Gearset has been audited and certified to the international information security standard ISO/IEC 27001:2013. This certification demonstrates that Gearset has implemented a comprehensive, effective, and continually improving Information Security Management System. Certification involves regular audits to verify our compliance.
Data protection and privacy
Where we process personal data on behalf of our customers, we commit to do so in accordance with all applicable Data Protection Laws and Regulations, including UK GDPR and the Data Protection Act, EU GDPR, and the CCPA. For more information, see our document on how Gearset handles personal data
Gearset instances and storage are hosted on Amazon Web Services (AWS), the same data centers that Salesforce and Heroku trust for their computing needs. Gearset offers hosting options in the United States, the European Union, and Australia to allow customers control over data residency. These industry-leading, secure facilities hold the following accreditations: SOC1, SOC2, SOC3, PCI DSS Level 1, ISO 27001, HIPAA and more.
These data centers are protected by the strictest security controls. Physical access to our servers is restricted to authorized personnel only. In addition to this physical security, Gearset’s services run on our own VPC (Virtual Private Cloud) inside AWS to further isolate our networks, in accordance with networking and security best practices.