Gratavid does not store personal credit card information for any of our customers. We use Stripe to process transactions and trust their commitment to best-in-class security. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.
Does Gratavid encrypt data?
Yes. All data is encrypted in transit (HTTPS/TLS). Sensitive information like access tokens, secrets, and customer data associated with your profile is encrypted at rest (AES-256). Encryption is automatic and no customer action is required.
Does Gratavid backup data?
Yes. Our current backup interval is every day and each backup is persisted for one month. Automatic backups are taken without affecting the performance or availability of the database operations.
All the backups are stored separately in a storage service, and those backups are globally replicated for resiliency against regional disasters.
What infrastructure does Gratavid use?
Gratavids uses AWS, Google Cloud, Twilio/Sendgrid, Vercel, and Algolia. Our data partners are certified for a growing number of compliance standards and controls, maintain ISO 27001, SOC2 Type II certifications, and undergo several independent third-party audits to test for data safety, privacy, and security. They perform regular independent penetration testing and have public bug bounty programs that help us ensure ongoing security.
Does Gratavid conduct regular penetration testing and vulnerability scans?