Yes. For more information, see our Privacy Policy and GDPR Compliance with Gratavid. No data is stored permanently inside EU regions.

Gratavid does not store personal credit card information for any of our customers. We use Stripe to process transactions and trust their commitment to best-in-class security. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.

Yes. All data is encrypted in transit (HTTPS/TLS). Sensitive information like access tokens, secrets, and customer data associated with your profile is encrypted at rest (AES-256). Encryption is automatic and no customer action is required.

Yes. Our current backup interval is every day and each backup is persisted for one month. Automatic backups are taken without affecting the performance or availability of the database operations.

All the backups are stored separately in a storage service, and those backups are globally replicated for resiliency against regional disasters.

Gratavids uses AWS, Google Cloud, Twilio/Sendgrid, Vercel, and Algolia. Our data partners are certified for a growing number of compliance standards and controls, maintain ISO 27001, SOC2 Type II certifications, and undergo several independent third-party audits to test for data safety, privacy, and security. They perform regular independent penetration testing and have public bug bounty programs that help us ensure ongoing security.

Yes. We conduct regular penetration testing.

You can email us at security@gratavid.com