Security and compliance at GrowthBook
GrowthBook takes privacy and security seriously. We fit to your risk profile and compliance requirements without slowing you down or complicating your setup.
Trusted by 3,000+ companies worldwide
Security methods and practices
GrowthBook is SOC 2 Type II certified and compliant with ISO 27001, GDPR, COPPA, and CCPA. Our warehouse-native architecture is secure by design. Data is encrypted at rest and in transit.
Deployment option security profiles
Our tools and methods follow industry best practices for all cloud and self-hosted accounts.
GrowthBook Cloud
Data and infrastructure security for cloud services
 | Automatic updates and security patches |
| Encrypted data at rest and in transit |
| Hosted by GrowthBook on AWS |
| 99.99% uptime SLA (Enterprise) |
Self-host GrowthBook
Your infrastructure with your security and privacy rules
| Full control of updates, scaling, and infrastructure |
| No data or PII leaves your system, HIPAA compliant |
| Deploy air-gapped on all major clouds or on-prem |
| Single service deployed with Kubernetes or any container platform |
Fully managed warehouse option
Available with GrowthBook Cloud, our managed warehouse option requires no data warehouse provisioning or customer data platform setup. Event data is securely stored on ClickHouse infrastructure, SOC 2 Type II certified, and data encrypted at rest and in transit.
Open-source transparency and community visibility
Open-source code review
Our code is open and regularly reviewed for security vulnerabilities. We use both static analysis and regular security reviews and testing.
Application security
GrowthBook does mandatory code reviews for every PR, security reviews, and routine penetration testing. If you discover a security vulnerability, please disclose it to us responsibly.
Ready to ship faster?
No credit card required. Start with feature flags, experimentation, and product analytics—free.
