Start using Gridly for free

Streamline your content workflow now!

By signing up, you accept our Terms of Use and Privacy Policy.

Enterprise-grade security & compliance

Gridly maintains a secure and dependable platform to allow your teams work confidently with sensitive content and data.

Certification & Principles

  • ISO/IEC 27001:2022 – Certified Information Security Management System (ISMS). Download
  • Defense in Depth – Layered safeguards across applications, networks, and infrastructure.
  • AWS Well-Architected Security Pillar – Cloud environments designed following industry-leading security principles.
  • Security & Privacy by Design – Built into every stage of our product lifecycle.

Contact Information

Application security

Code Review Process Peer code reviews to catch security issues before deployment, supporting safe and reliable software releases.
Secure Software Development Lifecycle Security is embedded throughout the development process, from design to deployment.
Vulnerability Scanning Quarterly scans using AWS Inspector are performed to identify and remediate security weaknesses. Regular testing with BurpSuite and ZAP. Automated monitoring via AWS Security Hub, CloudTrail, and AWS Config.
Web Application Firewall Layered protection using AWS and open-source technologies is implemented to block malicious traffic and defend against threats such as SQL injection and cross-site scripting (XSS).
Employee Disclosure Process Onboarding procedures include NDAs and background checks to help safeguard sensitive information.

Data security & protection

Daily Database Backups Robust data backup and recovery mechanisms are implemented to ensure data integrity and availability.
Application-Level Backups Customers can initiate on-demand backups and restores at any time through Gridly’s application features
Infrastructure-Level Backups Automated point-in-time backups and restores are performed using AWS RDS, ensuring continuous data protection and rapid recovery capabilities.
Encryption at Rest AES-256 for encryption at rest with AWS KMS is used and cryptographic keys are assigned to specific roles based on least privilege access and keys are automatically rotated yearly. Usage of keys is monitored and logged.
Security Policies Security policies, including Information Security and Access Control to guide Gridly team to manage risks and protect customer data, meeting ISO 27001 standards.
SSL/TLS Enforced Gridly uses TLS v1.2 or higher for all data transfers, with regularly updated certificates to ensure secure connections.
System Access Control Policy Gridly limits system access to only what’s needed, using role-based controls RBAC and regular audits to prevent unauthorized access.

Infrastructure security

Restricted Cloud Data Storage Production data stored in secure AWS regions, encrypted with AES-256 and accessible only by authorized staff.
Encrypted Admin Access TLS v1.2+ applied to web-based admin access, with multi-factor authentication (MFA) required for additional protection.
Multiple Availability Zones Deployment across AWS multiple availability zones to support service continuity and data resilience during disruptions.
Password Policy and Configuration Enforced use of strong, unique passwords, regularly updated and securely stored using hashing.
Automatic Security Patching Security patches automatically applied through AWS and Docker containers to maintain protected systems.

Network security

No Public SSH Access Public SSH access blocked. Secure VPN server connections required across all environments.
Firewall Protection AWS Security Groups and Network ACLs applied to control network traffic and block unauthorized access.
Infrastructure Activity Logging AWS CloudTrail used to log, monitor, and retain account activity across the AWS infrastructure.
Configuration Monitoring AWS Config applied for continuous monitoring, auditing, and evaluation of AWS configurations.
System Monitoring & Error Tracking In-house gateway, error tracking, and logging services based on Nginx, Sentry, and Grafana Loki to monitor performance, requests, and security-related events.
External Traffic Monitoring Automated monitoring of external-facing networks to detect malicious traffic.
API Gateway Protection Prevention layer within the API gateway to terminate malicious requests before they reach microservices.
Security Alerts & Notifications Security notifications routed to responsible employees for timely response.
Unique User Accounts Unique accounts assigned to every user to ensure traceability and secure access.
Malware Detection Malware detection software installed to support system protection.

Organization Security

Acceptable Use Policy Acceptable Use Policy enforced through employee training and formal acknowledgment, defining permitted use of systems and data.
Business Continuity & Disaster Recovery Testing Annual testing of business continuity and disaster recovery plans to support operational resilience.
Code of Conduct Code of Conduct outlining employee security and ethical responsibilities.
Disaster Recovery Plan Documented disaster recovery plan defining procedures and recovery objectives to restore services after disruptions.
Incident Response Team Dedicated team with defined roles to respond to security incidents.
Documented Incident Response Procedures Internal procedures documented for handling production incidents.
Customer Incident Notification Customers notified in the event of security issues through direct email communication.
Public Status Updates Detailed updates shared on the online status page, including current status and progress.
Remediation Timeline Transparency Clear information provided on when patches will be applied and the expected timeframe for resolution.
Security Training Annual security awareness training for all employees. Development team receives additional regular training on OWASP Top 10 vulnerabilities to support secure coding practices.

Product Security

Database & Server Monitoring Production databases and servers monitored using AWS and open-source tools (Grafana, Prometheus, Exporter), with alerts for suspicious activity and resource usage spikes.
Hard-Disk Encryption All hard disks encrypted with AES-256 to protect data at rest. The production database layer (AWS RDS) encrypted with AES-256 via AWS KMS.
Multi-Factor Authentication (MFA) MFA required for all accounts to add an extra layer of security.
Session Lock Controls Inactive sessions automatically locked to help prevent unauthorized access.
Terms of Service Clear Terms of Service defining responsibilities and acceptable platform use to support compliance with security standards.

Sub-processors

Gridly works with the following subprocessors to provide and support the Service. Each subprocessor processes data only on Gridly’s documented instructions and under a data processing agreement.

Sub-processor Service Location
AWS    Amazon Web Services Application services / hosting EU
AWS    Google Cloud Platform Application services / hosting EU
AWS    Timescale (TigerData Cloud) Application services / hosting EU
AWS    Sentry Application services / hosting US
AWS    Mailgun Application services / hosting EU
AWS    HubSpot Customer support / sales operations / ticketing EU
AWS    OpenReplay Data analytics EU