Security Policy
This page outlines the security measures and principles our team applies,
so you could safely migrate your data.
GrowthDot Security Overview
Your private data is safe while using GrowthDot website. There are several steps that our team takes to ensure your privacy. However, the measures whichwe take to provide your data security are not tied to just legal requirements (as General Data Protection Regulation, etc.) There is also a moral and ethical obligation to safeguard privacy.
Security Levels
Physical Security
Our data centers are located in Germany and our hosting provider, AWS, takes the highest measures to provide the physical safety of the hardware.
For example, only authorized personnel is able to access the data via electronic access control devices with an admission card or transponder key. Data storage parks are preserved from any natural disasters. These data center parks are also under 24/7 surveillance and which works in an autonomous mode using diesel power generators for any emergencies.Network Security
GrowthDot security team makes sure your private data is protected from any kind of electronic attacks. To ensure this, we use the best-proven practices for the whole network security.
We offer the following network security measures:
- network firewalls;
- DDoS preventions;
- network posture assessment.
Application Security Layer
- Our firewalls expose only necessary posts through the Internet and between different online servers.
- All requests are validated to ensure the security of the application level.
- Our service transfers data from the visitor’s browser to our system via HTTPS.
The data being transferred is encrypted by SSL protocol and ciphered.
Data location
All data is stored in Germany on the AWS electronic data center. Only authorized staff can access the data. No external sources are allowed to access the database.
Security Audits
GrowthDot scans all systems regularly to prevent any vulnerabilities. We constantly update the software to limit, log, and check the connections to previous versions.
We fully abide by your data confidentiality and guarantee that all your private data is absolutely secure. The appropriate measures against unauthorized access or connections are taken, to completely exclude any data disclosures or destructions. These measures include internal reviews of the data collection, storage, and processing practices, and physical security measures, to ensure the complete safety from unauthorized access to our personal data storage.
Data access and authentication
Only our authorized tech engineers have access to private data storages, so they can work on customizations and etc. Different engineers have different access permissions depending on their job requirements. Some parts of software can be reached only by certain IPs, so you can be sure that the database is accessed only by required personnel.
Why do we need specific permissions?
We need these specific permissions to be able to connect to your current account and provide the required services. After establishing the connection, we are able to access the data needed for providing certain services and without these access permissions, it is impossible.
Certification and Compliance
EU GDPR
GrowthDot is compliant with the requirements of the General Data Protection Regulation.
ISO/IEC 27001:2013
GrowthDot datacenters are compliant with ISO/IEC 27001:2013 since our hosting provider has achieved this certificate.
PCI DSS
GrowthDot uses 2Checkout and PayPro to accept payments. Both providers are certified PCI Level 1 Service Providers, the most stringent level of certification available in the payment industry. You can verify this by checking 2Checkout’s fraud protection policy and PayPro’s compliance page.
Note: we do not store or possess your payment data.
How to report a security vulnerability?
In case you’ve noticed any possible security vulnerability in our service, please inform us at (link/email to support). Please, include the following points to help us complete the case investigation:
- Description of the location of the vulnerability and its potential impact;
- A detailed description of the steps required to represent the vulnerability (e.g. screenshots, POC scripts, etc.)
Have any additional questions?
If there any details we didn’t mention or you have any suggestions, feel free to contact us [email protected].
