Your company’s data is critical—not just for your growth and success, but because it’s important, confidential information.
Safety and security are a priority at Grow. While it’s our job to make your data more accessible, it’s also our job to make sure it’s only more accessible to you.
If you’re savvy in security, scroll to the bottom of this post to go straight to the technical specs. But if technical security jargon feels more foreign than an actual foreign language, don’t worry. We’ll break down our security in layman’s terms so that you can be confident that your data is safe with Grow.
We always use HTTPS—that stands for Hypertext Transfer Protocol, plus an S for “Secure.”
Regular HTTP sites send unencrypted data, which means that anyone could intercept the connection between you and the site’s server and see exactly what you’re sending and receiving.
On the other hand, with a secure HTTPS, your browser and the site’s server exchange cryptographic keys which they then use to encrypt and decrypt all data sent over the connection. All data on Grow dashboards is transmitted via standard 128-bit SSL encryption, so none of your data is ever exposed or vulnerable.
Wait … what is 128-bit SSL encryption?
SSL, or Secure Sockets Layer, is the technology that allows your browser and the site’s server to exchange cryptographic keys. “128-bit” means that there are 2^128 possible keys a hacker could use to decrypt the information—that’s approximately 340,282,370,000,000,000,000,000,000,000,000,000,000 options.
Even if a hacker were to use a network of computers to try all 2^128 possible keys in a “brute force” attack, it would take an amount of time that’s significantly longer than the age of the universe to input them all.
Which is all just to say that this “standard” level of encryption is actually quite secure.
A fundamental security principle of Grow is that our access to your data is read-only. We can’t edit or delete your data (nor do we want to).
We pull data from your data sources on demand and simply refresh the connections at intervals chosen by you on your dashboard.
We occasionally cache a small amount of data in order to create a new metric. This data is stored for up to 24 hours. We also cache some raw API responses for up to 5 minutes to speed up the application. This small data cache, as well as any authentication data to your data sources, are stored in encrypted fields in our database under AES-SHA256-CBC encryption.
To put it simply, this is an incredibly complex and secure encryption method—so complex that there may not be layman’s terms to describe it.
We use standard OAuth to gain access to most of your third party data sources. With an OAuth connection, our servers communicate with the application to request permission to read your data. The app, in turn, asks you to authorize the requested permissions. You never give your username or password for these apps to Grow. We simply save the connection and, of course, the authorization information with encryption in our database.
You can always remove data source connections in Grow which deletes the entry in our database, or you can revoke Grow’s access from your account.
For certain data sources that require it, such as a few database connections, we use a secure SSH tunnel so your data resides behind a secure firewall and you never have to open a port. Grow users can also white-list our server IPs so a private database is never left wide open.
All login passwords are SHA-encrypted and all logins are compared against that SHA-encrypted string. If you lose your password, we cannot recover it for you. Instead, you have to request a reset link that will only be active for a limited time. Get more info about resetting your password here.
All of our connections to the app from the browser are forced to use HTTPS/SSL with a DigiCert SSL certificate.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
All of our servers are located on the best-of-class Amazon Web Services.