Security at Growth Protocol

There is nothing more important than security and privacy at Growth Protocol. Security is embedded into everything we do — from how we design and build our products to how we operate our internal systems and support our customers.

Governance

Growth Protocol’s Security team is responsible for establishing security policies and controls, monitoring adherence to those controls, and demonstrating our security and compliance posture to external third-party auditors.

Least Privilege Access

Access to systems and data is strictly limited to personnel with a legitimate business need. Permissions are granted based on the principle of least privilege.

Defense-in-Depth

We implement layered and comprehensive security controls to reduce risk and increase resilience against potential threats.

Consistency

Security controls are applied uniformly across all systems, environments, and operational areas of the organization.

Continuous Maturation

We iteratively refine our security controls to enhance effectiveness, improve auditability, and reduce operational friction over time.

Data Protection

Growth Protocol applies strong technical and organizational safeguards to protect customer data throughout its lifecycle.

Data at rest

All data stores containing customer data or other data deemed sensitive are encrypted at rest. Sensitive data is additionally protected using field-level encryption where appropriate.

Access to data stores follows a zero-trust policy and is strictly limited to users with a verified business need.

Data in transit

Growth Protocol uses TLS 1.2 or higher for all data transmitted over potentially insecure networks.

Server TLS keys and certificates are managed by AWS and deployed through Application Load Balancers.

Secret Management

Application secrets are encrypted and stored securely using GCP Secrets Manager and Vault. Access to secrets is strictly limited and continuously monitored

Encryption and access keys are regularly rotated to reduce risk and prevent unauthorized or malicious access.

Product Security

Penetration Testing

Growth Protocol engages, at least annually, with leading third-party penetration testing firms.
All areas of the Growth Protocol product and cloud infrastructure are in scope for these assessments.
Testers are provided with full access required to maximize coverage and effectiveness.

Vulnerability Scanning

Growth Protocol performs vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC), including:
Static application security testing (SAST) during pull requests and on an ongoing basis
Malicious dependency scanning to prevent the introduction of malware into the software supply chain
Network vulnerability scanning on a regular basis

Enterprise Security

Endpoint Protection
All corporate devices are centrally managed and equipped with device management software and anti-malware protection. Endpoint security alerts are monitored 24/7/365.
Secure Remote Access
Remote access to internal resources is secured using a modern VPN platform. Malware-blocking DNS services are used to protect employees and their devices while browsing the internet.

Security Education & Awareness

All employees receive comprehensive security training upon onboarding and annually through educational modules within Growth Protocol’s platform.
New employees attend mandatory onboarding sessions covering key security principles, and engineers receive additional training focused on secure coding practices.

Identity and Access Management

Growth Protocol uses Auth0 to manage identity and access across our systems. We enforce the use of phishing-resistant authentication factors.

Access to applications is granted based on role and job function
Employee access is automatically deprovisioned upon termination
Additional access requires approval according to application-specific policies
Growth Protocol maintains a Trust Center where customers can request access to compliance documentation, including SOC 2 material

View real-time system availability and incident updates

Check out status