It's kind of a big deal.
At Gigasheet we take security and data privacy seriously. With over 25 years of combined experience in the cyber security industry our team has the knowledge and skills to ensure our application meets or exceeds the highest level of standards.
How does Gigasheet keep my data secure?
Gigasheet uses a combination of encryption and technical safeguards to protect our customers’ data. Our information security program includes measures such as:
Network security: firewalled network segmentation of internal services and APIs
Encryption: we encrypt databases at rest, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes, we use DNSSEC to protect against forged DNS answers
Multi-factor authentication: email verification for user logins and 2 factor authentication is available for our users
Automated security scans of our systems and web application
Active DDoS mitigation
Data minimization: we delete all application logs after at most 60 days
Bot traffic detection: we selectively require a CAPTCHA during the login process
Suspicious IP Throttling: suspicious logins targeting too many accounts from a single IP address will be restricted
Brute-force protection: we limit login attempts separately for each source IP address to limit the potential for attackers to lock legitimate users out of their account
Breached password detection: we automatically block accounts that try to log in using compromised credentials
How does Gigasheet ensure my privacy?
Our privacy obligations and the protection of your information is not taken lightly, and we comply with all applicable privacy laws and regulations.
Does Gigasheet encrypt customer data?
Gigasheet encrypts customer information at rest in our databases with industry standard 256-bit AES encryption, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes.
How does Gigasheet prevent unauthorized access?
Gigasheet fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.
All customer data stored by Gigasheet is located in data centers secured by Amazon Web Services (AWS), which offers unparalleled physical and information security. These servers are located separately from Gigasheet’s employees.
AWS has been certified to meet the following standards: SOC 3; PCI DSS Level 1; ITAR; FIPS 140-2; ISO 27001; ISO 27017; ISO 27018; and ISO 9001. More information on AWS security processes can be found here. As an additional security measure, AWS servers hosting Gigasheet customer data can only be accessed via VPN.
Is Gigasheet GDPR compliant?
While we meet many of the GDPR standards, Gigasheet is not yet fully GDPR compliant. We are a fast growing company and are working to become fully GDPR compliant in the future.
What user information does Gigasheet store?
Beyond user financial information required for billing purposes, and user emails and passwords to allow access to the service, Gigasheet stores the following user data:
Original uploaded files
Parsed uploaded files
Uploaded file metadata such as file size and file name
Logs of certain user actions to help us resolve problems or improve the service
Results of data transformations such as Enrichments or Functions
Basic usage statistics such as numbers of logins and uploads
All data can be deleted upon user request. Moreover, as stated above, Gigasheet has infrastructure in place to ensure that this data cannot be accessed by any unauthorized party.
How does Gigasheet respond to government or law enforcement requests for data?
Satisfy a valid law enforcement request, or as required by law
In case of emergency, to protect the property, safety, security, and rights of Gigasheet, its users, or the general public
Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Gigasheet’s policy to respond as narrowly as possible to best protect our customers’ privacy.
Does Gigasheet support single sign-on?
Yes, Gigasheet provides single sign-on (SSO) support from the following providers:
How can I report a security vulnerability to Gigasheet?
Please contact us to report a security issue.
Protecting Our Systems
We leverage industry leading service providers AWS, Cloudflare and Auth0 to provide best-in-class service for our users. We use DNSSEC to protect against forged DNS answers, where zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by Gigasheet. When you visit our website or use the Gigasheet app, the transmission of information between your device and our servers is protected using 256-bit encryption. Gigasheet servers are located in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Gigasheet data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access. We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
We're always adding additional security layers to Gigasheet. Please contact us if you have questions, concerns, or to report an issue.