Security

Protecting your information and the information of your customers is extremely important to us. We know you have questions about how we’re protecting that information. Here’s some frequently requested information about SendGrid’s information security.

Data Centers

We use data centers around the world from top-notch data center providers to host our systems. They all have SOC2 Type 2 reports, and provide all the physical security protection measures you would expect.

Misuse

We want to make sure that the mail we send is actually mail that users want to receive, so we have a dedicated team to ensure we’re on the cutting edge of compliance and delivery. If we see accounts with signs of suspicious activity, we take immediate action.

AppSec

We understand that software security is very important. We continuously scan our applications for vulnerabilities, using a combination of static source code analysis and dynamic testing. We understand that password re-use is a killer, and offer two-factor authentication for added protection of your account.

We encrypt all your data in transit using TLS, and we patch our systems regularly.

If you identify a vulnerability in our site or services, here’s how to report it to us.

Operational Security

Access to our systems and your data is restricted only to the folks who need access in order to provide awesome support.

We’ve also got all the “people security” things you’d expect to see: background checks for our employees, signed confidentiality agreements, termination/access removal processes, and acceptable use agreements.

Security is the responsibility of everyone who works for us. We train our employees so that they can identify security risks and empower them to take action to prevent bad things from happening. Our developers know the OWASP top 10 and how to avoid them.

Business Continuity/Disaster Recovery

We have redundant, geographically separate data centers so that we can provide consistent services for you. In the event one of our data centers becomes unavailable, we can recover quickly so that you can still send mail.

Privacy

You can view our privacy policy here, but we’ll say here that we believe in the confidentiality of your information. We never sell your recipient email addresses.

We have a data retention policy, and we stick to it.

We are EU Safe Harbor Compliant, too. You can view our certificate.

If you have more in-depth questions about our security program, let us know.

Additional Resources:

Please follow the SendGrid Security team on Twitter (@SendGridSec) for the latest security updates.