CRM Cloud Security

Our Number One Job is to make Sure Your Private and Sensitive CRM Data is Always Safe and Secure

Security

Military-Grade CRM Security

Hardened CRM security you can trust and verify

We value the trust and confidence you put in us to protect and secure your sensitive data. We take this responsibility very seriously. Our number one job is to make sure your data is always safe and secure. When possible, we like to allow the verification and validation of our security measures.

We are not like the other companies who boast about their security measures. When you go to verify their security, you are left wondering how safe your data really is. With Gro Software, you can verify that we are taking the proper measures to protect and secure your sensitive data.

Gro CRM Securityheaders.io A+ rating
Verify Gro CRM with
SecurityHeaders.io:
You can verify Gro CRM Servers below:
Gro CRM App
Gro CRM API
Gro CRM Website
Gro CRM Qualys A+ rating
Verify Gro CRM with
Qualys SSL Labs:
You can verify Gro CRM Servers below:
Gro CRM App
Gro CRM API
Gro CRM Website

AES 256-bit encryption and TLS 1.2

Gro CRM uses AES 256-bit encryption and TLS 1.2 to protect your data. The same level of encryption used by the National Security Agency (NSA) to protect information at a “Top Secret” level. AES 256-bit is now widely-accepted as the strongest encryption there is. It is used by governments, militaries, global financial institutions and other organizations across the world to protect highly sensitive data.


PCI-DSS compliant

Gro Software is a Payment Card Industry Data Security Standard (PCI DSS) compliant merchant. The PCI Attestation of Compliance (AoC) for our merchant status is available to customers who sign an NDA and request the document.

Our network and servers are scanned for compliance each quarter and we renew our compliance each and every year


Compliance

Private encrypted network

All your data is encrypted and transmitted over private encrypted isolated networks. No snooping on data transmissions at all.


Private data containers

Each company is isolated in their own private data container. No cross-bleeding of data ever occurs, so your data is always isolated and only available to you and your team.


Certificate pinning

We do certificate pinning on our servers and our apps. Certificate pinning is an extra check to make sure that the service you’re connecting to is really who they say they are, and not an imposter. We use it to guard against other ways that skilled hackers may try to spy on your activity.


Perfect forward secrecy

For end points we control, we use strong ciphers and support perfect forward secrecy. By implementing perfect forward secrecy, we’ve made it so our private SSL key can't be used to decrypt past Internet traffic. This adds extra protection to encrypted communications with Gro CRM, essentially disconnecting each session from all previous sessions. Additionally, on the web, we flag all authentication cookies as secure and enable HTTP Strict Transport Security (HSTS).


Automated encrypted backups

All Gro CRM accounts and data is automatically encrypted and backed up on multiple servers around the world.


Redundancy and clustering

Our server architecture is redundant across the board. Meaning, even if one, two, or three servers fail, our system stays active and accessible.


Protected financial data

We do not save credit card data. All credit card information goes through our secure, PCI-compliant payment gateway. That means your credit card information is kept in a secure environment at every step of the transaction process.


Secure modern cryptography passwords

We do not save passwords. When our passwords are created they are salted and hashed. If you lose or forget your password, you must use our reset password tool with your Gro CRM username to reset your password. When creating your password, we require a base level of password security on all accounts. This is for your protection, security and privacy.


Reset Password

Two-factor authentication

Two-factor authentication (2FA) is an extra layer of security for your Gro CRM account designed to ensure that you're the only person who can access your account, even if someone knows your password.

2FA protects against phishing, social engineering and password brute-force attacks. It also secures your logins from attackers exploiting weak or stolen credentials.


Security testing

Our security team performs automated and manual application security testing both internal and external on a regular basis. This will identify and patch potential security vulnerabilities and issues with our platform and servers.


Independent third-party audits

We use independent third-party auditors to test our systems and controls against some of the most widely-accepted security standards and regulations in the world.


Datacenter's compliant and certified

All datacenters are audited and certified by various internationally-recognized compliance standards. ISO27001, SSAE 16 and ISAE 3402 (Previously SAS 70 Type II), SOC 2 Type II, SOC 3, and PCI-DSS certified. All datacenters renew their compliance each and every year.


99% uptime SLA guarantee

We maintain more than 99% uptime. This guarantees you service continuity and quality assurance. You can verify our uptime with our independent third-party providers.


System Status
Ready to get started

Gro CRM the Small Business Platform Made for Apple Users


Made with in California
© 2018 Gro Software, LLC
"This is our most-likable website ever"