Security

Enterprise Security at Grepr

At Grepr, security is foundational to everything we build. Our robust security program ensures your data remains protected, meeting stringent compliance requirements while enabling your business to operate with confidence.

Trust and Compliance

SOC2 Type II Certified

Grepr has successfully completed a SOC2 Type II audit by an independent third-party auditor, verifying that our security controls are not only well-designed but operating effectively over time. This rigorous assessment validates our commitment to:

  • Security: Protecting customer data and systems from unauthorized access
  • Availability: Ensuring systems are available as committed
  • Processing Integrity: Processing data completely, accurately, and in a timely manner
  • Confidentiality: Protecting information designated as confidential
  • Privacy: Handling personal information in accordance with privacy commitments

To request our complete SOC2 Type II report, please contact our security team.

For the most current information on our subprocessors and compliance certifications, visit our Trust Center (opens in a new tab).

Comprehensive Security Architecture

Authentication and Authorization

  • Secure Identity Management: Authentication to the Grepr UI uses OAuth 2.0 with Auth0 (opens in a new tab). We support SAML as well as OIDC to ease and secure identity management for our customers.
  • API Security: All Grepr APIs implement OAuth2.0 for robust authentication and authorization.
  • Zero Credential Storage: Grepr does not store your passwords or credentials in our data stores. We partner with Auth0 (opens in a new tab) for secure identity and access management.
  • Role-Based Access Controls: Granular permissions ensure users can only access the resources they need.

Infrastructure Security

  • AWS Enterprise Infrastructure: Our production environment runs on AWS, utilizing industry-leading security features and best practices.
  • Network Isolation: All server infrastructure resides within dedicated AWS VPCs with no direct internet accessibility.
  • Data Encryption: Data is encrypted both in transit (TLS 1.2+) and at rest using strong encryption standards.
  • Secure Data Architecture: We implement efficient data storage using Apache Parquet and Apache Iceberg table formats, with raw data secured in AWS S3.
  • API Key Security: API keys are securely stored in AWS Secrets Manager with strict access controls.

Vulnerability Management and Remediation

  • Continuous Vulnerability Scanning: Our infrastructure and applications undergo regular automated and manual security scans to identify potential vulnerabilities.
  • Software Composition Analysis: We continuously monitor our software dependencies and libraries for known vulnerabilities through automated tools integrated into our CI/CD pipeline.
  • Rapid Remediation: Critical vulnerabilities are addressed within 24 hours, with clear SLAs for all severity levels.
  • Patch Management: We maintain a structured process for timely application of security patches across our infrastructure and application stack.
  • Third-Party Security Assessments: Regular independent security assessments complement our internal vulnerability management program.

Proactive Security Operations

  • Continuous Monitoring: Advanced monitoring, alerting, and intrusion detection systems provide real-time visibility into our security posture.
  • Threat Intelligence: We leverage industry threat intelligence to stay ahead of emerging security threats.
  • Penetration Testing: Independent third-party security firms conduct regular penetration tests of our infrastructure and applications. Reports are available upon request.

Enterprise-Grade Security Program

Governance and Risk Management

  • Comprehensive Security Policies: We maintain formal, regularly-reviewed policies covering information security, risk management, and operational security.
  • Risk Assessment: Systematic evaluation processes identify, assess, and mitigate security risks.
  • Vendor Security Assessment: We rigorously evaluate third-party vendors to ensure they meet our security standards.

Employee Security

  • Security Training: All employees complete mandatory security awareness training upon joining and regularly thereafter.
  • Secure Development: Our engineers follow secure coding practices, with security reviews integrated throughout the development lifecycle.
  • Access Controls: We enforce least-privilege access controls and multi-factor authentication for all staff.

Business Continuity

  • Disaster Recovery: Comprehensive disaster recovery plans ensure business continuity in adverse situations.
  • Data Backups: Regular data backups with verified recovery procedures protect your information.
  • High Availability Design: Our architecture minimizes single points of failure for critical systems.

Incident Response

  • Incident Management Framework: A formal incident response plan guides our handling of security events.
  • Response Team: Our dedicated security team is prepared to respond rapidly to security incidents.
  • Breach Notification: Clear procedures ensure timely and appropriate communications in the event of a security incident.

Deployment Options

  • SaaS Deployment: Our standard cloud offering provides enterprise-grade security with minimal overhead.
  • Private Cloud: For organizations with strict compliance requirements, we offer private cloud deployment options.

Security Assurance

We understand that enterprise buyers require ongoing assurance of our security practices:

  • Regular Attestations: Our SOC2 Type II certification is renewed annually.
  • Transparency: We're committed to clear communication about our security practices.
  • Continuous Improvement: Our security program evolves with emerging threats and best practices.

Contact Our Security Team

For detailed security information, compliance documentation, or to report security concerns, please contact our security team at security@grepr.io.

Grepr Processing ModelAuthentication