Version 1.8 released.
Version 1.8 released. Join the GrowthBook team Thursday as we demo the latest features and answer your questions.
Learn more

Security at GrowthBook

GrowthBook's privacy by default architecture is just one of the ways we take your security seriously.

SOC 2 Compliance

Security Policies and Highlights

Privacy by default

GrowthBook had a policy of only the absolute minimum of data required to provide our services. All of your users' data stays local to your infrastructure - we don't collect any PII of your users, and are GDPR compliant.

Data & Infrastructure Security

Our hosted serves encrypts data at rest and in transit for all of our customers. We use tools and methods in line with industry best practices. Our Cloud services are hosted on AWS and uses best practices to harden our infrastructure.

SOC 2 Compliance

We recognize that building trust in our privacy and security is important. This focus has effected many aspects of how we have architected our product, and now by completing the System and Organization Controls (SOC) 2 Type 1 audit, we demonstrate how GrowthBook safeguards your data and ensures good security practices. Contact us to get a copy of the report.

Open Source

Our code is open and regularly reviewed for security vulnerabilities. We use both static analysis and regular security reviews and testing. You can check out our security page on GitHub.


If security is your top priority, GrowthBook is able to be entirely hosted within your infrastructure.

Security researcher?

GrowthBook recognizes and rewards security researchers who help us keep us safe by reporting vulnerabilities in our products and services. Monetary bounties for such reports are entirely at GrowthBook's discretion, based on risk, impact, number of vulnerable users, and other factors.

To report an issue or learn more about our bug bounty program, email us at

Have security questions?

We can help you understand how GrowthBook works with your data.

Meet with us