Gearset is a Salesforce customer and Salesforce partner. We understand the kind of data that users trust Salesforce with, and Gearset has been built to respect that data and that trust.
We utilise information security best practices to protect your data and help you stay compliant with data protection regulations and organizational requirements. For more information on our security approach, contact [email protected] or visit https://gearset.com/security.
Gearset ensures metadata and data are encrypted at all times, both in transit and at rest. In transit, we use the latest SSL standards and enforce TLS 1.2 on every page. This gains us the highest SSL labs security report (SSL report). At rest, Gearset uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256). Each object is encrypted with a unique key, and a rotating master key protects each unique key.
We maintain 24/7 intrusion detection on our service, guarding against unauthorized access with logging analysis, policy monitoring, rootkit detection, and real-time alerting.
Gearset instances and storage are hosted on Amazon Web Services (AWS), the same datacentres that Salesforce and Heroku trust for their compute needs. Gearset's servers are located in the European Union. These industry-leading, secure facilities hold the following accreditations: SOC1, SOC2, SOC3, PCI DSS Level 1, ISO 27001, HIPAA and more.
These datacentres are protected by the strictest security controls. Physical access to our servers is restricted to authorized personnel only. In addition to this physical security, Gearset’s services run on our own VPC (Virtual Private Cloud) inside AWS to further isolate our networks, in according with networking and security best practices.
To minimize the risks of an internal security breach (e.g. through phishing attacks) access to infrastructure passwords is controlled via encrypted password storage vaults to which only select team members with operational requirements have access.
Backup and disaster recovery
Our backup policies are designed to ensure our critical services and business processes continue in the event of a disaster.
Encrypted production volumes are backed up automatically once a day onto isolated infrastructure. We also perform backups of our internal tools and databases to ensure the continuation of the service in the event of a disaster. We test our backup and recovery capability on a daily basis.