Product security

• 2FA: you can turn on 2-factor authentication (2FA)
• Granular Permissions : within our app, restricted /permissive roles can be set for your teammates
• Password : we enforce password complexity standard
• Uptime : we have a uptime of 99.9% or higher.

Application security

• Data hosting & storage : AWS & Microsoft Azure are our hosting services in Ireland
• Failover : failover mechanisms are in place in case our main data data center fail
• VPC : all ours servers are within our own Virtual Private Cloud with restricted and monitored access
• Backups : Data are backed up on a daily basis.
• Monitoring: application logs are produced, analysed and stored for archival purposes.
• Authentication & Permissions: Access to customer data is limited to authorized employees who require it for their job. We 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
• Encryption : All data sent to or from Grytics is encrypted in transit using 256 bit encryption. Our application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. All customer data is encrypted at rest.
• Vulnerability scanning : we use third party security tools to continuously scan for vulnerabilities. Once a year, we engage third-party security experts to perform detailed penetration tests on the application.
• Incident response : we have implemented a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Company security

• Training : all employees complete a Security and Awareness training annually; other specialised trainings are followed by the IT team
• Employee vetting : Background checks are performed on new employees in accordance with the French law.
• Confidentiality : All employee contracts include a confidentiality agreement.
• Policies : A full set of security policies has been established. They are are updated on a monthly basis (if necessary) and are shared to all employees.

GDPR

GDPR compliance is a requirement. In order to meet with it, Grytics has put in place several measures, among them :

• Terms of Services and the cookie policy in compliance
• Our Data Processing Agreements (DPAs) shares our privacy commitments and sets out the terms for Grytics and our customers to meet GDPR requirements. This is available for customers to sign
• A Data Protection Officer has been appointed
• Third-party providers working with us handling customer data have been cleared on GDPR related subjects (AWS, Azure, Sparkpost)
• Strong Security measures alongside certifications have been put in place (see above)

Any questions ?

If you want more information about our security policies and processes in place, please contact us

If you think you have found a breach, please contact the security team : security at grytics.com