At Groove, our commitment to data security goes beyond established protocols and industry compliance - it’s built into the foundation of our platform.
Groove undergoes an annual SOC2 Type 2 assessment that covers all industry standard trust principles (Security, Confidentiality, Availability) and validates the suitability of the design and operating effectiveness of our security controls. We regularly review the compliance of critical vendors, including AWS/Heroku. Our latest SOC2 report is available upon request and under NDA.
Groove’s data security governance is designed to be fully aligned with ISO 27001. While Groove is not an ISO 27001 certified organization, we push past basic compliance requirements to provide our customers with best-in-class information security.
Groove’s security controls for data protection meet or exceed the Payment Card Industry Data Security Standard (PCI-DSS). Groove does not handle credit card data, but we’ve committed to this standard to ensure that our customers’ data is protected according to well-established, industry-standard data protection principles.
Groove will never mine or otherwise access your data for advertising purposes.
Customer data is only used when necessary to deliver our services. Account data is never viewed without permission.
Groove’s customers maintain ownership of their data at all times. Customer data is never deleted without ample prior notification.