Our Number One Job is to make Sure Your Private and Sensitive CRM Data is Always Safe and Secure
Military-Grade CRM Security
Hardened CRM security you can trust and verify
We value the trust and confidence you put in us to protect and secure your sensitive data. We take this responsibility very seriously. Our number one job is to make sure your data is always safe and secure. When possible, we like to allow the verification and validation of our security measures.
We are not like the other companies who boast about their security measures. When you go to verify their security, you are left wondering how safe your data really is. With Gro Software, you can verify that we are taking the proper measures to protect and secure your sensitive data.
Gro CRM uses AES 256-bit encryption and TLS 1.2 to protect your data. The same level of encryption used by the National Security Agency (NSA) to protect information at a “Top Secret” level. AES 256-bit is now widely-accepted as the strongest encryption there is. It is used by governments, militaries, global financial institutions and other organizations across the world to protect highly sensitive data.
Gro Software is a Payment Card Industry Data Security Standard (PCI DSS) compliant merchant. The PCI Attestation of Compliance (AoC) for our merchant status is available to customers who sign an NDA and request the document.
Our network and servers are scanned for compliance each quarter and we renew our compliance each and every year
All your data is encrypted and transmitted over private encrypted isolated networks. No snooping on data transmissions at all.
Private data containers
Each company is isolated in their own private data container. No cross-bleeding of data ever occurs, so your data is always isolated and only available to you and your team.
We do certificate pinning on our servers and our apps. Certificate pinning is an extra check to make sure that the service you’re connecting to is really who they say they are, and not an imposter. We use it to guard against other ways that skilled hackers may try to spy on your activity.
Perfect forward secrecy
For end points we control, we use strong ciphers and support perfect forward secrecy. By implementing perfect forward secrecy, we’ve made it so our private SSL key can't be used to decrypt past Internet traffic. This adds extra protection to encrypted communications with Gro CRM, essentially disconnecting each session from all previous sessions. Additionally, on the web, we flag all authentication cookies as secure and enable HTTP Strict Transport Security (HSTS).
Automated encrypted backups
All Gro CRM accounts and data is automatically encrypted and backed up on multiple servers around the world.
Redundancy and clustering
Our server architecture is redundant across the board. Meaning, even if one, two, or three servers fail, our system stays active and accessible.
Protected financial data
We do not save credit card data. All credit card information goes through our secure, PCI-compliant payment gateway. That means your credit card information is kept in a secure environment at every step of the transaction process.
Secure modern cryptography passwords
We do not save passwords. When our passwords are created they are salted and hashed. If you lose or forget your password, you must use our reset password tool with your Gro CRM username to reset your password. When creating your password, we require a base level of password security on all accounts. This is for your protection, security and privacy.
Two-factor authentication (2FA) is an extra layer of security for your Gro CRM account designed to ensure that you're the only person who can access your account, even if someone knows your password.
2FA protects against phishing, social engineering and password brute-force attacks. It also secures your logins from attackers exploiting weak or stolen credentials.
Our security team performs automated and manual application security testing both internal and external on a regular basis. This will identify and patch potential security vulnerabilities and issues with our platform and servers.
Independent third-party audits
We use independent third-party auditors to test our systems and controls against some of the most widely-accepted security standards and regulations in the world.
Datacenter's compliant and certified
All datacenters are audited and certified by various internationally-recognized compliance standards. ISO27001, SSAE 16 and ISAE 3402 (Previously SAS 70 Type II), SOC 2 Type II, SOC 3, and PCI-DSS certified. All datacenters renew their compliance each and every year.
99% uptime SLA guarantee
We maintain more than 99% uptime. This guarantees you service continuity and quality assurance. You can verify our uptime with our independent third-party providers.