Browse all articles

Security

Growee stores sensitive information, including contracts, salaries, evaluations, and personal employee data. This article gives an overview of how that data is protected, so you understand what happens behind the scenes and what your team can rely on.

Data isolation

When you create an account, Growee assigns your company a dedicated subdomain. Your data lives in its own isolated environment, completely separate from other organizations on the platform. There is no shared infrastructure that could expose your information to another account. The subdomain is set up automatically at account creation, with no technical work required on your end.

Encryption

All personal data and documents are encrypted, both in transit and at rest. Data moving between your devices and Growee’s servers is protected with industry-standard TLS, so it cannot be intercepted along the way. Growee’s servers are hosted on Amazon Web Services (AWS).

Role-based access

Visibility in Growee is controlled by roles, and those rules are enforced at the system level rather than configured by hand.

  • Sensitive company documents such as contracts, policies, and financial records are only visible to Admin and HR roles. Employees can upload and view their own documents, but never a colleague’s.
  • Evaluations, including compensation and role changes, stay private between the employee and their managers or HR. Each employee sees only their own.
  • Employment details like salary, contract type, and leave entitlements are restricted to Admin roles. Employees see their own personal data and only general information about colleagues, such as names and company emails.
  • Projects and invoices are limited to Admin roles.

To learn how these roles map to specific abilities, see Roles and permissions.

Compliance and audits

Growee is GDPR compliant and PCI certified, meeting internationally recognized standards for data protection and payment security. The platform has been independently penetration-tested and audited by Cyber Threat Defence, a specialist cybersecurity firm, which awarded Growee a Certificate of Trust. Regular audits and continuous monitoring help keep your data safe as threats evolve. Where possible, data used for statistics and reporting is anonymized or pseudonymized so individuals cannot be identified from aggregated data.

Account and password security

Access to the app uses unique login credentials and role-based permissions. You can change your password from the Security section of your profile. If your account was created through a social login such as Google, your password is managed by that provider instead. In the unlikely event of a security incident, Growee follows established procedures to identify, contain, and mitigate it, and will notify affected customers and authorities where the law requires.

Need more help? Contact support or email support@growee.net.