Grain is SOC 2 Type I certified and expected to obtain Type II accreditation soon.
SOC 2 Type I audit ensures that we conform to the American Institute of Certified Public Accountants (“AICPA”) SOC 2 standard. We’ve received a clean Type I report implying that our customers’ meeting data is properly managed, protected, and secured.
As part of our ongoing commitment to data security, we will continually review how we collect, manage, and secure customer data and obtain periodic SOC 2 Type II reports. If you’re a customer looking for a copy of the report, please reach out to us.
Give your team the power to access Grain without compromising on security. If you are an Enterprise customer and have SSO set up for your business, you can require users to log in to Grain using their SSO credentials.
Enabling SSO for your workspace allows you to have deeper administrative control and adds a layer of protection to your meeting data.
Grain hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance and security documents for more detailed information.
100 percent of Grain's primary application servers are located within Grain’s own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
Web application architecture and implementation are built in Elixir/Erlang with the Phoenix framework and follow OWASP guidelines.
Grain conducts application penetration testing by a third-party at least annually in addition to Grain's continued internal testing and review program. See our latest letter of engagement here.
All connections to Grain are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A+ grade for Qualys/SSL Labs.
All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.
We use industry-standard AWS-managed PostgreSQL RDS and Elastic Search data storage systems.