We take security and privacy very seriously. We apply best practices and manage security at all levels of our organization - from infrastructure through to development processes and employee training.
We work with Vanta as our security vendor to help us maintain our security profile.
We conduct regular pentests, and regularly review our security policies and procedures to always stay up to date.
All data in-transit is encrypted and secured using TLS and at-rest with AES-256, block-level storage encryption.
All customer passwords are hashed guarding against the possibility that someone who gains unauthorized access to your database can retrieve the passwords of every user.
We rely on Heroku to provide our certified infrastructure. Heroku data centers are SOC 1, SOC 2 and SOC 3 certified.
We constantly monitor both our infrastructure and network traffic to detect anomalies and prevent potential threats.
Each organization on Great Question has the power to configure their own access roles to ensure security within their organization.
Only select Great Question employees (those who directly require it to do their job) are authorized to access your data.
All access to user data is logged, whether by your own team members or Great Question employees.