Security

Security you can trust

A compliance tool should practice what it preaches. Here's how we protect your data.

Security First

Built secure from day one

We take security seriously because your compliance data is sensitive.

Multi-tenant isolation

Your data is logically isolated from other customers. No shared resources, no cross-tenant access.

Encryption at rest

All data is encrypted using AES-256 encryption. Your evidence and controls are protected even at the storage layer.

Encryption in transit

All communication uses TLS 1.2+ encryption. Data is protected as it moves between your browser and our servers.

Least-privilege access

Internal access is restricted to what's needed. No broad access to customer data.

Your Controls

Access controls

Control who can see and do what in your organization.

Role-based access control

Define roles with specific permissions. Admins, editors, and viewers.

Audit trail

Every action is logged. Know who did what and when.

Secure authentication

Strong password requirements and session management.

Infrastructure

Cloud infrastructure security

We build on secure, modern cloud infrastructure.

Hosted on secure cloud

We use trusted cloud providers with SOC 2 and ISO 27001 certifications.

Regular backups

Automated backups ensure your data is protected against loss.

Network security

Firewalls, intrusion detection, and network segmentation protect our infrastructure.

Vulnerability management

Regular security assessments and dependency updates keep systems patched.

Our security commitment

We're building GRIT Comply to be audit-ready itself. Here's our roadmap:

  • 1

    SOC 2 Type II

    We're working toward SOC 2 Type II certification. We use GRIT Comply to manage our own compliance.

  • 2

    Continuous improvement

    Security isn't a checkbox. We continuously assess and improve our security posture.

  • 3

    Transparency

    We'll share our security documentation and audit reports with customers.

Data Privacy

Data handling

Your data, your control.

Data ownership

You own your data. We're just the custodian.

Data export

Export your data anytime. No lock-in.

Data deletion

Request deletion and we'll remove your data completely.

No data selling

We never sell or share your data with third parties.

Security questions?

Reach out to our security team at contact@gritcomply.com. We're happy to answer questions or provide additional documentation.

Contact security team