SOC 2 Type II Certified
Grain is SOC 2 Type II certified.
SOC 2 Type II audit ensures that we conform to the American Institute of Certified Public Accountants (“AICPA”) SOC 2 standard. We’ve received a clean Type II report implying that our customers’ meeting data is properly managed, protected, and secured.
As part of our ongoing commitment to data security, we will continually review how we collect, manage, and secure customer data and obtain periodic SOC 2 Type II reports. If you’re a customer looking for a copy of the report, please reach out to us.
Single Sign-On
Give your team the power to access Grain without compromising on security. If you are an Enterprise customer and have SSO set up for your business, you can require users to log in to Grain using their SSO credentials.
Enabling SSO for your workspace allows you to have deeper administrative control and adds a layer of protection to your meeting data.
Data Center and Network Security
Grain hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance and security documents for more detailed information.
100 percent of Grain's primary application servers are located within Grain’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
Application Security
Web application architecture and implementation are built in Elixir/Erlang with the Phoenix framework and follow OWASP guidelines.
Grain conducts application penetration testing by a third-party at least annually in addition to Grain's continued internal testing and review program. See our latest letter of engagement here.
Data Security
All connections to Grain are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A+ grade for Qualys/SSL Labs.
All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.
We use industry-standard AWS-managed PostgreSQL RDS and Elastic Search data storage systems.
Security and Development Practices
Design of all new product functionality is reviewed for security impact, with Grain conducting mandatory code reviews for all changes to the code. Grain development and testing environments are separate from its production environment. All code development is done through a standard process.
Our infrastructure is defined and deployed using Terraform, with all changes reviewed prior to deployment.
Vulnerability Disclosure Process – Grain considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would be eager to hear from you.
Learn more about the security measures at Grain here. If you have any unanswered questions, please reach out to us at security@grain.com. We have a policy of responding to security reports within 24 hours.