10KC SECURITY & COMPLIANCE

Your Security Matters
to Us

We take security seriously. Our platform offers enterprise-grade security, reliability, privacy, and compliance that ensures your data always remains safe—at no extra cost to you.

Get a Demo

Security and compliance
to protect your data

Security

Certified Infrastructure

10KC’s infrastructure, including all customer data, is hosted securely in Google Cloud. Google Cloud is known for providing best in class security models and a scalable infrastructure that helps organizations stay secure and compliant.

Google Cloud Adherence

Google Cloud adheres to ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, VPAT (WCAG, U.S. Section 508, EN 301 549) and FedRAMP certifications, and alignment with HIPAA, GDPR, and CCPA.

More information about Google’s compliance offering is available here.

Penetration Testing

10KC application is tested annually by an independent third party penetration tester to identify and remediate any vulnerabilities within our product. Additionally, we perform continuous vulnerability testing to ensure no active vulnerabilities are within our environment.

Data Loss Prevention Measures

10KC has deployed the best in class DLP solutions to safeguard the classified data as per the information classification policy. Every 10KC employee goes through mandatory background checks. Access to client data is controlled utilizing VPN firewall and 2FA limited to a few security administrators and operations members supporting client accounts.

Encryption

Network traffic is encrypted via Transport Layer Security (TLS) to protect sensitive information during transmission against unauthorized access or modification. Data at rest is encrypted using AES256 encryption, while data in Transit is encrypted using TLS1.2 encryption.

Privacy

10KC has defined policies and procedures related to the management of Personal Information (PI). PI is collected in accordance with our Privacy Policy.

Read more about our policy

Compliance

SOC 2 Type II

The 10KC platform is SOC 2 Type II compliant and participates in annual independent audits to maintain compliance. The SOC 2 Type II auditing process safeguards customer data and how well those controls are operating. It also ensures our policies, practices, and controls securely manage client data and protect the privacy of our users.

GDPR Compliant

We comply with GDPR requirements by letting each participant manage their opt-in preferences. To access DPA, please request access via 10KC's Trust Center.

ISO27001

10KC is ISO/IEC 27001 certified. We have a robust Information Security Management System (ISMS) in place to protect the confidentiality, integrity, and availability of your data. We undergo regular independent audits to maintain this certification.

CSA Star Level 1

We’ve achieved the Cloud Security Alliance (CSA) STAR Level 1 certification, demonstrating our adherence to industry best practices for cloud security, including data protection and security controls. This provides our customers with increased assurance in the security of our cloud-based platform.

10KC CSA star level1 registry

Reliability

Performance

Our service is hosted on Google Cloud’s renowned infrastructure which allows us to scale in minutes - scale-up by increasing the capability of each server and scale-out by adding more servers to our system - to meet your enterprise needs. We continuously monitor load for both scale-out and scale up scenarios. We also conduct scale-up and scale-out for our databases.

Backup and Disaster Recovery

Data at rest is encrypted automatically in the 10KC infrastructure. All cluster storage and snapshot volumes, including backups are encrypted. Data backups are taken continuously.

CSA Star Level 1

10KC is dedicated to providing exceptional service reliability to its valued customers. We understand the critical importance of uninterrupted access to our platform for your business operations. We provide a 99.9% Uptime commitment for all enterprise customers.

We hold ourselves to high standards

At 10KC we’re obsessed with providing our users a best-in-class experience. Our design and development team prioritize accessibility at every stage of our product development process, this is why we use WCAG version 2.1 level AA, and a combination of automated and manual testing.



We also use automation to ensure that our design and development teams can create products that deliver the best experience for all users. Our automation includes validation that follows industry best practices, while leaving more complex checks that can’t be automated for manual validation.

We strive to support everyone

Unlocking opportunity means equal access to technology, regardless of ability. Our platform supports:


  • Screen reader support for the visually impaired.
  • Appropriate focus indicators, labeling important visuals, and keyboard support for navigation.
  • Proper use of colours and contrast for people with lower colour perception.
  • Clear organization of content and use of easy to understand language for those comprehension is lower because of ability.

We hold ourselves to high standards

At 10KC we’re obsessed with providing our users a best-in-class experience. Our design and development team prioritize accessibility at every stage of our product development process, this is why we use WCAG version 2.1 level AA, and a combination of automated and manual testing.



We also use automation to ensure that our design and development teams can create products that deliver the best experience for all users. Our automation includes validation that follows industry best practices, while leaving more complex checks that can’t be automated for manual validation.

We strive to support everyone

Unlocking opportunity means equal access to technology, regardless of ability. Our platform supports:


  • Screen reader support for the visually impaired.
  • Appropriate focus indicators, labeling important visuals, and keyboard support for navigation.
  • Proper use of colours and contrast for people with lower colour perception.
  • Clear organization of content and use of easy to understand language for those comprehension is lower because of ability.

Data subject rights

Right to rectification

We support individuals' right to rectification - either directly through their account settings, or by contacting security@tenthousandcoffees.com.

Right to access and portability

10KC supports individuals' right to access and right to portability of both their personal data, and the data of their members. Requests for export can be made by contacting security@tenthousandcoffees.com.

Right to be forgotten

10KC supports individuals' right to be forgotten. We will ensure that all data is deleted upon our systems, and any third parties we engage with. Deletion can be requested by contacting security@tenthousandcoffees.com.

Right to object

We support individuals’ right to object. Participants can opt-in and out of being contacted on their community.

Ready to see 10KC mentorship software in action?

Get a Demo
Untitled UI logotext
© 2025 Ten Thousand Coffees
Product
How It Works
Mentoring Pathways
Mentoring Experiences
Reporting & Analytics
Automated Communications
Smart Matching
Integrations
Security & Compliance
Discussion Guides
Use Cases
Career Development
Manager Effectiveness
Early Talent
Leadership Development
DEI Mentorship Programs
Mentoring Program Outcomes
Resources
Blog
Ebooks
Guides
Events & Webinars
Newsletter
Glossary
Resources Library
Company
About Us
Culture
Press
Contact Us
Help & Support
Help Center
FAQ
Legal
Privacy
Disclosures
Terms & Conditions
Partnership Terms
Cookie Policy
© 2025 Ten Thousand Coffees