At Grow, we understand how crucial it is to give access and visibility to your data to those who need to see it, and how important it is to protect that data from those who do not.
This article outlines the measures Grow has in place and ways you can help keep your data safe.
Data Pods Architecture
Each Grow account has their own Data Pod. This means that your companies data and processes run on their own powerful set of servers. Grow Data Pods improve performance, by making it so a poorly written process from another account analyst is running cannot affect your companies performance and power. It also increases security because each account has its own single use databases, with multiple layers of security.
Keeping your data secure is our number one priority. Grow is now SOC 2 compliant and certified. This means independent auditors and testers have made sure Grow has the processes and procedures in place to make sure your data is safe and secure.
What we do to increase database security
Every connection to the app from the browser are forced to an HTTPS session with a DigiCert SSL certificate. We use a secure connection (TLS or SSL) when connecting to a database, and the data is encrypted on both ends of the connection.
All of our servers are located on the best-of-class Amazon Web Services.
What you can do to increase database security
- Use a read-only user to connect to Grow. We do not have anything built into the platform to add or affect data in your database, so there is no reason to have anything more than read-only privileges.
- Only open one port for Grow.
- Whitelist our server IPs so a private database is never left wide open.
- Use a SSH Tunnel to add an extra layer of security.
- Use an identity-based data service. We recommend Cirro. They are a third-party service that allows you to connect your database to Cirro then connect Cirro to Grow as a database, and offer more security and flexibility to who and what has access to your data.
Data Source Security
We always use HTTPS where available when connecting to data sources, and all data is transmitted over the internet via standard 128-bit SSL encryption so none of your data is ever exposed.
Grow uses standard OAuth to gain access to most of the third party APIs used to gather your data. You'll never give your username and password to Grow. Instead you login to your account and then authorized the requested permissions for Grow. And of course we protect the auth information with encryption in our database.
When connecting some data sources, the prompts may ask for approval to give Grow read and write access to the data. Grow does not need the write-access, but some APIs are set up to ask for read and write access in order to get the data. Grow's platform is not set up to edit data from any data source.
You can always remove data source connections in Grow, which deletes the entry in our database. Or you can revoke Grow's access from your data source account.
Grow will store any account information, including any metrics, for 75 days after a metric is deleted or the account is cancelled. That data can be deleted sooner upon request at email@example.com.
Grow User Access
Within your organization you can restrict access to any dashboard or the ability to create new metrics/reports using a specific data source on the user level.
We follow Soc2 compliance and track all users and Grow employees that log into a customer's account and what actions they take in the app. Grow employees will not access any user's account unless they have a direct need for support or dev purposes. Contact your Grow BI Consultant if you would like your account locked so only users in your account can access it. Keep in mind that this also limits how well we can help troubleshoot any issues or assist in any questions you may have.
Grow's data navigation platform is not set up to protect PII/PHI per HIPAA standards, and we encourage all clients to keep PII/PHI data out of the platform.
All login passwords are SHA encrypted and all logins are compared against that SHA encrypted string. If you lose your password we cannot recover it for you; you have to request a reset link that is only active for a limited time. Read more about resetting your password.
For added security when logging in to your account, you can contact your Grow BI Consultant or our support team and ask for two-factor authentication to be turned on for your account. This will give each user in your Grow account the option to enable 2FA for their own user account.
If you have any questions regarding what we are doing at Grow regarding security or privacy, please email firstname.lastname@example.org.