It's Kind of a Big Deal

Gigasheet uses a combination of encryption and technical safeguards to protect our customers’ data. Our information security program includes measures such as:

• Gigasheet is NIST 800-171 and SOC 2 Type 2 compliant and works with third-party auditors who objectively certify our controls
• Network security: fire-walled network segmentation of internal services and APIs
• Encryption: we encrypt databases at rest, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes, we use DNSSEC to protect against forged DNS answers
• Multi-factor authentication: email verification for user logins and 2 factor authentication is available for our users
• Automated security and vulnerability scans of our systems and web application
• Active DDoS mitigation
• Data minimization: we delete all application logs after at most 60 days
• Bot traffic detection: we selectively require a CAPTCHA during the login process
• Suspicious IP Throttling: suspicious logins targeting too many accounts from a single IP address will be restricted
• Brute-force protection: we limit login attempts separately for each source IP address to limit the potential for attackers to lock legitimate users out of their account
• Breached password detection: we automatically block accounts that try to log in using compromised credentials

Our privacy obligations and the protection of your information is not taken lightly, and we comply with all applicable privacy laws and regulations.

Gigasheet does not share nonpublic information with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations, as well as information we may collect about you, and how we will use that information. Our policy aims to protect all parties that interact with our service.

Gigasheet employs a robust encryption and security framework to ensure the confidentiality, integrity, and availability of user data. We are proud to be SOC 2 Type 2 compliant, an attestation that demonstrates our commitment to industry leading standards of security practices and controls. This compliance is verified by an independent third-party auditor, ensuring that our security measures meet stringent criteria and are rigorously evaluated and tested over time.

Gigasheet encrypts customer information at rest in our databases with industry standard 256-bit AES encryption, data is encrypted in transit with HTTPS over SSL/TLS, and passwords are encrypted with salted hashes.

Gigasheet fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.

All customer data stored by Gigasheet is located in data centers secured by Amazon Web Services (AWS), which offers unparalleled physical and information security. These servers are located separately from Gigasheet’s employees.

AWS has been certified to meet the following standards: SOC 3; PCI DSS Level 1; ITAR; FIPS 140-2; ISO 27001; ISO 27017; ISO 27018; and ISO 9001. More information on AWS security processes can be found here. As an additional security measure, AWS servers hosting Gigasheet customer data can only be accessed via VPN.

While we meet many of the GDPR standards, Gigasheet is not yet fully GDPR compliant. We are a fast growing company and are working to become fully GDPR compliant in the future.

Beyond user financial information required for billing purposes, and user emails and passwords to allow access to the service, Gigasheet stores the following user data:

• Original uploaded files
• Parsed uploaded files
• Uploaded file metadata such as file size and file name
• Logs of certain user actions to help us resolve problems or improve the service
• Results of data transformations such as Enrichments or Functions
• Basic usage statistics such as numbers of logins and uploads

All data can be deleted upon user request. Moreover, as stated above, Gigasheet has infrastructure in place to ensure that this data cannot be accessed by any unauthorized party. We do not sell or share user data with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations.

As detailed in the Gigasheet Privacy Policy, Gigasheet does not share any personal data or logged information with any other company, organization, or individuals except as required in the following situations:

• Satisfy a valid law enforcement request, or as required by law
• Enforce applicable Terms of Service, Terms of Use, or other contractual obligations
• In case of emergency, to protect the property, safety, security, and rights of Gigasheet, its users, or the general public
  

Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Gigasheet’s policy to respond as narrowly as possible to best protect our customers’ privacy.

Yes, Gigasheet provides single sign-on (SSO) support from the following providers:

• Google
• Microsoft
• Github​

Our Enterprise edition also supports custom SSO. Contact us for more details.

Yes! Please email us here for our Pentest Rules of Engagement. We respond to all inquiries within 3 business days or less.

Email us here. We respond to all inquiries within 3 business days or less.

We make money from Premium and Enterprise customers who choose to upgrade and unlock the full potential of Gigasheet. You can learn more about our pricing and plans here. We do not sell or share user data with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations.

No. We do not sell or share user data with any other companies or individuals except in cases where you ask us to do so, or in cases where we are legally required to do so. Our Privacy Policy explicitly details these situations.

Gigasheet is currently SOC 2 (System and Organization Controls 2) Type 2 compliant and under continuous monitoring. Gigasheet utilizes enterprise-grade best practices to protect our customers’ data, and works with independent experts to verify its security, privacy, and compliance controls, and has achieved SOC 2 Type 2 report against stringent standards. We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.