Cofactr is an ITAR-registered and compliant company and offers an ITAR-compliant version of our platform for customers with export-controlled technical data.

Both ITAR-compliant and non-compliant versions of the Cofactr platform feature strong security controls including end-to-end encryption and are hosted in secure AWS data centers.

All employees with access to customer data are US persons who undergo mandatory recurring ITAR procedures training.

Customer technical data is never stored anywhere other than the Cofactr hosting in AWS.

Customer parts are stored in Cofactr's secure facility with extensive physical and personnel security, which you can learn more about here.

The ITAR-compliant version of our platform is hosted in an AWS GovCloud region, whereas the non-compliant version is hosted in a civilian AWS region.

For the ITAR-compliant version of our platform, all portions of our tech stack, such as product analytics and administrative tooling, that have the ability to access technical data (BOMs, etc) are deployed within our AWS GovCloud VPC, whereas the non-compliant version uses some multi-tenant public-cloud services.

Certain types of product analytics and bug reporting are disabled in the ITAR-compliant version of our platform to prevent any possibility of technical data (BOMs, etc) being exposed to services outside of our AWS GovCloud VPC.

Check out this blog post from our CEO, Matthew Haber, that shares some useful info on how ITAR applies to software for hardware.