Security Measures at Grain

We take every measure possible to ensure your data is protected and safe.

SOC 2 Certified

Grain is SOC 2 Type I certified and expected to obtain Type II accreditation in Q1 2023.


We encrypt data at rest and during transmission

Grain provides TLS v1.3 Encryption for data in transit, AES-256 encryption for data at rest.

Grain removes all primary copies of customer data after termination of services, all storage backups are fully deleted after 60 days.

Grain operates firewalls on all external network connections.

Grain continuously runs security monitoring software on production systems.


Grain isolates production data systems from test and development systems.

Grain utilizes non-routable internal network addresses (RFC1918) and Network Address Translation.

Proxy servers are used to mediate network connections that cross network boundaries.

All devices connecting to the network have an approved build/configuration standard.

Grain continuously monitors and alerts of security logs via AWS GuardDuty and Security Hub controls.

Grain prohibits the use of insecure administrative protocols such as Telnet, SNMPv1.

Grain hosts all infrastructure within Amazon Web Services.

Grain operates anti-virus/anti-malware controls on all applicable devices.

Real-Time Updates are provided in regards to anti-virus, anti-malware, and other signature-based solutions updated with the latest signatures.

Employee Security

All Grain employees sign Privacy + Security Policies, Confidentiality Agreements, NDA and User Agreements.

As of 2022 Grain has 0 known security breaches.

As of 2022 Grain has not been the subject of any investigations or Law Suits.

Designated Privacy contact: Ryan Johnson - Principal Engineer, Gus Bartholomew - Head of Operations

User Security Measures

Grain prevents client data from being written to removable media sources.

All Grain users have unique IDs for all systems and applications.

User IDs are prevented from containing content indicating their access level.

Dormant IDs are disabled/deleted after 7 days of service termination / 60 days from all storage backups.

Grain requires minimum length of 16 characters with mixed alphanumeric, multi-factor authorization.

Grain enforces inactivity timeouts to lock applications after a period of time.

Grain operates on a “Lease Access” basis whereby access to any system has to be granted.

Grain routinely reviews access levels which are periodically reviewed by IT and data owners to ensure individual access rights are appropriate based on job information.

Grain maintains a Cyber Insurance policy.

Additional Security Documentation

The Following policies can be requested through our sales team. Please contact us to request.

Terms of Service

Security One Pager

Information Security Policy

Cyber Policy Summary

2021 Pentest (Cobalt) Summary

SOC 2 Type 1 Audit Report

Get Started with Grain

Try for free