At Groweon, we recognise that safeguarding your data is our critical responsibility. To uphold this commitment, we have implemented comprehensive processes and controls across all areas of our organisation to ensure the highest data security standards.
The following sections provide a detailed overview of the systems and measures we have established to protect your data and maintain your trust.
Physical Security
At Groweon’s development centre in Noida, we take physical security very seriously to ensure a safe and secure environment for our team and operations. The facility is protected 24/7, and entry is restricted to authorized persons only. Employees access the premises using biometric authentication, which adds an extra layer of security. Confidential spaces within the office are accessible only by individual authorised persons and important files and documents are stored in a secure cabinet.
All the activities and facilities are monitored by CCTVs, and on a regular basis, some authorised person reviews the recorded footage. Visitor entry is strictly controlled and requires prior approval, by established security policies.
To ensure operational continuity, the office is equipped with an uninterrupted power supply, supplemented by a backup power system to seamlessly handle outages.
Groweon’s applications and data are hosted on Amazon Web Services (AWS), a leading provider recognized for its secure and reliable infrastructure. AWS data centres undergo rigorous testing to maintain high standards of security, availability, and business continuity. For further details, refer to the AWS Security Whitepaper.
Application and Architecture Security at Groweon
All the services and applications of Groweon are hosted on the world's most secure server- Amazon Web Server(AWS) across multiple regions, utilizing the secure and scalable infrastructure offered by the cloud provider. Amazon Web Server is responsible for all kinds of maintenance and the management of databases and the application server. This provides a Secure and reliable base for our Operations.
Groweon Adopt a strong approach to secure applications. Our architecture and quality assurance processes are designed to meet the highest security standards From engineering to deployment.
Key security measures include:
Firewall:
The very first Layer for Defence is AWS's Firewall this layer is designed to protect and help to prevent DDoS attacks and other network-related issues and threats.
A second layer, the web application firewall (WAF), monitors and blocks unauthorized IPs, spam, and malicious users.
User Access Control:
Access to the application is restricted to authorized users with valid credentials.
Security in cloud-based applications is a shared responsibility, requiring both Groweon and customer businesses to uphold best practices.
Security Features for Businesses:
Role-Based Accessibility: For controlling data access and prevent theft assign specific permissions based on roles and responsibilities.
Sales Department: Manage and organise the sales department for secure and reliable sharing of data and important information.
Permission: Accessibility Permissions by standardization for reducing errors.
IP Whitelisting: Make Restrictions for other applications to access authorised network areas.
Data Isolation:
Groweon uses a multi-tenant architecture to securely host customer applications.
Each customer has a dedicated database, and the system ensures that data access is limited to the logged-in tenant, preventing cross-tenant data exposure.
Developer Access Monitoring:
Groweon Development Team access is fully controlled and monitored, and all of the activities are documented in logs.
These logs are regularly reviewed during audits to ensure compliance and accountability.
At groweon, we ensure the most secure and reliable hosting of applications and protect the confidential data of the businesses on Cthe loud with confidence.
Engineering and Development at Groweon: A Secure Approach
Groweon follows a Secure Software Development Lifecycle to ensure that security is integrated into every single stage of the engineering and development processes.
This approach emphasizes security at every stage of the lifecycle, from development to final deployment.
Built-In Security Testing: The application's security goes to different stages for testing, these phases include the development stage, quality testing of the application, and the pre-released acceptance, to prevent any vulnerability.
Enforced Security Reviews: Every application goes to a security review for the process of engineering. This step ensures that the application’s design, construction, and deployment meet the highest security standards.
DevOps and DevSecOps Practices:
DevOps Integration: Our development and operations teams work collaboratively to enable faster, more efficient delivery of secure and reliable software.
Security-Driven DevOps Implementation: Security is part of the DevOps pipeline, with automated checks ensuring continuous protection without affecting speed or efficiency.
Groweon ensures its applications are reliable, robust, and secure for all users by integrating security into every phase of the development lifecycle.
Secure Software Changes and Release Management at Groweon
At Groweon, we use a clear and structured process to manage software changes and releases, ensuring the security and stability of our production systems.
Change Workflow:
All changes are carefully tested and verified through the following stages:
Development Environment: Changes are created and reviewed.
Test Environment: Changes are tested carefully to ensure they work properly and meet necessary security standards.
