Security at GrowSurf
Growsurf, Inc. is committed to data security. Here is how we protect and handle private and sensitive data:
GrowSurf processes data only to fulfill its obligations as related to the Services outlined in our
Terms of Service
. All personal information for GrowSurf users and participants are shared to the minimal extent. Please see section
HOW AND WHY WE USE YOUR PERSONAL INFORMATION
Data storing (PII or otherwise) with third party vendors
: Please see section
PERSONAL INFORMATION WE COLLECT ABOUT USERS AND PARTICIPANTS
Data sharing (PII or otherwise) with third party vendors
: We only share data with the vendors listed sub-processors section on the
GrowSurf GDPR Portal
Data encrypted in transit
: We encrypt all data over the HTTPS network protocol.
Data encrypted at rest
: Certain sensitive information such as third-party API keys and Webhook secrets are encrypted at rest via
: Our servers are located in the states of California, Oregon, and Illinois, United States of America, unless our customer agreements specify otherwise. We utilize cloud providers like Google Cloud and Digital Ocean.
: GrowSurf requires the use of a firewall and whitelisted IP addresses, and the use of network load balancers in order to optimize the bandwidth available per each server. We regularly monitor incoming and outgoing data using Network and Graph analytics provided by third-party tools, such as Google Cloud Platform, Digital Ocean, and DataDog. We utilize networking tools such as Cloudflare for firewall and whitelisting utilities that prevent, minimize, and alert of network attacks.
: For data storage, we retain daily backups. Data is retained from 30-60 days, depending on the subprocessor.
Business Continuity Process
: Our internal Business Continuity Process (BCP) outlines protocols in the event of a disruption to normal operations.
Disaster Recovery Process
: Our internal Disaster Recovery Process (DRP) outlines protocols to restore data in the event of disasters.
: Our internal GDPR and CCPA Compliance processes cover protocols for data breaches, user policies, and more.
: Our internal IT Procedures and Security Policies cover general internal protocols, password and security/network policies for GrowSurf employees, including handling sensitive customer data.
Please note, we only accomodate security questionnaire requests, modified DPA requests, or any other legal/vendor requirements for customers on our annual custom plans. If you have bespoke legal and compliance needs, please
get in touch with sales