Security

Security @ Grepr

Grepr is built with security as one of the top priorities.

Trust and Compliance

SOC2 Type II Compliant

Grepr is SOC2 Type II compliant. We have undergone a rigorous audit process by a third party auditor to ensure that our systems and processes are secure and reliable. To request a copy of our SOC2 Type II report, please contact the Grepr security team.

Trust center

For more information on Grepr's security and compliance, please visit our trust center (opens in a new tab).

Security Practices

Being SOC2 Type II compliant, Grepr has implemented a number of security features to ensure that customer data is secure.

Authentication and Authorization

  • UI authentication: Authentication to the Grepr UI is allowed using Google Workspace.
  • Grepr APIs: Grepr APIs are accessible and authenticated using Auth token using the OAuth2.0 framework.

Additionally, Grepr does not store any Id/passwords in our own data stores. We utilize Auth0 (opens in a new tab) for AuthN/AuthZ.

System security

  • Grepr production infrastructure is hosted on AWS (opens in a new tab) and utilizes state-of-the-art security features to ensure that customer data is secure.

  • All server infrastructure is hosted in an AWS VPC and is not directly accessible from the internet.

  • Grepr uses advanced monitoring, alerting, auditing and intrusion detection systems to get real-time visibility into the security of our systems. This also allows us to remediate any security issues as soon as they are detected and patch our infrastructure to prevent potential threats.

  • Penetration testing: Grepr undergoes regular penetration testing by third-party security firms to ensure that our systems are secure and uphold the highest standards. To access our latest penetration test report, please contact the Grepr security team.

Operational security

  • Policies: Grepr has developed a set of well-established and comprehensive policies ranging a wide variety of security aspects including but not limited to operational security, risk management, information security, incident response etc. These policies are reviewed and updated regularly to ensure that they are up-to-date and are made available to all employees.

  • Employee training: All Grepr employees undergo security training to ensure that they are aware of the latest security threats and best practices. This training is mandatory for all employees and is conducted regularly. It also involves making employees aware of Grepr policies.

  • Incident response: Grepr has a well-defined incident response plan that is followed in case of a security incident.

  • Disaster Recovery and Business Continuity: Grepr has a well-defined disaster recovery and business continuity plan to ensure that customer data is secure and available even in case of a disaster. In that effect, we make sure to keep regular backups of customer data and have a well-defined process to restore data in case of adversity.

Contact Us

For any security-related queries, please contact the Grepr security team.

Operations