Security and customer trust guide us in everything we do

Product security


SSO 


SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.  

Permissions


We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, user data or the ability to send or edit messages.

Uptime


We have uptime of 99.9% or higher. You can check our past month stats at https://guidde.statuspage.io/.

Customer Best Practices
 

There are simple steps you can take to increase the security of your app. Check out the Staying Secure section on our docs site.

 

Network and application security


Data Hosting and Storage


Guidde services and data are hosted in Google Cloud Platform (GCP) facilities.

Failover and DR


Guidde was built with disaster recovery in mind. All of our infrastructure and data are spread across different GCP availability zones and will continue to work should any one of those data centers fail.

Back Ups and Monitoring


On an application level, we produce audit logs for all activity and use GCP for archival purposes. All actions taken on production consoles or in the Guidde application are logged.

Permissions and Authentication


Access to customer data is limited to authorized employees who require it for their job. Guidde is served 100% over https. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, and Guidde to ensure access to cloud services is protected.

Encryption


All data sent to or from Guidde is encrypted in transit using 256 bit encryption. We encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests, Vulnerability Scanning and Bug Bounty Program


Guidde uses third party security tools to continuously scan for vulnerabilities. Our dedicated security team responds to issues raised. Annually we engage third-party security experts to perform detailed penetration tests on the Guidde application and infrastructure.

 

Incident Response

 

Guidde implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Additional Security features


Training


All employees complete Security and Awareness training annually.

Policies


Guidde has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Employee Vetting


GUidde performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.

Confidentiality


All employee contracts include a confidentiality agreement.

PCI Obligations


All payments made to Guidde go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

Security questions?


If you think you may have found a security vulnerability, please get in touch with our security team at security@guidde.com.

Learn more about Guidde by reading our Terms of Use and Privacy Policy.