Contact sales: +1 (833) 441 7687

Security and compliance

Built around trust

Trust is a core principle at Gearset. We understand the kind of data that users trust Salesforce with, and Gearset has been built to respect that data and that trust. We have invested a great deal of time, effort, and resources into ensuring that our users’ information is secure at all times. As a result, Gearset has been certified by external auditors to the international information security standard ISO 27001.

For more information on our security controls, contact [email protected] to request our security whitepaper.

Enterprise-grade security

Data encryption
Gearset ensures metadata and data is encrypted at all times, both in transit and at rest. In transit, we use the latest SSL standards and enforce TLS 1.2 on every page. This gains us the highest SSL labs security report (SSL report). At rest, Gearset uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256). Each object is encrypted with a unique key, and a rotating master key protects each unique key.

Intrusion protection
We maintain 24/7 intrusion detection on our service, guarding against unauthorized access with logging analysis, policy monitoring, rootkit detection, and real-time alerting.

Penetration testing
Gearset undergoes regular penetration tests by CREST certified professionals. These tests probe for vulnerabilities in our application and ensure we're always ahead of the game in keeping our security world-class. Results of our latest assessments are available upon request.


ISO 27001
Gearset has been audited and certified to the international information security standard ISO/IEC 27001:2013. This certification demonstrates that Gearset has implemented a comprehensive, effective, and continually improving Information Security Management System. Certification involves regular audits to verify our compliance.

Gearset is committed to protecting your privacy. All information you give us is held with the utmost care and security in accordance with the General Data Protection Regulations 2016 (GDPR). For more information, see our GDPR compliance document.

Secure hosting
Gearset instances and storage are hosted on Amazon Web Services (AWS), the same datacentres that Salesforce and Heroku trust for their compute needs. Gearset's servers are located in the European Union. These industry-leading, secure facilities hold the following accreditations: SOC1, SOC2, SOC3, PCI DSS Level 1, ISO 27001, HIPAA and more.

These datacentres are protected by the strictest security controls. Physical access to our servers is restricted to authorized personnel only. In addition to this physical security, Gearset’s services run on our own VPC (Virtual Private Cloud) inside AWS to further isolate our networks, in accordance with networking and security best practices.

Backup and disaster recovery plan

Gearset automatically performs backups of critical resources. All production data is backed up daily to separate infrastructure. Backups are encrypted. In addition, we perform backups and exports on our various tools and databases.

Gearset's disaster recovery plan is designed to ensure our critical services and business processes continue in the event of a disaster. We test our plan annually.

Have custom security questionnaires?

To streamline your review of Gearset, we can provide a pre-filled cloud security questionnaire, our security whitepaper, and a copy of our ISO 27001 certificate. These documents provide in-depth information about our security controls and how we protect your data, along with external verification that our processes are operating effectively across the business.

For security related questions, or to report an incident, contact us via email at [email protected]

Ready to get started with Gearset?

Start free trial