Security
Security is always a top priority at GetGreen. On this page we have provided information about the security of your data and our general security practices.
GetGreen safeguards customer data using a variety of controls:
Penetration Testing
Data Processing
Data Subject Requests
Data Access
GetGreen safeguards customer data using a variety of controls:
- GetGreen application data is secured in transit using TLS. Encryption in transit secures data during transmission between clients and servers, preventing unauthorized access or tampering. In MongoDB Atlas, all network traffic to MongoDB clusters is protected by Transport Layer Security (TLS), which is enabled by default and cannot be disabled. The default version is TLS 1.2. Data transmitted to and between MongoDB cluster nodes is encrypted in transit using TLS, ensuring secure communication throughout.
- GetGreen data is encrypted at rest. Encryption at rest ensures that all stored files and data are encrypted, providing a critical layer of database-level protection. In MongoDB Atlas, customer data is automatically encrypted at rest using AES-256 to protect all volume (disk) data.
- MongoDB Atlas maintains the following certifications ISO 27001, 27017, 27018, CSA STAR II, SOC 2, HITRUST, PCI, VPAT, GDPR, IRAP, FedRAMP and more. Details are available here.
- The GetGreen application logically separates user data, and access to your data is protected by strong authentication and authorization controls.
- GetGreen audits changes to our applications throughout the software development lifecycle: architecture reviews are performed as well as stringent automated and manual code review processes.
- GetGreen monitors application servers, infrastructure, and the GetGreen network environment to detect potential abuse.
- All staff are provided with annual information security training and annual data protection training.
- Additionally, our Cloud Service Provider Azure regularly undergoes independent verification of security, privacy, and compliance controls against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP and many others. Additional details are available here.
Penetration Testing
- GetGreen performs annual external penetration tests and vulnerability scans through Intruder Systems, a reputable provider specializing in vulnerability assessment and penetration testing. Our most recent test was conducted in October 2024 and identified no High-level risks.
Data Processing
- Data is used only for operation of the application. We do not share or sell any user or usage data.
- GetGreen performs minimal processing of personal data. Our data handling is limited to essential operations, and we retain only the necessary information to provide our service. We collect, analyze and store basic user registration information and data generated by the GetGreen application on sustainable actions taken, and follow industry regulations (GDPR) for data removal.
- GetGreen PII data collection is limited to email address, first name and zip code.
- GetGreen uses the following sub-processors for reporting and user messaging: Mixpanel, Customer IO and Segment. Security validations for each are publicly available.
Data Subject Requests
- Data requests and more information on our data privacy is available here.
Data Access
- Data access requests are tracked and approved by the GetGreen Security officer and CEO on an access required basis.