Table of Contents
Great Question's Security Credentials
Updated by Billy Dowell
Great Question takes security and privacy very seriously.🔒
We apply best practices and manage security at all levels of our organization – from infrastructure to development processes and employee training.
- We are SOC-2 Type II certified.
- We work with Vanta as our security vendor to help us maintain our security profile.
- We conduct regular pentests, and regularly review our security policies and procedures to always stay up to date.
- All data in-transit is encrypted and secured using TLS and at-rest with AES-256, block-level storage encryption.
- All customer passwords are hashed guarding against the possibility that someone who gains unauthorized access to your database can retrieve the passwords of every user.
- We rely on Heroku to provide our certified infrastructure. Heroku data centers are SOC 1, SOC 2 and SOC 3 certified.
- We rely on data centers from Heroku in the US-1 west region.
- We constantly monitor both our infrastructure and network traffic to detect anomalies and prevent potential threats.
- Each organization on Great Question has the power to configure their own access roles to ensure security within their organization.
- Only select Great Question employees (those who directly require it to do their job) are authorized to access your data.
- All access to user data is logged, whether by your own team members or Great Question employees.
Please reach out to us in the chat or at [email protected]!