Security at Groov

Our users' privacy is central to our core beliefs at Groov, we treat your data as though it was a cherished family member's data. 

Any data that we do collect is used purely to improve the product and service to end users. Any reporting or data used for analysis to improve services is always anonymised and aggregated. 

We follow best practices in relation to security and are compliant and independently certified against ISO/IEC 27001:2003.  As well as being compliant with ISO:27001 we also fully comply with GDPR and are committed to respecting our customers and users' privacy. We perform regular penetration testing of our platform and applications to ensure that our software is not vulnerable to malicious attacks.

Here is a summary of some of the precautions we take and policies we have surrounding security and data.

You can view our privacy policy here.

 
 

Security 

Data Protection 

All sensitive data is encrypted in transit and at rest. All of our infrastructure is built as code, ensuring extremely few people have access to your data. We require multi-factor authentication to be enabled for any access to our environments. We also have security logging in place with advanced security monitoring, so our teams are immediately alerted of anything out of the ordinary and can investigate quickly. Physical access to our data centers is strictly controlled with comprehensive security measures by our data centre hosting partners. See the AWS shared responsibility model https://aws.amazon.com/compliance/shared-responsibility-model/ 


Development Practices 

We practice secure design practices to ensure that security is built into the process when we build software. We leverage best of breed tooling within our DevOps CI/CD pipelines to perform static code analysis, automated testing, automated vulnerability scanning to tell  us if the libraries we use have any known vulnerabilities . This reduces the potential for human error and misconfiguration. 


Our team practices continuous improvement, so as new security and testing tools become available we ensure they are assessed and applied to our processes if needed. To ensure that we produce quality secure code we get external pentesters to regularly verify that we have done a good job too. 


Needless to say we track all software and infrastructure changes, so they are audited and we operate on a ‘fix forward’ mentality meaning that any issues that are found are not rolled back, but rather a fix found and delivered quickly since we have a lot of automation to do it quickly.


Security operations and best practices 

We know that many breaches are created by operational mistakes, and we strive to prevent these as much as possible, through good processes and practices. We approach security holistically with ISO/IEC 27001 guiding our policies and standards, alongside specific country regulations. We follow these high standards in our operational practices so we can satisfy all legal requirements, and we use external auditors to ensure we keep up to date and always adapting. 


Reliability 

Our products are designed for high performance and availability, and built on best-in-class core technologies, such as AWS, so your organisation can scale confidently and securely.


Groov’s Infrastructure 

Our cloud first infrastructure takes advantage of elastic scale, multi-level redundancy, and failure options across data centers to reduce latency, maintain reliability, and scale with your organisation's needs. 


Availability and Continuity 

High-availability is built in the core of our products so we can leverage all the benefits of the cloud to ensure your service stays online, no matter what. Our services are available in several datacenters to ensure we won’t let you down. In addition to technical controls we also back this with robust Disaster Recovery and Business Continuity programs. 


Platform Performance 

We continuously look for ways to improve product and platform performance by monitoring key performance metrics, such as load times, search responsiveness, and content delivery/playback. 


Privacy 

We are committed to protecting the privacy of your and your customers' data, by ensuring we follow all the legal requirements of the countries you operate in, enabling you to choose where your primary data is located and protecting it with industry best-practices. 


We are committed to following best practices and guidance including ISO27001, GDPR which we are compliant with and are always striving towards achieving additional compliance needed in other geographies such as HIPAA and SOC2. 

Currently users can opt in or out of what data is supplied to us and you and your customers can request what data we hold of them at any time. You and your customers can also request to remove any data we hold on them at any time too.


You can find our privacy policy on our website. If you require more information, we’d be happy to share it with you. Please email privacy@groovnow.com and we’ll send it right through.