Start using Gridly for free

Streamline your content workflow now!

By signing up, you accept our Terms of Use and Privacy Policy.

Trust Center

Safeguarding your content with Gridly – ISO 27001 certified for trusted, secure, and compliant localization.
Trust Center

Security & Compliance

Last Updated: September 15, 2025

At Gridly, safeguarding customer data is our highest priority. We combine enterprise-grade security features, continuous monitoring, and independent audits to maintain a secure and reliable platform you can trust.

Gridly is certified under ISO/IEC 27001:2022, the leading international standard for information security management. This certification demonstrates our commitment to protecting your data with industry-recognized best practices in security, privacy, and risk management.

Security certification & architecture principles

  1. ISO/IEC 27001:2022 – certified Information Security Management System (ISMS).
  2. Defense in Depth – layered safeguards across applications, networks, and infrastructure.
  3. AWS Well-Architected Security Pillar – cloud environments designed following industry-leading security principles.
  4. Security & Privacy by Design – built into every stage of our product lifecycle.

Contact Information

Monitoring

Application security

Code Review Process: Gridly enforces peer code reviews to catch security issues before deployment, ensuring software released is safe and reliable.

Employee Disclosure Process: Gridly’s onboarding includes NDAs and background checks to safeguard sensitive information.

Quarterly Vulnerability Scan: Gridly runs quarterly scans with AWS Inspector to find and fix security weaknesses. Gridly also runs security scanning using BurpSuite/Zap regularly and implements automatic scanning & recommendation on infrastructure configurations via AWS Security Hub, Cloudtrail and AWS Config

Software Development Life Cycle Policy: Gridly’s secure SDLC embeds security in every step of software development, from design to deployment.

Web Application Firewall: Gridly uses AWS & Open source layers to block malicious web traffic, protecting against attacks like SQL injection, XSS and other security risks.

Data security & Protection

Daily Database Backups: Gridly implements robust data backup and recovery mechanisms to ensure data integrity and availability. Our backup strategy consists of two layers:

  • Application-Level Backups: Customers can initiate on-demand backups and restores at any time through Gridly’s application features

  • Infrastructure-Level Backups: Automated point-in-time backups and restores are performed using AWS RDS, ensuring continuous data protection and rapid recovery capabilities.

Encryption at Rest: Gridly uses AES-256 for encryption at rest, using AWS KMS. Cryptographic keys are assigned to specific roles based on least privilege access and keys are automatically rotated yearly. Usage of keys is monitored and logged. AWS says about their KMS, “AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect cryptographic keys. " (See here for more: https://aws.amazon.com/kms/)

Security Policies: Gridly’s security policies, including Information Security and Access Control, guide our team to manage risks and protect customer data, meeting ISO 27001 standards.

SSL/TLS Enforced: Gridly uses TLS v1.2 or higher for all data transfers, with regularly updated certificates to ensure secure connections.

System Access Control Policy: Gridly limits system access to only what’s needed, using role-based controls RBAC and regular audits to prevent unauthorized access.

Infrastructure security

Cloud Data Storage Restricted: Gridly stores production data in secure AWS regions, encrypted with AES-256 and accessible only by authorized staff.

Encryption of Web-Based Admin Access: Gridly secures admin web access with TLS v1.2+ and requires multi-factor authentication (MFA) for added protection.

Multiple Availability Zones: Gridly uses AWS’s multiple availability zones to keep services running smoothly and data safe, even during disruptions.

Password Policy and Configuration: Gridly enforces strong, unique passwords, updated regularly and stored securely with hashing.

Security Patches Automatically Applied: Gridly automatically applies security patches through AWS & Docker containers, ensuring systems stay protected.

Network security

Denial of Public SSH: Gridly blocks public SSH access, requiring secure VPN server connections on all environments

Firewalls: Gridly uses AWS Security Groups and Network ACLs to control network traffic, blocking unauthorized access.

Logging/Monitoring: Gridly monitors systems for quickly spotting and addressing unusual activity. We monitor our environment carefully across multiple tools on performance, requests, and access. Some monitoring tools include:

  • AWS Cloudtrail for logging, continuously monitoring, and retaining account activity related to actions across our AWS infrastructure.

  • AWS Config for continuously monitoring, auditing, and evaluating configurations on AWS.

  • In-house self-built services: gateway, error tracking system & logging system for storing and notifying security issues. It’s a solution based on Nginx, Sentry, Grafana Loki & notification rules.

  • For external-facing networks, we monitor and detect malicious traffic automatically.

  • Notifications are sent to the responsible Gridly employees. Our API gateway service also has a prevention layer for terminating malicious requests before reaching microservices.

Malware Detection Software Installed: 

Unique Accounts Used: Gridly assigns unique accounts to every user, ensuring actions are traceable and secure.

Organization Security

Acceptable Use Policy: Gridly enforces an Acceptable Use Policy through employee training and acknowledgment. This policy defines permissible use of systems and data. 

BCP/DR Tests Conducted Annually: Gridly tests business continuity and disaster recovery plans annually for operational resilience. 

Code of Conduct: Gridly’s Code of Conduct outlines employee security and ethical responsibilities.

Disaster Recovery Plan: Gridly’s DR plan outlines steps to restore services quickly after disruptions, with clear recovery goals.

Incident Response Team: Gridly’s dedicated team responds to security incidents with defined roles and swift action.

Incident Response Plan: Although we have never had any security incidents, we always prepare for all situations. We document all internal procedures for handling production incidents. We are always ready and proactive for incidents and notice/share details on our online status page. We will notify all customers when having security issues: 

  • Directly via email

  • Detail & status update on https://status.gridly.com

  • Timeframe on when and how long the patch will be applied.

Security Training: Gridly conducts annual security awareness training for all employees to understand risks and follow best practices. The development team receives additional regular training on OWASP Top 10 vulnerabilities to ensure secure coding.

Product Security

Databases & Servers Monitoring and Alarmed: Gridly monitors production databases & servers using AWS and open-source tools (Grafana, Prometheus, Exporter), with alerts for suspicious activity and resource usage spikes to ensure security and high availability.

Hard-Disk Encryption: Gridly secures all hard disks with AES-256 encryption, protecting data at rest across devices. The production database layer (AWS RDS) is encrypted with AES-256 via AWS KMS for robust security.

MFA on Accounts: Gridly requires MFA for all accounts, adding an extra layer of security.

Session Lock: Gridly locks inactive sessions to prevent unauthorized access to user accounts.

Terms of Service: Gridly’s Terms of Service outline responsibilities and acceptable use of the platform, ensuring compliance with security standards.