Privacy by design.
Security by intention.

Privacy is only as strong as the security protecting it. DataGrail is architected for privacy management, but security is our foundation.

Top Security & Privacy Features

Physical Security

All data is stored in AWS in encrypted storage systems. We have no servers on premise.

Data Protection

Our customers provision cloud storage in their own environments, with limited permissions granted to DataGrail.


All data is encrypted at rest using AES-256, and encrypted in transit from VPC to clients via TLS v1.2.

Data Recovery

Data is backed up daily with AES-256 encryption, with a Recovery Time Objective (RTO) of 24 hours.

Data Ownership

Your data 100% belongs to you. We do not use, sell, or repurpose your data.

Vulnerability Management

Penetration tests are performed every 6 months, with any issues handled within a day.

Account Security

Two-factor authentication: We support Okta, Google SSO, and other SSO providers.

For further information on how DataGrail handles data security, please contact us at


Bug Bounty Program

Part of DataGrail’s commitment to excellence is our focus on building a secure platform that protects the privacy and integrity of our customer’s data.

Report a Vulnerability

Ready to get your business on the path to sustained privacy compliance?