Processing...

Grapevine Security Statement

Security and Infrastructure Overview

At Grapevine, ensuring the security, confidentiality, and integrity of your data is paramount. Our services are hosted on secure, private cloud infrastructure provided by F12.net, a Canadian managed IT services leader with SOC 2 Type 2 certification. This strategic partnership allows us to deliver robust security, continuous availability, and compliance with industry standards.

Data Center Security

Our applications and data are hosted in secure Canadian data centers managed by F12.net. These state-of-the-art facilities comply with stringent security, regulatory, and availability standards. Physical security includes biometric authentication, controlled access, CCTV surveillance, and multi-zoned fire suppression systems. Facilities also feature redundant power supplies, including backup generators and uninterruptible power supply (UPS) systems, redundant cooling systems to maintain optimal environmental conditions, and continuous 24/7 monitoring by dedicated Network Operations Center (NOC) personnel. Additionally, these data centers utilize backup carriers, enabling automatic cutover in the event of physical or network disruptions involving primary carriers such as Rogers or Bell.

Network and Endpoint Protection

We utilize comprehensive endpoint protection and network security measures, including advanced endpoint detection and response technologies, centrally managed antivirus and malware prevention, Data Loss Prevention (DLP) technologies, secure access controls with multi-factor authentication, and continuous monitoring. Regular third-party penetration tests are conducted to ensure ongoing security effectiveness.

Business Continuity and Disaster Recovery

We leverage F12.net's robust business continuity services, enabling seamless service transition between geographically dispersed Canadian data centers (Eastern and Western Canada). This capability ensures rapid recovery, minimal disruption, and consistent availability of our services even in the event of a significant operational impact.

Backup and Data Protection

Regular encrypted backups are conducted according to secure retention policies, ensuring data integrity and availability for restoration purposes. All backups remain encrypted both in transit and at rest.

Application-Level Security

Our application incorporates multiple layers of security to protect customer data:

  • Customer data is encrypted both in transit (SSL/TLS) and at rest.
  • Strong password policies are enforced, with all passwords securely hashed and salted.
  • Payment transactions are securely handled by trusted third-party payment providers (Moneris), and no credit card data is stored internally.
  • Secure data deletion procedures are in place, with clear processes for customers to request deletion of their data. Deleted data may persist in encrypted backups for a defined retention period before permanent removal.

For further information about our security practices, please contact dataprotection@grapevinesurveys.com.

Reviewed May 1, 2025