Coupa has an ISO 27701/ISO 27001 and Asia Pacific Economic Cooperation Privacy Recognition for Processor (APEC/PRP) - certified global privacy program to support our customers' compliance efforts, and to meet the expectations of key stakeholders.
Our privacy program is integrated into our Enterprise Risk Management process together with all other significant compliance domains, and it is aligned with the GRI and SASB sustainability reporting standards, as we view data privacy as a fundamental human right.
For further information, please visit coupa.com/legal.
Legal Disclaimer - This website is provided for informational purposes only and should not be considered as a contractual commitment or legal advice and does not discuss other privacy-related laws or regulations that may also be relevant to our customers and prospects, including any industry-specific requirements. The relevant privacy and data protection laws and regulations applicable to individual companies will depend on several factors, including but not limited to where a company conducts its business, the industry in which it operates, the type of content it wishes to store, where or from whom the content originates, and where the content will be stored.
Quick Guide: Coupa's Global Privacy Program
Our customers do business worldwide, and our privacy program reflects the international footprint of their operations. In this quick guide, we describe our global privacy program and how it can support your compliance efforts.
Understanding data management on the Coupa Business Spend Management platform is an important component when it comes to user management. In this quick guide, we provide you with more information and a how-to guide to get to results fast.
Quick Guide: Data Processing Agreement
This quick guide provides you with an overview of the Coupa DPA and our rational for using our template.
Coupa engages third-party suppliers in the context of the provision of the Coupa Business Spend Management platform. Some of these third-party suppliers may have access to, and process, customer data, including customer personal data and are considered subprocessors under GDPR. In this quick guide, we provide you with more information on who these subprocessors are and what services Coupa is procuring from them.
This Exari Privacy Policy is intended to better help you understand our practices regarding information collected, including through our products and services, and any other digital properties that we own or control. This Privacy Policy describes how Exari collects, processes, shares and retains the personal information provided to Exari.
Exari Privacy Shield Privacy Statement
The Exari Privacy Shield Privacy Statement describes the Privacy Principles and establishes how Exari Group, Inc. and Exari Systems, Inc. (together, “Exari”) comply with those Principles. This Privacy Shield Privacy Statement covers personal data about data subjects who are citizens of any EEA member state, or the United Kingdom, or of Switzerland, where the personal data is transferred to, and/or processed in, the United States.
This LLamasoft Privacy Notice discloses the information practices for LLamasoft, Inc., and its global subsidiaries (“LLamasoft”), including what type of personal data is gathered and tracked, how the information is used, and with whom the information is shared. This Privacy Notice applies to persons in all jurisdictions and aims to inform you about the scope and purpose of the personal data we collect, use and process.
LLamasoft Privacy Shield Statement
The LLamasoft Privacy Shield Privacy Statement describes the Privacy Principles and establishes how LLamasoft, Inc. and Opex Analytics LLC (together, “LLamasoft”) comply with those Principles. This Privacy Shield Privacy Statement covers personal data about data subjects who are citizens of any EEA member state, or the United Kingdom, or of Switzerland, where the personal data is transferred to, and/or processed in, the United States.