GrowthBook's privacy by default architecture is just one of the ways we take your security seriously.
GrowthBook had a policy of only the absolute minimum of data required to provide our services. All of your users' data stays local to your infrastructure - we don't collect any PII of your users, and are GDPR compliant.
Our hosted serves encrypts data at rest and in transit for all of our customers. We use tools and methods in line with industry best practices. Our Cloud services are hosted on AWS and uses best practices to harden our infrastructure.
We recognize that building trust in our privacy and security is important. This focus has effected many aspects of how we have architected our product, and now by completing the System and Organization Controls (SOC) 2 Type 1 audit, we demonstrate how GrowthBook safeguards your data and ensures good security practices. Contact us to get a copy of the report.
Our code is open and regularly reviewed for security vulnerabilities. We use both static analysis and regular security reviews and testing. You can check out our security page on GitHub.
If security is your top priority, GrowthBook is able to be entirely hosted within your infrastructure.
GrowthBook recognizes and rewards security researchers who help us keep us safe by reporting vulnerabilities in our products and services. Monetary bounties for such reports are entirely at GrowthBook's discretion, based on risk, impact, number of vulnerable users, and other factors.
To report an issue or learn more about our bug bounty program, email us at email@example.com
We can help you understand how GrowthBook works with your data.Meet with us