At Grow, we're committed to keeping your data private and secure. We do this in a number of ways.
We always use HTTPS. If your data source provides it, we use it.
Grow only ever gets read-only access to your data. We don't want to, and can't edit your data. All data is transmitted over the internet via standard 128-bit SSL encryption so none of your data is ever exposed.
We do not store any of your data. We pull it on demand, and try to constantly refresh it. We only occasionally will cache a small amount of data for up to 24 hours that is used to create the metric. We also cache some raw API responses for 5 minutes to speed up the application. This small data cache, as well as any authentication data to any of your sources are stored in encrypted fields in our database under AES-SHA256-CBC encryption.
Grow uses standard OAuth to gain access to most of the third party APIs used to gather your data. You'll never give your username and password to Grow. Instead you login to your account and then authorized the requested permissions for Grow. And of course we protect the auth information with encryption in our database.
You can always remove connection data source connection in Grow, which deletes the entry in our database, or you can revoke Grow's access from your account.
For certain data sources that require it, such as a few database connections, we use a secure SSH tunnel so your data resides behind a secure firewall, and you never have to open a port. Grow users can also white-list our server IPs so a private database is never left wide open.
All login passwords are SHA encrypted and all logins are compared against that SHA encrypted string. If you lose your password we cannot recover it for you, you have to request a reset link that is only active for a limited time. More info about resetting your password here.
All of our connections to the app from the browser are forced to https/ssl with a DigiCert SSL certificate.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
All of our servers are located on the best of class Amazon Web Services.
Bottom line? Your data is safe and always under your control.
Grow protects your data. We know that your data and database are essential to your business and we connect in the securest ways possible.
Here are a few options to mitigate some of the risks:
- Select the SSH tunneling method and provide us with a key. This is probably the strongest security measure you can take. Only something with our IP and the key you give us can talk your server.
- Create a user in the db that has access to a subset of tables
- Make that user have read only permissions
- Create table “views” that contain ONLY the data that is necessary to build a chart in grow