Your security is our top priority

Data protection is a vital for every business, but especially yours.
At Grain, we take every measure possible to ensure your data is protected and safe.

Have a question or need help? Shoot us an email.

Data Center and Network Security

Grain hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 13, and ISO 27001. See Amazon’s compliance and security documents for more detailed information.

100 percent of Grain's primary application servers are located within Grain’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Application Security

Web application architecture and implementation are built in Elixir/Erlang with the Phoenix framework and follow OWASP guidelines.

Grain conducts application penetration testing by a third-party at least annually in addition to Grain's continued internal testing and review program. See our latest letter of engagement here.

Data Security

All connections to Grain are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A+ grade for Qualys/SSL Labs.

All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.

We use industry-standard AWS-managed PostgreSQL RDS and Elastic.co-managed Elastic Search data storage systems hosted within AWS.

Security and Development Practices

Design of all new product functionality is reviewed for security impact, with Grain conducting mandatory code reviews for all changes to the code. Grain development and testing environments are separate from its production environment. All code development is done through a standard process.

Our infrastructure is defined and deployed using Terraform, with all changes reviewed prior to deployment.

Vulnerability Disclosure Process – Grain considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would be eager to hear from you.

Please reach out to us at security@grain.co with questions. We have a policy of responding to security reports within 24 hours.

Get Started with Grain

Record, transcribe, clip, and share video from Zoom in real-time.