Protecting your information and the information of your customers is extremely important to us. We know you have questions about how we’re protecting that information, so what follows are details about some frequently requested information about SendGrid’s information security.
We use data centers around the world from top-notch data center providers to host our systems. They all have SOC2 Type 2 reports and provide all the physical security protection measures you would expect.
We want to ensure that the email we send through our system is email that users want to receive, so we have a dedicated team to ensure we’re on the cutting edge of compliance and delivery. If we see accounts with signs of suspicious activity, we take immediate action.
We understand that software security is very important. We continuously scan our applications for vulnerabilities, using a combination of static source code analysis and dynamic testing. We understand that password reuse is a killer, and offer two-factor authentication for added protection of your account. We also:
If you identify a vulnerability in our site or services, here’s how to report it to us.
Access to our systems and your data is restricted only to those who need access in order to provide you awesome support.
We also have all the “people security” things you’d expect to see:
And we’ve earned the SOC 2 Type II certification, based on our rigorous controls to safeguard your data.
Security is the responsibility of everyone who works for us. We train our employees so that they can identify security risks and empower them to take action to prevent bad things from happening.
We have redundant, geographically separate data centers so that we can provide consistent services for you. In the event one of our data centers becomes unavailable, we can recover quickly so that you can still send email.
If you have more in-depth questions about our security program, let us know.
Please follow the SendGrid Security team on Twitter (@SendGridSec) for the latest security updates.
We retain email message activity/metadata (such as opens and clicks) for 365 days. We store bounce messages and spam reports (which may contain content) indefinitely, and we store minimal random content samples for 61 days.
Yes, SendGrid has a SOC2 Type II attestation. This report can be shared with our customers by contacting our Sales or Customer Success Teams. Additionally, SendGrid is registered with the Cloud Security Alliance. Our completed security questionnaire can be found here.
SendGrid prefers not to share the results of this test with customers. We can, however, provide our SOC2 Type II report, or our latest vulnerability report instead.
Yes, we posted details here.