Security

Introduction

At GrabZilla.com (“GrabZilla”, “we”, “us”, or “our”), operated by Lygosoft, LLC, the security of your personal and business information is a top priority. This Security Policy describes our administrative, physical, and technical security measures designed to protect the confidentiality, integrity, and availability of the information we process through our Platform.

Our Security Commitment

We are committed to:

• Protecting customer data from unauthorized access, alteration, disclosure, or destruction.
• Maintaining robust security controls across our infrastructure.
• Continuously monitoring and improving our security posture.
• Complying with applicable security standards and regulations.
• Being transparent about our security practices.

Technical Security Measures

Data Encryption

• In-transit encryption: all data transmitted between your browser and our Platform is encrypted using TLS 1.2 or higher. You can verify this by looking for the padlock icon in your browser's address bar.
• At-rest encryption: customer data stored in our databases is encrypted at rest using AES-256 encryption standards.
• Backup encryption: all backups are encrypted before being stored.

Access Controls

• Role-based access: employee access to customer data is restricted based on job function and need-to-know principles.
• Multi-factor authentication (MFA): required for all personnel accessing production systems and sensitive data.
• Least privilege principle: employees are granted only the minimum permissions necessary to perform their job functions.
• Regular access reviews: access rights are reviewed and audited on a quarterly basis.

Network Security

• Firewalls: next-generation firewalls monitor and filter incoming and outgoing traffic.
• Intrusion detection/prevention (IDS/IPS): systems detect and block suspicious network activity.
• DDoS protection: Distributed Denial of Service protection helps maintain availability during attacks.
• Vulnerability scanning: regular automated scans identify potential security weaknesses.

Application Security

• Secure development lifecycle: security requirements are integrated into every phase of development.
• Code reviews: all code changes undergo peer review before deployment.
• Static & dynamic analysis: automated tools scan code for security vulnerabilities.
• Penetration testing: regular third-party penetration tests are conducted on our applications.
• API security: all APIs are protected with authentication, rate limiting, and input validation.

Physical Security Measures

Data Center Security

Our infrastructure is hosted in SOC 2, ISO 27001, and PCI DSS certified data centers that provide:

• 24/7/365 on-site security personnel.
• Biometric access controls.
• Video surveillance.
• Environmental controls (fire suppression, climate control).
• Redundant power and network connectivity.

Office Security

Our offices at 1900 Camden Ave, San Jose, CA maintain:

• Secure access with badge authentication.
• Visitor registration and escort policies.
• Surveillance systems.
• Secure storage for physical documents.

Organizational Security Measures

Security Team

We maintain a dedicated security team responsible for:

• Developing and enforcing security policies.
• Monitoring security alerts and incidents.
• Conducting risk assessments.
• Managing security awareness training.

Employee Training

All GrabZilla employees receive:

• Security awareness training upon hire.
• Annual refresher training.
• Phishing simulation exercises.
• Role-specific security training as needed.

Background Checks

We conduct background checks on all employees in accordance with applicable laws and regulations.

Vendor Security

We assess the security posture of third-party service providers before engagement and require contractual commitments to maintain appropriate security controls.

Data Security Practices

• Data minimization: we collect only the personal information necessary for the purposes described in our Privacy Notice.
• Data retention: customer data is retained only as long as necessary for business or legal purposes, then securely deleted or anonymized.
• Secure deletion: when data is deleted, we use secure deletion methods that render the data unrecoverable from our systems.

Incident Response

Incident Response Plan

We maintain a documented Incident Response Plan that includes:

• Preparation and prevention measures.
• Detection and analysis procedures.
• Containment, eradication, and recovery strategies.
• Notification protocols.
• Post-incident review and improvement.

Breach Notification

In the event of a security breach involving your personal information:

• We will notify affected customers without undue delay.
• Notifications will comply with all applicable legal requirements.
• We will provide information about the breach and recommended actions.

Reporting Security Issues

If you discover a potential security vulnerability in our Platform, please report it immediately to security@grabzilla.com. We request that you:

• Provide detailed information about the vulnerability.
• Allow reasonable time for us to investigate and remediate.
• Refrain from exploiting the vulnerability or accessing unauthorized data.
• Keep the vulnerability confidential until we have addressed it.

Business Continuity & Disaster Recovery

Redundancy

Our infrastructure is designed with redundancy across multiple availability zones, backup power systems, and redundant network paths.

Backups

• Automated daily backups of customer data.
• Backups stored in geographically separate locations.
• Regular testing of backup restoration procedures.

Disaster Recovery

We maintain a Disaster Recovery Plan that includes Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), documented recovery procedures, and regular testing of recovery capabilities.

Compliance & Certifications

We maintain compliance with relevant security standards including:

• SOC 2 Type II (Service Organization Control).
• GDPR (General Data Protection Regulation) where applicable.
• CCPA/CPRA (California Consumer Privacy Act).
• Applicable state data protection laws.

We undergo regular audits to verify our compliance with these standards.

Your Security Responsibilities

While we implement robust security measures, you also play a role in protecting your information.

Password Security

• Use a strong, unique password for your GrabZilla account.
• Do not reuse passwords across multiple services.
• Change your password if you suspect any compromise.

Account Protection

• Enable multi-factor authentication if available.
• Log out after each session, especially on shared devices.
• Monitor your account for unauthorized activity.

Device Security

• Keep your operating system and browser updated.
• Use reputable antivirus and anti-malware software.
• Avoid using public or unsecured Wi-Fi for sensitive transactions.

Recognizing Threats

• Be cautious of phishing emails attempting to steal your credentials.
• Verify the authenticity of any unexpected communication claiming to be from GrabZilla.
• Report suspicious activity to us immediately.

Limitations

No security system is impenetrable. While we implement industry-standard security measures, we cannot guarantee that unauthorized access, data loss, or other security incidents will never occur. By using our Platform, you acknowledge that there are inherent risks in transmitting information over the internet and storing data electronically.

Updates to This Security Policy

We may update this Security Policy from time to time as our security practices evolve or as required by law. Material changes will be notified through our Platform or via email. The “Effective” date at the top of this page indicates when this policy was last revised.

Contact Information

If you have questions about this Security Policy or wish to report a security concern, please contact us:

By using GrabZilla's Platform, you acknowledge that you have read, understood, and agree to the security practices described in this Security Policy.