Security

Your data is safe with us.

Security is foundational to everything we build. Gravun is designed from the ground up to protect your business data and your customers' information.

SOC 2 Type IIIn Progress
GDPRCompliant
CCPACompliant
PCI DSSCompliant
HIPAA ReadyAvailable
How We Protect You

Enterprise-grade security,
built in from day one

Encryption

  • TLS 1.2+ for all data in transit
  • AES-256 encryption at rest
  • Encrypted database backups
  • Secure key management via AWS KMS

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Single sign-on (SSO/SAML) on Scale plan
  • Least-privilege employee access
  • Audit logs for all admin actions

Infrastructure

  • Hosted on AWS (us-east-1 primary)
  • SOC 2 Type II certified data centers
  • 99.9% uptime SLA
  • Automated daily backups with 30-day retention
  • DDoS protection via AWS Shield

Monitoring & Response

  • 24/7 infrastructure monitoring
  • Automated anomaly detection
  • Documented incident response plan
  • 72-hour breach notification (GDPR)
  • Dedicated security team

Compliance

  • SOC 2 Type II (in progress)
  • GDPR compliant
  • CCPA compliant
  • PCI DSS compliant (via Stripe)
  • HIPAA-ready infrastructure

Vulnerability Management

  • Annual third-party penetration tests
  • Continuous dependency scanning
  • Responsible disclosure program
  • Security patches within 24 hours for critical CVEs
Responsible Disclosure

Found a vulnerability?

We take security reports seriously. If you discover a security vulnerability in Gravun, please report it to us responsibly. We commit to acknowledging your report within 24 hours and providing a fix timeline within 72 hours for critical issues.

Report a Vulnerability
24 hours
Acknowledgment of your report
72 hours
Fix timeline for critical vulnerabilities
Hall of Fame
Public recognition for responsible disclosures
No legal action
We will not pursue legal action for good-faith reports

Questions about security?

Our security team is available to answer questions from enterprise customers, security researchers, and compliance teams.

[email protected]