Table of Contents

Great Question's Security Credentials

Billy Dowell Updated by Billy Dowell

Great Question takes security and privacy very seriously.🔒

We apply best practices and manage security at all levels of our organization – from infrastructure to development processes and employee training.

  • We are SOC-2 Type II certified.
  • We work with Vanta as our security vendor to help us maintain our security profile.
  • We conduct regular pentests, and regularly review our security policies and procedures to always stay up to date.
  • All data in-transit is encrypted and secured using TLS and at-rest with AES-256, block-level storage encryption.
  • All customer passwords are hashed guarding against the possibility that someone who gains unauthorized access to your database can retrieve the passwords of every user.  
  • We rely on Heroku to provide our certified infrastructure. Heroku data centers are SOC 1, SOC 2 and SOC 3 certified.
    • We rely on data centers from Heroku in the US-1 west region.
  • We constantly monitor both our infrastructure and network traffic to detect anomalies and prevent potential threats.
  • Each organization on Great Question has the power to configure their own access roles to ensure security within their organization.
  • Only select Great Question employees (those who directly require it to do their job) are authorized to access your data.
  • All access to user data is logged, whether by your own team members or Great Question employees.

Have Questions?

Please reach out to us in the chat or at [email protected]!

How did we do?

Data Retention

Is Great Question GDPR/CCPA compliant?