How does Gigasheet make money?
Gigasheet uses a combination of encryption and technical safeguards to protect our customers’ data. Our information security program includes measures such as:
Network security: fire-walled network segmentation of internal services and APIs
Encryption: we encrypt databases at rest, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes, we use DNSSEC to protect against forged DNS answers
Multi-factor authentication: email verification for user logins and 2 factor authentication is available for our users
Automated security and vulnerability scans of our systems and web application
Active DDoS mitigation
Data minimization: we delete all application logs after at most 60 days
Bot traffic detection: we selectively require a CAPTCHA during the login process
Suspicious IP Throttling: suspicious logins targeting too many accounts from a single IP address will be restricted
Brute-force protection: we limit login attempts separately for each source IP address to limit the potential for attackers to lock legitimate users out of their account
Breached password detection: we automatically block accounts that try to log in using compromised credentials
How Does Gigasheet keep my data secure?
Our privacy obligations and the protection of your information is not taken lightly, and we comply with all applicable privacy laws and regulations.
How Does Gigasheet ensure my privacy?
Gigasheet encrypts customer information at rest in our databases with industry standard 256-bit AES encryption, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes.
Does Gigasheet encrypt customer data?
Gigasheet fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.
All customer data stored by Gigasheet is located in data centers secured by Amazon Web Services (AWS), which offers unparalleled physical and information security. These servers are located separately from Gigasheet’s employees.
AWS has been certified to meet the following standards: SOC 3; PCI DSS Level 1; ITAR; FIPS 140-2; ISO 27001; ISO 27017; ISO 27018; and ISO 9001. More information on AWS security processes can be found here. As an additional security measure, AWS servers hosting Gigasheet customer data can only be accessed via VPN.
How does Gigasheet prevent unauthorized access?
While we meet many of the GDPR standards, Gigasheet is not yet fully GDPR compliant. We are a fast growing company and are working to become fully GDPR compliant in the future.
Is Gigasheet GDPR compliant?
Beyond user financial information required for billing purposes, and user emails and passwords to allow access to the service, Gigasheet stores the following user data:
Original uploaded files
Parsed uploaded files
Uploaded file metadata such as file size and file name
Logs of certain user actions to help us resolve problems or improve the service
Results of data transformations such as Enrichments or Functions
Basic usage statistics such as numbers of logins and uploads
What user information does Gigasheet store?
Satisfy a valid law enforcement request, or as required by law
In case of emergency, to protect the property, safety, security, and rights of Gigasheet, its users, or the general public
Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Gigasheet’s policy to respond as narrowly as possible to best protect our customers’ privacy.
How does Gigasheet respond to government or law enforcement requests for data?
Yes, Gigasheet provides single sign-on (SSO) support from the following providers:
Our Enterprise edition also supports custom SSO. Contact us for more details.
Does Gigasheet support single sign-on?
Does Gigasheet have a Penetration Testing (Pentest) Policy?
Yes! Please email us here for our Pentest Rules of Engagement. We respond to all inquiries within 3 business days or less.
Email us here. We respond to all inquiries within 3 business days or less.
How can I report a security vulnerability to Gigasheet?
Does Gigasheet sell or share the data I upload?
Protecting Our Systems
We leverage industry leading service providers AWS, Cloudflare and Auth0 to provide best-in-class service for our users. We use DNSSEC to protect against forged DNS answers, where zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by Gigasheet. When you visit our website or use the Gigasheet app, the transmission of information between your device and our servers is protected using 256-bit encryption. We test our app continuously for the latest vulnerabilities with recurring weekly scans crowd-sourced from ethical hackers. Gigasheet servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Gigasheet data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
We're always adding additional security layers to Gigasheet. Please contact us if you have questions, concerns, or to report an issue.
Security & Privacy
It's Kind of A Big Deal
At Gigasheet we take security and data privacy seriously. With over 25 years of combined experience in the cyber security industry our team has the knowledge and skills to ensure our application meets or exceeds the highest level of standards.
Need to report a security vulnerability or issue? Email us here. We respond to all inquiries within 3 business days or less.