We take security and privacy very seriously. We apply best practices and manage security at all levels of our organization - from infrastructure through to development processes and employee training.

  • We work with Vanta as our security vendor to help us maintain our security profile.

  • We conduct regular pentests, and regularly review our security policies and procedures to always stay up to date.

  • All data in-transit is encrypted and secured using TLS and at-rest with AES-256, block-level storage encryption.

  • All customer passwords are hashed guarding against the possibility that someone who gains unauthorized access to your database can retrieve the passwords of every user.

  • We rely on Heroku to provide our certified infrastructure. Heroku data centers are SOC 1, SOC 2 and SOC 3 certified.

  • We constantly monitor both our infrastructure and network traffic to detect anomalies and prevent potential threats.

  • Each organization on Great Question has the power to configure their own access roles to ensure security within their organization.

  • Only select Great Question employees (those who directly require it to do their job) are authorized to access your data.

  • All access to user data is logged, whether by your own team members or Great Question employees.

Did this answer your question?