The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ personal data. It will take effect from 25th of May 2018.
We are committed to helping our customers comply with the GDPR by providing best industry standard privacy and security protections that are built into our services.
What are your responsibilities as a customer?
Our customers will typically act as the data controller for any personal data they provide to Grow In Cloud in connection with their use of our software services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. Grow In Cloud is a data processor and processes personal data on behalf of the data controller when they use our cloud services.
Data protection and Data Queries
How to contact us with data queries?
We have a dedicated Data Protection Officer to help you with any requests or questions you have about your data. You can reach out to us by emailing at email@example.com
Cloud Infrastructure and Systems
Where is our data center based?
North Europe, West Europe
What security accreditations our cloud provider have?
Who has access to your data?
Technical Customer service team
Is data encrypted on our servers at rest?
Yes, we use Transparent data encryption (TDE) to encrypt your SQL data and all your documents are encrypted through 256-bit AES encryption, one of the strongest block ciphers available.
Data retention / encryption / deletion
For how long do we retain your data?
We never delete your data until you ask us so by emailing. The duration of your data retention is your responsibility
For what period is your data stored in backups?
Where do we store backups?
North Europe, West Europe
Is Personal Data encrypted at rest?
Yes, we use Transparent data encryption (TDE) and 256-bit AES encryption.
Is Personal Data encrypted in transit?
Yes, using HTTPS protocol.
Is your data shared or passed on to any third parties?
No. We use Microsoft Azure as a Cloud infrastructure, SendGrid for transmitting our emails, Twilio for SMS, Paypal and Stripe for payments.
Logs and Analytics
Do we regularly keep, review and access transaction logs on all networks storing/processing our data?
Is access to all logs recorded and monitored?
Are all logs encrypted?
For what period is your data stored in Logs?
Do we monitor and analyze the logs?
Yes, we analyze logs and build reports on how our services are performing.
Do we have a breach notification mechanism?
Have we had a security breach within the last 24 months?
Do we notify customers of any suspected breach?
Yes as soon as possible.
Regions / Outside of EEA
Is any of data transferred outside of the EEA?
Is any Cloud system used outside of the EEA to store data?
Could you please describe the physical security server access that protects our data?
Physical security of our cloud infrastructure is managed by Microsoft Azure
Could you please describe the physical security of office access?
Physical security of our offices is managed by us.
What are our password complexity rules?
We use AES-GCM-256 authenticated encryption for password complexity.
Is production data used in test, release or development environments?
What procedures do we have in place for software development?
We use secure development policy and use scrum as a methodology.
Describe the separation of development, test and operational facilities?
We have completely separate environments for Development, Testing and Production.
What information do we store of our customers?
- First Name
- Last Name
- IP Address/Location Info
- Stripe Payment Info.
- Company Name
How do we use our customers information?
- To provide software and cloud services
- For on-going promotional software product emails ( customers can unsubscribe anytime by clicking on the unsubscribe button in the promotional emails)