We take data security very seriously.

We’re committed to keeping your information safe.

Guidde is committed to the security of our customers and their data. As a cloud-based company entrusted with some of our customers’ most valuable data - aka your organizational knowledge - we are focused on keeping you and your data safe. Guidde undergoes periodic penetration testing, and encrypts data at rest and in-transit. Our customers entrust sensitive data to our care. Keeping customer data safe is our priority.

GDPR certificate badgeSOC2 Type 2 badgeCCPA certificate badge

We’re SOC 2 Type 2 compliant.

Our SOC 2 Type 2 report attests to the security controls we have in place as they map to Trust Service Principles established by the American Institute of Certified Public Accountants (AICPA). We introduced a multi-tenant spaces approach where each space is fully isolated across companies and teams. This approach adheres to advanced access control measurements of who can share, watch or create content and with whom; within and outside your organization. We're also & compliant.

Infrastructure & application that are secure and reliable.

Guidde services and data are hosted in Google Cloud Platform (GCP) facilities. We built our platform with disaster recovery in mind. All of our infrastructure and data are spread across different GCP availability zones and will continue to work should any one of those data centers fail.
On an application level, we produce audit logs for all activity and use GCP for archival purposes. All actions taken on production consoles or in the Guidde application are logged.

Access to customer data is limited to authorized employees who require it for their job. Guidde is served 100% over https. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, and Guidde to ensure access to cloud services is protected.

Encryption

All data sent to or from Guidde is encrypted in transit using 256 bit encryption. We encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests and Vulnerability Scanning

Guidde uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised. Annually we engage third-party security experts to perform detailed penetration tests on the Guidde application and infrastructure.

Incident Response

Guidde implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

A Secure Product

Key emoji

SSO

SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Timer emoji

Uptime

We have uptime of 99.9% or higher. You can check our past month stats here .

Opened lock emoji

Permissions

We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, user data or the ability to send or edit messages.

Credit card emoji

PCI Obligations

All payments made to Guidde go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

A lock icons

A Team with Security at Heart

Tutor emoji

Training

All employees complete Security and Awareness training annually.

List emoji

Employee Vetting

Guidde performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Lock emoji

Policies

Guidde has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Shushing face emoji

Confidentiality

All employee contracts include a confidentiality agreement.

An avatar icons with a security badge on top of it