In this article, you'll find information on the security measures ShareGate uses to keep your data safe.

We have dedicated teams working on application and operational security with the full support of our management.

Third-party penetration testing is conducted yearly and complemented by internal tests and secure code reviews. Our internal policies cover vulnerability handling to ensure a quick analysis and mitigation of any issues.

All of your data within the application is encrypted at rest using AES 256 and in transit using TLS 1.2.

Database backups are performed frequently. They are encrypted at rest and made available in the event of a disaster.

When sensitive or personal data needs to be stored or cached, an additional application-level encryption layer is used.

For more information, see Encryption and data security.

Access to administrative operations and production infrastructure is only granted to a few select engineers through Azure's Privileged Identity Management service with time restrictions and approval processes enabled. They must connect through a Virtual Private Network (VPN) with Multi-Factor Authentication (MFA).

We will contact you to obtain explicit consent in the event our engineers require administrative access that could reveal any of your organization's data to resolve issues you are facing with ShareGate.

In the event of a security incident, our Security Incident Response Team (SIRT) will take all necessary measures to resolve the issue and communicate with the affected users as soon as possible.

As soon as a problem is suspected or detected, our incident handlers receive automated priority calls and messages.

We believe responding to incidents is of the utmost importance. Our security incident response team has all the required resources, including those of our parent company, if additional help is needed.

Incident handling drills happen periodically to ensure that our team is as efficient as possible if a real incident occurs.

All our employees undergo a background check and undergo mandatory security training. We monitor conformity with the Azure Security Center.

Our security program is aligned with ISO 27001.

ShareGate is ready to handle any requests related to GDPR. Workflows are in place to ensure a fast response time on any formal request and our support team has been trained accordingly.

Our legal and security teams are hard at work ensuring that ShareGate's existing and new processes comply with the law.

You can find our privacy policy and Data Processing Addendum here: https://sharegate.com/privacy-policy.

For more information on our security practices, see our security FAQ.

Note: A minimal amount of tenant data will pass securely through our environment in the Microsoft Azure East US 2 region during operation. Regarding ShareGate's archive feature, you can set your preferred storage solution for your data. Additional questions can be directed to our support team.