At Grow, we understand how crucial it is to give access and visibility to your data to those who need to see it, and how important it is to protect that data from those who don’t.
This article outlines the measures Grow has in place and ways you can help keep your data safe.
What we do to increase database security
Every connection to the app from the browser are forced to an HTTPS session with a DigiCert SSL certificate. We use a secure connection (TLS or SSL) when connecting to a database, and the data is encrypted on both ends of the connection.
All of our servers are located on the best-of-class Amazon Web Services.
What you can do to increase database security
- Use a read-only user to connect to Grow. We don’t have anything built into the platform to add or affect data in your database, so there is no reason to have anything more than read-only privileges.
- Only open one port for Grow.
- Whitelist our server IPs so a private database is never left wide open.
- Use a SSH Tunnel to add an extra layer of security.
- Use an identity-based data service. We recommend Cirro—They are a third-party service that allows you to connect your database to Cirro then connect Cirro to Grow as a database, and offer more security and flexibility to who and what has access to your data.
Data Source Security
We always use HTTPS where available when connecting to data sources, and all data is transmitted over the internet via standard 128-bit SSL encryption so none of your data is ever exposed.
Grow uses standard OAuth to gain access to most of the third party APIs used to gather your data. You'll never give your username and password to Grow. Instead you login to your account and then authorized the requested permissions for Grow. And of course we protect the auth information with encryption in our database.
You can always remove data source connections in Grow, which deletes the entry in our database. Or you can revoke Grow's access from your data source account.
Grow User Access
We follow Soc2 compliance and track all users and Grow employees that log into a customer’s account and what actions they take in the app. Grow employees will not access any user’s account unless they have a direct need for support or dev purposes. Contact your Grow BI Consultant if you would like your account locked so only users in your account can access it. Keep in mind that this also limits how well we can help troubleshoot any issues or assist in any questions you may have.
All login passwords are SHA encrypted and all logins are compared against that SHA encrypted string. If you lose your password we cannot recover it for you; you have to request a reset link that is only active for a limited time. Read more about resetting your password.
If you have any questions regarding what we’re doing at Grow regarding security or privacy, please email firstname.lastname@example.org.