Here at GridCure we are focused on maintaining data security and privacy for our customers. Approaching product development with security at the forefront, we ensure that our customers are in control of their data and that their information is safe.

Data Security

  • Data Encryption
    • Data in transit: All data transferred between the user’s browser and GridCure’s servers is encrypted in transit. GridCure uses SSL/TLS v1.3.
    • Data at rest: Data is encrypted at rest in GCP using AES-256 encryption.
  • Data center security
    • Data center provider: GridCure uses Google Cloud Platform (GCP) to host its production servers, databases, and supporting services.
    • Multi-region: GridCure uses a multi-region setup for its infrastructure. The principle region for running the application is GCP region US-Central 1 (Iowa), with GCP region US- West 1 (Oregon) for its backup.
  • Data Availability
    • Backups: GridCure’s production systems and data are backed up on a regular basis. We run through a checklist to verify data is recorded and usable. Backups are tested on a periodic basis.

Application Security

  • Development  security
    • Access controls: GridCure’s system access is based on  limited controls and is reviewed periodically. GridCure enforces the policy of least privilege.
    • Testing and review:  All changes to our application are subject to peer review and are tested prior to being merged. 
    • Separate environments: GridCure maintains segregated testing, development and production environments.
  • Vulnerability management
    • Penetration testing: GridCure’s security team uses third parties to conduct penetration tests to identify deficiencies in the system that may affect critical assets.
    • Vulnerability scanning:  GridCure uses third-party security tools to continuously scan our applications, systems, and infrastructure for security risks and vulnerabilities.
    • Code analysis: GridCure’s code repositories are regularly scanned for security issues using static code analysis.
    • Automatic dependency management: GridCure uses automated tooling to actively check for dependency updates for a proactive, rather than reactive, security stance. 

Product Security

  • Authentication
    • Multi-Factor Authentication: GridCure ​​allows you to add an extra layer of security to your account by enabling two-step verification, also called two-factor authentication. This reduces the risk of having your account accessed by anyone else.
    • Single Sign On: GridCure offers integration with customer’s single sign on systems that are compliant with industry standards like LDAP and SAML.
    • Third Party Identity Provider: GridCure applications are secured by a third party identity provider, utilizing JWT based authentication and authorization for all backend APIs.

People Security

  • Security awareness
    • Dedicated Team: GridCure has a dedicated team responsible to ensure all security practices and policies are enforced. This team is also responsible in responding to any security incidents efficiently and quickly.
    • Policies:  GridCure maintains a robust listing of security policies which are updated regularly and must be reviewed at a minimum of each year by each employee. Policies are communicated to employees and are available for review at any time. 
    • Training: All  GridCure employees are required to complete security training  upon joining the company.
  • Employee checks
    • Background checks: Background checks are performed on all GridCure candidates prior to hiring.
    • New-hire reviews: All GridCure employees are required to sign GridCure’s information security policy  and confidentiality agreements upon joining the team.

Information Security

  • SOC, SOC2 Reports: GridCure maintains AICPA System and Organization Controls (SOC) 2 Type II Report. The SOC Report is available to customers after an NDA has been signed. Please reach out to security@gridcure.com to obtain a copy of GridCure’s most recent SOC 2 Type II Report.  Click here for more information on AICAP’s SOC2 report.
  • GDPR: GridCure is GDPR security compliant. Specific details about our data storage and the personally identifiable information collected can be found within our privacy policy and terms and conditions.

Let’s Protect Data Together


Contact GridCure Now