GDPR & CCPA Compliant
Michael Schippert
Senior Vice President of Engineering
Secure
Round-the-clock monitoring, independently audited controls, and a dedicated security team — every layer of Continu is built to keep your organisation protected.
Always-On Monitoring
Every layer of our stack is watched continuously. Anomalies trigger instant alerts to a dedicated on-call response team — day or night.
Security-First Culture
Our security team runs continuous risk assessments, internal audits, and threat modelling — with dedicated SLAs for enterprise accounts.
Enterprise-Grade Hosting
Deployed across physically isolated availability zones on hardened cloud infrastructure designed to withstand regional outages.
SOC 2 Type II Audited
An independent audit firm verifies our security, availability, and confidentiality controls annually — so you don't have to take our word for it.
ISO 27001 Practices
Our information security management system is built around ISO 27001 principles — covering risk treatment, access control, and continual improvement.
99.99% Uptime Guarantee
Multi-zone redundancy keeps Continu available when you need it. Real-time status is published openly at status.continu.co.
Protected
Your data is encrypted end-to-end, backed up continuously, and stored across geographically separated regions. No single point of failure — by design.
AES-256 Encryption at Rest
Every byte of stored data is encrypted with AES-256 — the same standard trusted by governments and financial institutions worldwide.
TLS 1.2+ In Transit
All traffic between your browser and Continu is encrypted over HTTPS using TLS 1.2 or 1.3. Unencrypted connections are never accepted.
Continuous Backups
Your data is backed up on both daily and intraday schedules, so recovery is always minutes away — never days.
Geo-Separated Storage
Backups live in geographically distinct regions from production systems, eliminating single-region failure as a risk vector.
Zero Single Points of Failure
Every component is replicated. Data is written to multiple locations simultaneously, so hardware failures never mean data loss.
Incident Response Plan
Our documented SIRP means critical incidents are triaged in minutes, not hours — with proactive communication to every affected customer.
Private
Enterprise SSO, automated provisioning, and field-level permissions give you total control over who sees what — without slowing anyone down.
GDPR & CCPA Ready
We honour data subject rights, enforce lawful processing, and maintain safeguards for cross-border transfers — fully compliant out of the box.
Enterprise SSO (SAML 2.0)
Connect Okta, Azure AD, Google, ADFS, or OneLogin in minutes. We support both SP-initiated and IdP-initiated sign-on flows.
Granular Role-Based Access
Define exactly who sees what. Assign permissions by role, team, department, or individual — and change them instantly.
Authentication Controls
Lock down permitted login methods at the organisation level. Enforce SSO-only access or restrict to approved domains.
Automated SCIM Provisioning
Sync user accounts directly from your identity provider. New starters get access on day one; leavers are revoked automatically.
Field-Level Permissions
Control visibility down to individual data fields. Segment access by role, team, or business unit so sensitive information stays contained.
Certifications & Compliance
SOC 2 Type II · ISO 27001 · GDPR · CCPA — independently verified compliance that enterprise security teams can trust.
All data in transit is protected with TLS 1.2 or 1.3 over HTTPS. At rest, everything is encrypted using AES-256 — the same standard used by banks and government agencies.
Our Security Incident Response Plan kicks in immediately. Critical issues are triaged within minutes, and affected customers receive proactive, transparent updates throughout the resolution process.
We run both daily and intraday backups. All backups are stored in geographically separate regions from production, so your data is recoverable even in worst-case scenarios.
Yes. Our Business Continuity and Disaster Recovery Plan is tested regularly. It's designed to restore full operations quickly with minimal disruption to your teams.
Continu is SOC 2 Type II certified and aligned with ISO 27001. We comply with GDPR and CCPA, and follow best practices from NIST and CIS frameworks.
Yes. Independent security firms conduct penetration tests at least annually. All findings are tracked, prioritised, and resolved promptly.
Absolutely. We provide a comprehensive DPA that covers GDPR and CCPA requirements. Your account team can supply a signed copy on request.
GDPR is built into how we operate — from data subject access requests and lawful processing to data minimisation and robust cross-border transfer mechanisms.
See how thousands of enablement leaders around the world are automating delivery, increasing ROI, and creating real business impact with Continu.
.svg)
Continu is built to keep your data safe. We put privacy and security front and center, so you don’t have to.
