← Back to home

Security

We take the security of our customers’ data seriously and apply industry-standard practices across our infrastructure, applications, and operations.

Infrastructure

  • Hosting on SOC 2-compliant cloud providers.
  • Encrypted data at rest and in transit (TLS 1.2+).
  • Network segmentation and least-privilege access controls.

Application

  • Secure authentication with bcrypt-hashed credentials.
  • CSRF, XSS, and SQL injection protections by default.
  • Regular dependency audits and timely patching.

Operations

  • Role-based access for staff, with audited admin actions.
  • Encrypted backups with tested recovery procedures.
  • Continuous monitoring and incident response playbooks.

Reporting a vulnerability

If you believe you’ve found a security issue, please email security@gorilli.io. Include a description of the issue, steps to reproduce, and any relevant context. We’ll acknowledge your report within 2 business days.

Please do not publicly disclose the issue until we’ve had a reasonable chance to investigate and remediate.

Compliance

We are continuously working toward and maintaining alignment with industry frameworks. Specific certifications and reports are available on request for customers under NDA.

← Back to Legal Center