CONTACT SALES: +1 (833) 441 7687

Security and compliance

Enterprise-grade security

Gearset is a Salesforce customer and Salesforce partner. We understand the kind of data that users trust Salesforce with, and Gearset has been built to respect that data and that trust.

We utilise information security best practices to protect your data and help you stay compliant with data protection regulations and organizational requirements. For more information on our security approach, contact [email protected] for a copy of our security overview document.

OAuth
When you log into Gearset, we use the secure OAuth authentication protocol to ensure that user passwords are never stored on our servers.

Data encryption
Gearset ensures metadata and data is encrypted at all times, both in transit and at rest. In transit, we use the latest SSL standards and enforce TLS 1.2 on every page. This gains us the highest SSL labs security report (SSL report). At rest, Gearset uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256). Each object is encrypted with a unique key, and a rotating master key protects each unique key.

Intrusion protection
We maintain 24/7 intrusion detection on our service, guarding against unauthorized access with logging analysis, policy monitoring, rootkit detection, and real-time alerting.

Compliance

GDPR
Gearset is committed to protecting your privacy. All information you give us is held with the utmost care and security in accordance with the General Data Protection Regulations 2016 (GDPR). For more information on what data we collect and how we use it, see our privacy policy.

Secure hosting
Gearset instances and storage are hosted on Amazon Web Services (AWS), the same datacentres that Salesforce and Heroku trust for their compute needs. Gearset's servers are located in the European Union. These industry-leading, secure facilities hold the following accreditations: SOC1, SOC2, SOC3, PCI DSS Level 1, ISO 27001, HIPAA and more.

These datacentres are protected by the strictest security controls. Physical access to our servers is restricted to authorized personnel only. In addition to this physical security, Gearset’s services run on our own VPC (Virtual Private Cloud) inside AWS to further isolate our networks, in according with networking and security best practices.

Compartmentalized access
To minimize the risks of an internal security breach (e.g. through phishing attacks) access to infrastructure passwords is controlled via encrypted password storage vaults to which only select team members with operational requirements have access.

Backup and disaster recovery

Our backup policies are designed to ensure our critical services and business processes continue in the event of a disaster.

Encrypted production volumes are backed up automatically once a day onto isolated infrastructure. We also perform backups of our internal tools and databases to ensure the continuation of the service in the event of a disaster. We test our backup and recovery capability on a daily basis.

Trusted by industry leaders

Gearset is trusted by finance, healthcare, educational and government institutions around the world, from FTSE 100 to the Fortune 5. Find out more about our customers and success stories, or learn more about Gearset's features.

For security-related questions, contact [email protected]

Ready to get started with Gearset?

Log in now to start your completely free 30 day trial
try it now