security & privacy

It's Kind of a Big Deal

Gigasheet meets or exceeds the highest level of industry data and security standards.

FAQs

How does Gigasheet keep my data secure?
How does Gigasheet ensure my privacy?
Does Gigasheet encrypt customer data?
How does Gigasheet prevent unauthorized access?
Is Gigasheet GDPR compliant?
What user information does Gigasheet store?
How does Gigasheet respond to government or law enforcement requests for data?
Does Gigasheet support single sign-on?
Does Gigasheet have a Penetration (Pentest) policy?
How can I report a security vulnerability to Gigasheet?
How does Gigasheet make money?
Does Gigasheet sell or share the data I upload?
Is Gigasheet SOC 2 compliant?

How Does Gigasheet keep my data secure?

Gigasheet uses a combination of encryption and technical safeguards to protect our customers’ data. Our information security program includes measures such as:

  • Gigasheet is SOC 2 Type 2 compliant and works with third-party auditors who objectively certify our controls
  • Network security: fire-walled network segmentation of internal services and APIs
  • Encryption: we encrypt databases at rest, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes, we use DNSSEC to protect against forged DNS answers
  • Multi-factor authentication: email verification for user logins and 2 factor authentication is available for our users
  • Automated security and vulnerability scans of our systems and web application
  • Active DDoS mitigation
  • Data minimization: we delete all application logs after at most 60 days
  • Bot traffic detection: we selectively require a CAPTCHA during the login process
  • Suspicious IP Throttling: suspicious logins targeting too many accounts from a single IP address will be restricted
  • Brute-force protection: we limit login attempts separately for each source IP address to limit the potential for attackers to lock legitimate users out of their account
  • Breached password detection: we automatically block accounts that try to log in using compromised credentials

How Does Gigasheet ensure my privacy?

Our privacy obligations and the protection of your information is not taken lightly, and we comply with all applicable privacy laws and regulations.

Gigasheet does not share nonpublic information with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations, as well as information we may collect about you, and how we will use that information. Our policy aims to protect all parties that interact with our service.

Does Gigasheet encrypt user data?

Gigasheet employs a robust encryption and security framework to ensure the confidentiality, integrity, and availability of user data. We are proud to be SOC 2 Type 2 compliant, an attestation that demonstrates our commitment to industry leading standards of security practices and controls. This compliance is verified by an independent third-party auditor, ensuring that our security measures meet stringent criteria and are rigorously evaluated and tested over time.

Gigasheet encrypts customer information at rest in our databases with industry standard 256-bit AES encryption, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes.

How Does Gigasheet prevent unauthorized access?

Gigasheet fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.

All customer data stored by Gigasheet is located in data centers secured by Amazon Web Services (AWS), which offers unparalleled physical and information security. These servers are located separately from Gigasheet’s employees.

AWS has been certified to meet the following standards: SOC 3; PCI DSS Level 1; ITAR; FIPS 140-2; ISO 27001; ISO 27017; ISO 27018; and ISO 9001. More information on AWS security processes can be found here. As an additional security measure, AWS servers hosting Gigasheet customer data can only be accessed via VPN.

Is Gigasheet GDPR compliant?

While we meet many of the GDPR standards, Gigasheet is not yet fully GDPR compliant. We are a fast growing company and are working to become fully GDPR compliant in the future.

What user information does Gigasheet store?

Beyond user financial information required for billing purposes, and user emails and passwords to allow access to the service, Gigasheet stores the following user data:

  • Original uploaded files
  • Parsed uploaded files
  • Uploaded file metadata such as file size and file name
  • Logs of certain user actions to help us resolve problems or improve the service
  • Results of data transformations such as Enrichments or Functions
  • Basic usage statistics such as numbers of logins and uploads

All data can be deleted upon user request. Moreover, as stated above, Gigasheet has infrastructure in place to ensure that this data cannot be accessed by any unauthorized party. We do not sell or share user data with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations.

How does Gigasheet respond to government or law enforcement requests for data?

As detailed in the Gigasheet Privacy Policy, Gigasheet does not share any personal data or logged information with any other company, organization, or individuals except as required in the following situations:

  • Satisfy a valid law enforcement request, or as required by law
  • Enforce applicable Terms of Service, Terms of Use, or other contractual obligations
  • In case of emergency, to protect the property, safety, security, and rights of Gigasheet, its users, or the general public

Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Gigasheet’s policy to respond as narrowly as possible to best protect our customers’ privacy.

Does Gigasheet support single sign-on?

Yes, Gigasheet provides single sign-on (SSO) support from the following providers:

  • Google
  • Microsoft
  • Github​

Our Enterprise edition also supports custom SSO. Contact us for more details.

Does Gigasheet have a Penetration Testing (Pentest) policy?

Yes! Please email us here for our Pentest Rules of Engagement. We respond to all inquiries within 3 business days or less.

How can I report a security vulnerability to Gigasheet?

Email us here. We respond to all inquiries within 3 business days or less.

How does Gigasheet make money?

We make money from Premium and Enterprise customers who choose to upgrade and unlock the full potential of Gigasheet. You can learn more about our pricing and plans here. We do not sell or share user data with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations.

Does Gigasheet sell or share the data I upload?

No. We do not sell or share user data with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations.

Is Gigasheet SOC 2 compliant?

Gigasheet is currently SOC 2 (System and Organization Controls 2) Type 2 compliant and under continuous monitoring. Gigasheet utilizes enterprise-grade best practices to protect our customers’ data, and works with independent experts to verify its security, privacy, and compliance controls, and has achieved SOC 2 Type 2 report against stringent standards. We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.

Protecting Our Systems

We leverage industry leading service providers AWS, Cloudflare and Auth0 to provide best-in-class service for our users. We use DNSSEC to protect against forged DNS answers, where zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by Gigasheet. When you visit our website or use the Gigasheet app, the transmission of information between your device and our servers is protected using 256-bit encryption. We test our app continuously for the latest vulnerabilities with recurring weekly scans crowd-sourced from ethical hackers. Gigasheet servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Gigasheet data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
We're always adding additional security layers to Gigasheet. Please contact us if you have questions, concerns, or to report an issue.

The ease of a spreadsheet with the power of a database, at cloud scale.

No Code
No Database
No Training
Sign Up, Free Forever

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

I understand
G2 Star rating logoCapterra 5 Star rating badgeSource Forge Logo - Light VersionSOC 2 Type 2 logo
© 2024 Gigasheet, INC. PATENTED