Security at Groove
Groove takes data security and customer trust very seriously. Our data security program is fully aligned with ISO 27001/2, and we’ve taken stringent measures to comply with global privacy measures as outlined below.
SOC 2
Groove undergoes its own annual SOC 2 Type 2 assessment, independently of AWS/Heroku, that validates the suitability of the design and operating effectiveness of our security controls. A copy of the report is available under NDA.
Data Security
Groove uses Heroku and Amazon Web Services (AWS) and does not host customer data on its premises. In addition to Groove"\'"s own annual SOC 2 Type 2 audit report, Amazon provides an extensive list of compliance and regulatory assurances. See Amazon compliance and security docs for more detailed information.
Additional security measures:
Your data is encrypted at rest and protected by TLS in transit.
Groove logically separates user data, and all access is authenticated using OAuth.
GDPR, CCPA, and Global Data Privacy Compliance
Groove complies with the GDPR, CCPA, and other global privacy laws and regulations. We are constantly monitoring charges to privacy laws and everything privacy regulations, and evaluating how they impact our platform and services. As a Data Processor under GDPR, and Service Provider Uber CCPA, we are committed to assisting our customers with their end-user requests and compliance efforts and are ready to sign DPAs as needed to address data transfer and provide assurance of appropriate controls.
Responsible Disclosure
If you have a security-related concern or wish to disclose a vulnerability, please email security@groove.co and include the phrase “Security Vulnerability” in the subject line. Your reports should include a detailed description of your discovery with clear, concise, reproducible steps, or a working proof-of-concept (POC).
