SECURITY

Security at GrowthBook

GrowthBook's privacy by default architecture is just one of the ways we take your security seriously.

Security Policies and Highlights

Privacy by default

GrowthBook had a policy of only the absolute minimum of data required to provide our services. All of your users' data stays local to your infrastructure - we don't collect any PII of your users, and are GDPR compliant.

Data & Infrastructure Security

Our hosted serves encrypts data at rest and in transit for all of our customers. We use tools and methods in line with industry best practices. Our Cloud services are hosted on AWS and uses best practices to harden our infrastructure.

Open Source

Our code is open and regularly reviewed for security vulnerabilities. We use both static analysis and regular security reviews and testing. You can check out our security page on GitHub.

Self-hostable

If security is your top priority, GrowthBook is able to be entirely hosted within your infrastructure.

Security researcher?

GrowthBook recognizes and rewards security researchers who help us keep us safe by reporting vulnerabilities in our products and services. Monetary bounties for such reports are entirely at GrowthBook's discretion, based on risk, impact, number of vulnerable users, and other factors.

To report an issue or learn more about our bug bounty program, email us at security@growthbook.io

Have security questions?

We can help you understand how GrowthBook works with your data.

Meet with us