Security of the Groweo® system

Ensuring the security of our Groweo® system and protecting your data is of paramount importance to us. This page provides an overview of how we ensure the overall security of our system.

Please note that the information on this page applies to all versions of our Groweo® system. Our website’s online privacy statement can be found here.

1. Secure development practices

We follow secure software development practices to minimise unauthorised access to our customers’ and their customers’ data.

  • Secure Coding Standards: Our developers follow secure coding standards and best practices to prevent common vulnerabilities such as SQL injection, cross-scripting (XSS) and cross-site request forgery (CSRF).
  • Code reviews: We perform regular code reviews and static code analysis to identify and fix data security vulnerabilities in the code base.
  • Data security testing: The app is subjected to rigorous data security testing, including penetration testing and vulnerability assessments, to identify and remediate potential security issues.

2. Data encryption

We use advanced encryption technologies to protect your data.

  • Stored data: All sensitive data stored in the databases is encrypted with encryption algorithms to ensure that even if the data is compromised, it remains unreadable.
  • Transferable data: TLS (Transport Layer Security) technology is used to encrypt data transfer data between our app and users, protecting it from eavesdropping and tampering.

3. Access control

We use internal access control mechanisms to ensure that only authorised staff have access to sensitive data and system components:

  • Role-based access control (RBAC): Access rights to system resources and data are granted based on users’ roles and responsibilities, ensuring that individuals have only the minimum number of access rights required.
  • Least privilege principle: We follow the principle of least privilege (PoLP), whereby users are granted the minimum access necessary to perform their tasks.

4. Network security

We use a range of online security measures to protect our app from external threats:

  • Firewalls: Firewalls:Our network is protected by firewalls that monitor and control incoming and outgoing traffic based on predefined security rules.
  • Virtual private network (VPN): We use VPNs to secure remote access to the network, keeping data transmitted over public networks secure.

5. Regular updates and patch management

We keep our systems and software up-to-date with security patches and updates:

  • Patch Management: We have a patch management process in place to ensure that all software components are regularly updated with the latest security patches.
  • Zero-day vulnerability management: We stay up-to-date on zero day vulnerabilities and take immediate action to mitigate the risks posed by new threats.

6. Responding to and monitoring incidents

We have an incident response plan in place and continuous monitoring to detect and respond to security breaches:

  • Real-time monitoring: We use monitoring tools to continuously monitor our system for suspicious activity and signs of potential security breaches.
  • Disaster response plan: This includes, but is not limited to containment, removal, remediation and communication of the data security breach.
  • Post-incident analysis: If necessary, we will conduct an analysis to identify the root cause and take measures to prevent future incidents.

7. Compliance and inspections

We ensure that we comply with the relevant security standards and carry out regular inspections to maintain a high level of safety:

  • GDPR compliance: As a company operating in the EU, we comply with the General Data Protection Regulation (GDPR) to protect the privacy and security of personal data.
  • Security audits: Regular data security audits are conducted by third-party experts to assess our data security posture and ensure compliance with industry standards.

8. Secure third-party integrations

We carefully review and secure third-party integrations to protect our systems and data:

  • Third-party assessments: We conduct thorough security assessments of third-party suppliers and services before integrating them into our system.
  • Data processing agreements: We establish data processing agreements with third party suppliers to ensure that they comply with our security and privacy standards.

We are committed to providing a secure and reliable environment. Our security measures ensure that your data is protected and our system is able to defend against evolving threats. If you have any questions about our data security practices, please contact us at compliance@groweo.com.

Data management at Groweo

We put the security and privacy of your personal data first. Our data management practices are designed to comply with the General Data Protection Regulation (GDPR) and to ensure the required data protection standards.

One of our key commitments is our cookie policy, which reflects our dedication to safeguarding your privacy.

The privacy policy for our Groweo® system can be found here.

1. No cookie policy

We respect your privacy and have implemented a strict cookie policy on our system:

  • No tracking cookies: We do not use cookies to track your online activity or collect personal data without your consent.
  • Protected privacy: We make sure that your browsing habits and personal preferences remain private and secure.

2. Gathering data

Our data collection processes are transparent and consent-based:

  • Minimum data collection: We collect only the data necessary for the purpose specified and avoid collecting excessive or irrelevant information.

3. Saving data

We use secure storage solutions to protect your data:

  • Encryption: All personal data is encrypted during transmission and storage to prevent unauthorized access.
  • Secure databases: We use secure databases to store your personal data, ensuring robust protection against data breaches.

4. Use and control of data

We use access control systems to protect personal data:

  • Role-specific access: Access to personal data is limited to authorized persons based on their role and responsibilities.
  • Audit logs: We maintain detailed audit logs to monitor the use and modification of personal data and ensure accountability and transparency.

5. Data quality

Maintaining high data quality is a priority for us:

  • Validation checks: We perform validation checks during data entry to ensure the accuracy and completeness of the data.
  • Regular updates: We update our records regularly to ensure that they remain accurate and relevant.

6. Processing of data

Our data processing activities are designed to maximise value while ensuring compliance with data protection regulations:

  • Data anonymization: We anonymize personal data where necessary to protect the identity of individuals, but we may still receive valuable information.

7. Sharing information

We treat data sharing with care and responsibility:

  • Third-party processors: To ensure that third-party processors comply with the requirements of the GDPR, we carefully vet them and draw up data processing agreements setting out their obligations.
  • Data minimisation: We share only the necessary data with third parties, and ensure that it is only used for the intended purpose.

8. Responding to data breaches

We have a policy for dealing with data breaches:

  • Immediate action: We will take immediate action to limit and mitigate potential data breaches.
  • Disclosure: We will notify the relevant persons and authorities in accordance with the requirements of the GDPR.
  • Remediation: We analyze the cause of the breach and take measures to prevent future incidents.

We are committed to managing your personal data as securely as possible, and to respecting your privacy. If you have any questions or need more information about our data management practices, please contact us at compliance@groweo.com.