Grow Security Overview

This article outlines the measures Grow has in place and ways you can help keep your data safe.

Data Pods Architecture

Each Grow account has their own Data Pod. This means that your company’s data and processes run on their own powerful set of servers. Grow Data Pods improve performance by ensuring that a poorly written process from another account cannot affect the performance and power of your Data Pod. It also increases security because each account has its own single use databases, with multiple layers of security.

SOC 2

SOC (Service Organization Control) compliance is a set of standards and criteria that help ensure the security, availability, processing integrity, confidentiality, and privacy of a service organization's data and systems. SOC compliance is audited by independent third-party firms that verify the service organization's adherence to the SOC requirements.

Grow is SOC 2 type 1 and type 2 certified, which means that Grow has been audited and verified to meet the SOC 2 criteria for security, availability, processing integrity, confidentiality, and privacy of its data and systems. SOC 2 type 1 certification means that Grow has demonstrated its compliance at a specific point in time, while SOC 2 type 2 certification means that Grow has demonstrated its compliance over a period of time, usually 12 months. Grow undergoes regular SOC 2 audits to maintain its certification and ensure the highest level of trust and quality for its customers.

Grow also complies with the GDPR.

Database Security

Every connection to the app from a browser is forced to an HTTPS session with a DigiCert SSL (Secure Socket Layer) certificate. All network communications are 2048-bit encrypted. We use a secure connection (TLS or SSL) when connecting to a database, and the data is encrypted on both ends of the connection.

All Grow servers are located on the best-of-class Amazon Web Services.

What you can do to increase database security

  • Use a read-only user to connect to Grow. We do not have anything built into the platform to add or affect data in your database, so there is no reason to have anything more than read-only privileges.
  • Only open one port for Grow.
  • Whitelist our server IPs so a private database is never left wide open.
  • Use a SSH Tunnel to add an extra layer of security.
  • Use anidentity-based data service. There are third-party services that will allow you to connect your database to that service and then use that service to connect to Grow to offer more security and flexibility to who and what has access to your data.

Data Source Security

We always use HTTPS where available when connecting to data sources, and all data is transmitted over the internet via standard 128-bit SSL encryption so none of your data is ever exposed.

OAuth connections

Grow uses standard OAuth to gain access to most of the third party APIs used to gather your data. You'll never give your username and password to Grow. Instead you login to your account and then authorized the requested permissions for Grow. And of course we protect the auth information with encryption in our database.

When connecting some data sources, the prompts may ask for approval to give Grow read and write access to the data. Grow does not need the write-access, but some APIs are set up to ask for read and write access in order to get the data. Grow's platform is not set up to edit data from any data source.

You can always remove data source connections in Grow, which deletes the entry in our database. Or you can revoke Grow's access from your data source account.

Grow will store any account information, including any metrics, for 75 days after a metric is deleted or the account is cancelled. That data can be deleted sooner upon request at privacy@grow.com.

Grow User Access

Within your organization you can restrict access to any dashboard or the ability to create new metrics/reports using a specific data source on the user level.

We follow Soc2 compliance and track all users and Grow employees that log into a customer's account and what actions they take in the app. Grow employees will not access any user's account unless they have a direct need for support or dev purposes. Contact your Grow BI Consultant if you would like your account locked so only users in your account can access it. Keep in mind that this also limits how well we can help troubleshoot any issues or assist in any questions you may have.

Grow's data navigation platform is not set up to protect PII/PHI per HIPAA standards, and we encourage all clients to keep PII/PHI data out of the platform.

All login passwords are SHA encrypted and all logins are compared against that SHA encrypted string. If you lose your password we cannot recover it for you; you have to request a reset link that is only active for a limited time. Read more about resetting your password.

For added security when logging in to your account, you can contact your Grow BI Consultant or our support team and ask for two-factor authentication to be turned on for your account. This will give each user in your Grow account the option to enable 2FA for their own user account.

If you have any questions regarding what we are doing at Grow regarding security or privacy, please email privacy@grow.com.

Was this article helpful?