CONTACT SALES: +1 (833) 441 7687
Gearset is a Salesforce customer and Salesforce partner. We understand the kind of data that users trust Salesforce with, and Gearset has been built to respect that data and that trust.
We utilise information security best practices to protect your data and help you stay compliant with data protection regulations and organizational requirements. For more information on our security approach, contact [email protected] for a copy of our security overview document.
OAuth When you log into Gearset, we use the secure OAuth authentication protocol to ensure that user passwords are never stored on our servers.
Data encryption Gearset ensures metadata and data is encrypted at all times, both in transit and at rest. In transit, we use the latest SSL standards and enforce TLS 1.2 on every page. This gains us the highest SSL labs security report (SSL report). At rest, Gearset uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256). Each object is encrypted with a unique key, and a rotating master key protects each unique key.
Intrusion protection We maintain 24/7 intrusion detection on our service, guarding against unauthorized access with logging analysis, policy monitoring, rootkit detection, and real-time alerting.
Secure hosting Gearset instances and storage are hosted on Amazon Web Services (AWS), the same datacentres that Salesforce and Heroku trust for their compute needs. Gearset's servers are located in the European Union. These industry-leading, secure facilities hold the following accreditations: SOC1, SOC2, SOC3, PCI DSS Level 1, ISO 27001, HIPAA and more.
These datacentres are protected by the strictest security controls. Physical access to our servers is restricted to authorized personnel only. In addition to this physical security, Gearset’s services run on our own VPC (Virtual Private Cloud) inside AWS to further isolate our networks, in according with networking and security best practices.
Compartmentalized access To minimize the risks of an internal security breach (e.g. through phishing attacks) access to infrastructure passwords is controlled via encrypted password storage vaults to which only select team members with operational requirements have access.
Our backup policies are designed to ensure our critical services and business processes continue in the event of a disaster.
Encrypted production volumes are backed up automatically once a day onto isolated infrastructure. We also perform backups of our internal tools and databases to ensure the continuation of the service in the event of a disaster. We test our backup and recovery capability on a daily basis.
Gearset is trusted by finance, healthcare, educational and government institutions around the world, from FTSE 100 to the Fortune 5. Find out more about our customers and success stories, or learn more about Gearset's features.