Keeping your data secure is our priority.
At Greenly, we believe it is our duty to keep your data secure and available. We apply market‑leading security standards and continuously monitor our controls with Vanta, Wiz, and other security tools.
Greenly is ISO/IEC 27001 certified by AFNOR Certification and SOC 2 Type II attested by Sensiba for its Information Security Management System (ISMS), which covers our SaaS platform and supporting processes.
Working with Greenly means working with a vetted, secure solution and partner who understands that you expect your data to be well‑guarded.
Security
Greenly is committed to keeping your data safe and out of the hands of those without authorisation. We operate an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 and continuously improve our controls.
We use company‑managed and hardened devices for our teams, with enforced security baselines, disk encryption and endpoint protection.
Our cloud infrastructure (GCP, and where relevant AWS) is protected by network security controls, intrusion detection, and security monitoring.
We use Datadog SIEM to collect and correlate logs, detect suspicious activity, and respond quickly.
We use Wiz to continuously scan cloud workloads and configurations for vulnerabilities and misconfigurations, and track remediation over time.
We are also supported by the French leader in penetration testing, Synacktiv, which performs at least one annual penetration test on our platform and APIs, in addition to our own internal security testing and vulnerability management processes.
Confidentiality
Your data is encrypted both at rest and in transit:
Data is hosted primarily on secure Google Cloud Platform (GCP) infrastructure in the European Union, with redundancy in additional EU regions.
All databases, data stores and file systems are encrypted in line with our internal Data Management and Encryption policies.
All external connections to the Greenly platform use TLS encryption.
User accounts are protected by a robust password policy and modern authentication mechanisms:
We rely on Auth0 as our central identity provider to offer secure authentication and session management.
Access to production data is tightly controlled and granted only on a need‑to‑know, least‑privilege basis.
Production access is logged and regularly reviewed by our Security team.
Data Integrity
We strictly control who can access and modify your data, both in the application and internally:
Access rights are granted based on roles and responsibilities and are regularly reviewed.
Changes to critical systems and infrastructure follow a documented Software Development Life Cycle (SDLC) and change management process.
To protect your data against loss or unauthorised alteration:
We maintain regular, automated backups of key systems and customer data.
Backups are encrypted and stored in separate locations in line with our Backup Policy and Business Continuity & Disaster Recovery Plan.
Our logs and monitoring help us detect unusual behaviour and support investigations if needed.
High Availability
Our infrastructure is fully distributed in the cloud and designed for high availability:
We rely on managed services and redundant architectures in GCP (and, where appropriate, AWS) to minimise downtime.
We monitor performance and capacity to handle traffic peaks and scale as needed.
Our services are protected at the infrastructure and application layers against common attacks, including DDoS.
We maintain a formal Business Continuity Plan & Disaster Recovery Plan, which is tested regularly through simulations and technical recovery exercises. This helps ensure that we can restore services and data within defined recovery time and recovery point objectives in the event of an incident.
Privacy & Compliance
As a European company, Greenly complies with GDPR and other applicable data protection laws (including in the EU, UK and US where relevant). We:
Clearly define our roles and responsibilities as data controller and/or processor in our contracts.
Maintain detailed records of processing activities (ROPA) and a Data Management Policy covering data protection, classification, retention and deletion.
Support data subject rights (access, rectification, deletion, etc.) through documented processes.
If you would like more details, you can visit our Greenly Trust Center or request our security and privacy documentation (including certifications and reports) from your usual Greenly contact.