Staging Environment: Before going live, a final check is done in an environment that mirrors the production setup to ensure everything works as intended
Production Deployments:Only authorized members of the DevOps team are allowed to handle deployments in the production environment, ensuring full control over the process. Strict access controls are in place to stop anyone without permission from making changes to the production systems.
Production Monitoring at Groweon
At Groweon, we are committed to keeping our applications secure and dependable, and we achieve this through constant monitoring.
24/7 Monitoring: Our Network Operations Center (NOC) team monitors the applications around the clock, always on the lookout for any irregularities or potential threats. If something unusual arises, they are quick to respond and address it.
Third-Party Security Audits: To ensure that we meet the highest security standards, we regularly bring in independent auditors to evaluate and verify the security of our applications and services. This gives us an added layer of assurance and confidence.
With these practices in place, we’re able to spot and fix any issues before they become problems, providing our users with a safe and reliable experience every time.
Data Security at Groweon
At Groweon, we put the security and integrity of our customers' data first. We’ve established clear and effective processes to keep that data protected every step of the way.
Controlled Access: Our development team doesn’t have access to customer data on production servers. We ensure that only the right people, with specific responsibilities, have access to the systems they need. Every quarter, we review who has access to ensure it’s still appropriate and secure.
Data Encryption:
Data at Rest: All stored data is encrypted using AES-256, which is a well-established, secure encryption standard. We manage the encryption keys safely through AWS Key Management Service (AWS KMS).
Data in Transit: When data moves between systems, it’s always encrypted using secure communication methods, so privacy is maintained at all times.
Change Management: Whenever there are changes to applications, infrastructure, or web content, we follow a detailed process of documentation. Data Security at Groweon
This ensures that all changes are tracked and there’s full transparency throughout the process.
Environment Segregation:
We use separate environments for development and testing to ensure that production data is kept secure and isn’t exposed during the testing phase.
This comprehensive approach reflects our commitment to maintaining a secure environment for our customers and keeping their data safe.
Network Security at Groweon
At Groweon, we take network security seriously to protect our internal systems and ensure everything runs smoothly—from updates to deployments and daily operations.
Secured Office Network:
Our office network, where updates and deployments are managed, is protected by reliable firewalls and antivirus software. These tools actively monitor for potential threats and send us alerts in real time if something suspicious happens.
Firewall and Log Management:
We keep firewall logs safe and regularly check them to stay on top of any security risks and ensure we meet all security standards.
Controlled Access to Production Systems:
Only authorized personnel have access to our production environment, and this is strictly managed. They can only connect through secure SSH connections, and access is only granted from within our protected office network. We keep a close eye on all remote access, with detailed audit logs recorded for each user session to ensure full security and accountability.
These logs are regularly reviewed to ensure accountability and detect anomalies.
Multi-Factor Authentication:
All-access to production systems requires multi-factor authentication, adding a layer of security.
Secure Data Centers:
Groweon’s data centres are hosted on AWS, a leading cloud provider that adheres to globally recognized security and compliance standards, including ISO 27001, SSAE-16, HIPAA, and GDPR. At Groweon, we leverage AWS’s robust security features to ensure that our systems are secure and dependable.
AWS provides extensive security certifications and standards, covering over 140 areas, such as PCI-DSS, HIPAA, FedRAMP, and GDPR. These certifications enable us to meet strict regulatory requirements and maintain the highest levels of trust.
By relying on AWS, we can ensure our network and systems are protected, offering our customers a secure environment for their data.
Reporting Security Issues and Threats at Groweon
At Groweon, safeguarding our customers' data and privacy is our top priority. If you come across any issues or vulnerabilities that might affect the security or privacy of our users, we urge you to report them to our security team without delay.
Here's how we handle such reports:
How to Report:
Please share the relevant details of the issue by contacting our Security Team (security@groweon.com) directly.
To protect everyone involved, we kindly ask that you do not disclose or publicize unresolved vulnerabilities to any third parties.
What to Expect:
Thank you for letting us know about this issue. Once we receive your report, our team will confirm it has been received.
After that, we’ll carefully investigate the problem and keep you updated if we need more information from you. If needed, we’ll reach out for additional details, and we’ll also keep you informed about how long we think it will take to resolve the problem. In some cases, we might ask for your assistance to better understand or replicate the issue.
Once the problem has been resolved, we’ll notify you promptly.
We truly value your efforts in helping us maintain a secure and reliable platform for everyone using Groweon. Your cooperation is greatly appreciated.
