At PlanGrid, we understand that the confidentiality, integrity, and availability of your data is vital to your business, and we take our responsibility to protect it very seriously. Used on more than 500,000 projects around the world, PlanGrid helps workers build better while safeguarding their data in the cloud by implementing stringent security measures and procedures at all levels.
Visibility and control of all project access
PlanGrid has implemented strict permission levels so you can control who has access to your projects. These include:
Collaborators cannot delete shared data. This is the least permissive role.
Power Collaborators can share markups with the team, but they cannot delete sheets or documents.
Administrators have control over the project and settings and manage project team members.
For organization-owned projects, only the Organization Administrator has the power to delete projects, and manage project team members and subscriptions.
Industry leading encryption in transit
All data transfers from a device to PlanGrid’s secure cloud with industry standard 2048-bit SSL encryption.
Passwords are stored and transmitted securely and hashed using a strong salt. PlanGrid's public enterprise API utilizes the industry-standard authorization protocol OAuth 2.0.
Strict access control policies
Access to customer data internally is limited and provided only when absolutely required or requested by the customer. Code repositories are protected using multifactor authentication.
Document uploads are restricted to specific file types to prevent malicious code from executed on clients or on our cloud hosting machines.View the full list of supported file types.
PlanGrid uses SaaS industry standard processes for managing and storing encryption keys.
Automated vulnerability detection
PlanGrid’s infrastructure is scanned daily for vulnerable packages.
DoS and DDoS protection
PlanGrid’s applications and infrastructure are protected against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, ensuring our high uptime.
Highly secure cloud
PlanGrid hosts data in Amazon data centers, which is an industry leader in secure hosting facilities management. Read more about security at Amazon.
- Access to Amazon data centers requires multi-factor authentication, and all access is logged. Logs are routinely audited.
- Professional security staff are present at the data centers 24/7.
- Uninterruptable Power Supplies prevent downtime and backup generators are installed in every data center.
World-class cloud service you can count on
PlanGrid’s SLA ensures 99.5% uptime for services. Databases and infrastructure are available in multiple geographic regions in the United States, allowing resilience in the face of natural disasters or service interruptions. Read more about our disaster response plan.
Application and data portability
PlanGrid provides well documented and easily accessible interfaces to help ensure customer data is not ‘locked in’ and that the cost for moving to another cloud provider is minimal.
Third party security assessments
PlanGrid’s applications are tested using industry leading vendors.
Payment processes are PCI compliant
PlanGrid does not store PCI-related payment information. All sensitive data is stored by a PCI Service Provider Level 1 certified third party provider.
All PlanGrid employees are trained on security best practices at time of hire and are re-trained annually.
Third party vendor review
Our vendors work just as hard as we do to ensure your data is safe and secure. All third party vendors are audited for compliance with PlanGrid’s security standards.