GridVax

Trust & compliance

Enterprise-grade security controls

How GridVax protects customer data: encryption in transit and at rest, plan-gated API access, SAML SSO, and audit logging for Enterprise accounts.

Security program

Security program aligned with SOC 2 Type II control objectives. Enterprise SSO and audit logging available.

Platform controls

  • Encryption

    TLS 1.2+ in transit. Encrypted database volumes at rest on managed infrastructure.

  • Access control

    Plan-gated API endpoints. HttpOnly session cookies with idle timeout (1 hour default, 7 days with Remember me) and absolute session caps. API keys with per-tier export limits.

  • Enterprise SSO

    SAML 2.0 for Enterprise accounts. Domain-verified provisioning.

  • Data provenance

    Source, ingest timestamp, and change history on every facility record.

  • API metering

    Per-key daily counters. Webhook delivery logs and usage reporting.

  • Data handling

    Customer queries and alerts are not resold or used for model training.

Enterprise features

Enterprise accounts include SAML 2.0 single sign-on, domain-verified provisioning, outbound webhooks with delivery logs, and higher API rate limits. Contact sales for a security questionnaire or integration review.

Related