Security
at Gigasheet
It's kind of a big deal.

At Gigasheet we take security and data privacy seriously. With over 25 years of combined experience in the cyber security industry our team has the knowledge and skills to ensure our application meets or exceeds the highest level of standards. 
 

Security FAQ

How does Gigasheet keep my data secure?

Gigasheet uses a combination of encryption and technical safeguards to protect our customers’ data. Our information security program includes measures such as:

  • Network security: firewalled network segmentation of internal services and APIs

  • Encryption: we encrypt databases at rest, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes, we use DNSSEC to protect against forged DNS answers

  • Multi-factor authentication: email verification for user logins and 2 factor authentication is available for our users

  • Automated security scans of our systems and web application

  • Active DDoS mitigation

  • Data minimization: we delete all application logs after at most 60 days

  • Bot traffic detection: we selectively require a CAPTCHA during the login process

  • Suspicious IP Throttling: suspicious logins targeting too many accounts from a single IP address will be restricted

  • Brute-force protection: we limit login attempts separately for each source IP address to limit the potential for attackers to lock legitimate users out of their account

  • Breached password detection: we automatically block accounts that try to log in using compromised credentials


 

How does Gigasheet ensure my privacy?

Our privacy obligations and the protection of your information is not taken lightly, and we comply with all applicable privacy laws and regulations.

 

Gigasheet does not share nonpublic information with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations, as well as information we may collect about you, and how we will use that information. Our policy aims to protect all parties that interact with our service.

 

Does Gigasheet encrypt customer data?

Gigasheet encrypts customer information at rest in our databases with industry standard 256-bit AES encryption, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes.

How does Gigasheet prevent unauthorized access?

Gigasheet fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.

 

All customer data stored by Gigasheet is located in data centers secured by Amazon Web Services (AWS), which offers unparalleled physical and information security. These servers are located separately from Gigasheet’s employees.

 

AWS has been certified to meet the following standards: SOC 3; PCI DSS Level 1; ITAR; FIPS 140-2; ISO 27001ISO 27017ISO 27018; and ISO 9001. More information on AWS security processes can be found here. As an additional security measure, AWS servers hosting Gigasheet customer data can only be accessed via VPN.

 

Is Gigasheet GDPR compliant?

While we meet many of the GDPR standards, Gigasheet is not yet fully GDPR compliant. We are a fast growing company and are working to become fully GDPR compliant in the future.

 

What user information does Gigasheet store?

Beyond user financial information required for billing purposes, and user emails and passwords to allow access to the service, Gigasheet stores the following user data:

 

  • Original uploaded files

  • Parsed uploaded files

  • Uploaded file metadata such as file size and file name

  • Logs of certain user actions to help us resolve problems or improve the service

  • Results of data transformations such as Enrichments or Functions

  • Basic usage statistics such as numbers of logins and uploads

 

All data can be deleted upon user request. Moreover, as stated above, Gigasheet has infrastructure in place to ensure that this data cannot be accessed by any unauthorized party. 

 

How does Gigasheet respond to government or law enforcement requests for data?

As detailed in the Gigasheet Privacy Policy, Gigasheet does not share any personal data or logged information with any other company, organization, or individuals except as required in the following situations:

 

  • Satisfy a valid law enforcement request, or as required by law

  • Enforce applicable Terms of Service, Terms of Use, or other contractual obligations

  • In case of emergency, to protect the property, safety, security, and rights of Gigasheet, its users, or the general public
     

Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Gigasheet’s policy to respond as narrowly as possible to best protect our customers’ privacy.

Does Gigasheet support single sign-on?

Yes, Gigasheet provides single sign-on (SSO) support from the following providers:

 

  • Google G-Suite

  • Linkedin

  • Github

 

How can I report a security vulnerability to Gigasheet?

Please contact us to report a security issue. 

Protecting Our Systems

We leverage industry leading service providers AWS, Cloudflare and Auth0 to provide best-in-class service for our users. We use DNSSEC to protect against forged DNS answers, where zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by Gigasheet. When you visit our website or use the Gigasheet app, the transmission of information between your device and our servers is protected using 256-bit encryption. Gigasheet servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Gigasheet data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.

We're always adding additional security layers to Gigasheet. Please contact us if you have questions, concerns, or to report an issue.

cf-logo-v-rgb.png
aws.png
auth0.png