GrowthBook’s Stance on Security

Secure & Private by Design

We take the responsibility of providing a secure platform seriously. GrowthBook is designed to require the absolute minimum of data to provide our services. Your data stays local to your infrastructure so none of your customer data is ever exposed to GrowthBook.
Discuss Security Details

Internal Security

Our tools and methods follow industry best practices for all cloud and self-hosted accounts.

Data & Infrastructure Security

Our hosted servers encrypt data at rest and in transit. GrowthBook Cloud services are hosted on AWS and use best practices to harden our infrastructure.

Self-hosted Accounts

For an even greater level of security, GrowthBook is able to be entirely hosted within your infrastructure. GrowthBook never sees or transmits your data.

Frequent Code Reviews

Our code is open and regularly reviewed for security vulnerabilities. We use both static analysis and regular security reviews and testing.

Certifications & Attestations

Building trust in our privacy and security has been integral to how we’ve architected our product. By completing the System and Organization Controls (SOC) 2 Type 1 audit, we demonstrate how GrowthBook safeguards your data and ensures good security practices.
Request our SOC 2 report

Bug Bounty Program

GrowthBook recognizes and rewards security researchers who report vulnerabilities in our products and services. Monetary bounties for such reports are entirely at GrowthBook's discretion, based on risk, impact, number of vulnerable users, and other factors.
Request details or report an issue

Enjoy unlimited experiments for unlimited traffic. All for free.

No credit card required