Security

All the measures we take to keep your data secure with Grid1.

Security is a very serious practice at Grid1. Every product discussion starts with the minimum requirement of protecting user data and security. We have a dedicated engineers who are constantly working to make Grid1 more secure.

Compliance

Grid1 follows the same security standards that comply with SOC 2 Type 2, ISO 27001, and PCI DSS. We are also GDPR compliant.

Hosting

Grid1 uses Amazon Web Services (AWS) to host all the services. We use AWS's Shared Responsibility Model to ensure that all the services are secure. We also use AWS's Well-Architected Framework to ensure that all the services are built with security in mind.

Monitoring Services

Grid1 uses a lot of different tools to monitor incidents, anomalies, and security threats. Any monitoring tool we use is open source and is self-hosted inside our own infrastructure. Some of our monitoring tools may run in multiple regions to ensure that we are always up and running. Some data-intensive monitoring services run inside our HQ to ensure maximum security.

Data Storage

Grid1 uses our own PostgreSQL servers hosted across multiple regions with replication for high availability and disaster recovery. We implement continuous delta backups and regular rollback checks to ensure data integrity. Our database migrations use a branched approach for safe deployment and rollback capabilities.

The database access is restricted only to the CTO. The database is not accessible from the internet, and is behind a secure firewall to communicate between our services. We also have dedicated monitoring systems to monitor the database for any suspicious activity.

Our infrastructure provides enterprise-grade security with regional redundancy and automated backup verification processes.

SSL Certificates

Grid1 uses Let's Encrypt to generate SSL certificates for all the services. We use a combination of Terraform and Certbot to generate and renew SSL certificates. We also use Cloudflare to cache all the static assets and to protect against DDoS attacks. All our SSL Keys are 2048-bit RSA keys.

Last updated: September 29, 2025

← Back to Legal Documents