Cozy Cloud aggregates files, notes, contacts, and app connectors in a personal cloud model. Security should focus on connector scopes, account hardening, and encrypted data handling.
¶ 1) Harden authentication and account lifecycle
- Require strong passwords and MFA where available.
- Disable public signup in private deployments.
- Restrict admin-level operations to a minimal operator set.
- Rotate session and API credentials during maintenance windows.
¶ 2) Minimize connector and app permissions
- Review permissions granted to each Cozy app/konnector.
- Disable unused connectors that can access sensitive data.
- Use least-privilege OAuth scopes for external services.
- Monitor connector sync jobs for unusual access patterns.
¶ 3) Protect data and service boundaries
- Keep database/storage components off public interfaces.
- Enforce HTTPS and HSTS for all user-facing endpoints.
- Encrypt backups containing files and contact data.
- Patch Cozy stack components regularly.
- Cozy documentation: https://docs.cozy.io/en/
- Cozy Stack source repository: https://github.com/cozy/cozy-stack
Any questions?
Feel free to contact us. Find all contact information on our contact page.