The entire ShareGate team considers your privacy and security a priority. This article outlines some of the measures we have in place to ensure your data remains secure.

We have dedicated teams working on application and operational security with the full support of our management.

Third-party penetration testing is conducted yearly and complemented by internal tests and secure code reviews. Our internal policies cover vulnerability handling to ensure a quick analysis and mitigation of any issues.

All data within the applications is encrypted at rest using AES-256 and in transit using TLS 1.2.

ShareGate Protect and the migration assessment perform database backups frequently. They are encrypted at rest and made available in the event of a disaster. When sensitive or personal data needs to be stored or cached, an additional application-level encryption layer is used.

Access to our internal administrative operations and production infrastructure is granted to only a select few engineers through Azure's Privileged Identity Management service, which includes time restrictions and approval processes. They must connect through a Virtual Private Network (VPN) with Multi-Factor Authentication (MFA).

We will contact you to obtain explicit consent if our engineers require access that could reveal any of your organization's data to resolve issues you are facing with ShareGate Home, Protect, or the online migration assessment.

ShareGate Migrate never puts your migrated data in contact with our servers. Since the app is installed locally on your machine, the data is encrypted and travels from your source SharePoint or Microsoft 365 environment to your local machine (where ShareGate Migrate is running), and then to your destination SharePoint or Microsoft 365 environment.

No content is copied to your local machine either. If your environments are secure, your content is secure.

Our support team can receive sensitive information when you submit a diagnostic package. Diagnostic mode only collects data relevant to resolving issues, and all the information is stored securely in Azure. This data is collected solely to diagnose problems.

For more information, see Diagnostic mode.

ShareGate Migrate can receive telemetry packages, which are used to improve our product and do not contain confidential information. However, you can turn telemetry off if you prefer not to share that usage information.

In the event of a security incident, our Security Incident Response Team (SIRT) will take all necessary measures to resolve the issue and communicate with the affected users as soon as possible.

As soon as a problem is suspected or detected, our incident handlers receive automated priority calls and messages.

We believe responding to incidents is of the utmost importance. Our security incident response team has access to all the required resources, including those of our parent company, should additional assistance be needed.

Incident handling drills are conducted periodically to ensure our team is as efficient as possible in the event of a real incident.

All our employees undergo a background check and mandatory security training. We monitor conformity with the Azure Security Center.

Our security program is aligned with the ISO 27001 standard.

ShareGate is ready to handle any requests related to GDPR. Workflows are in place to ensure a fast response time on any formal request, and our support team has been trained accordingly.

Our legal and security teams are working diligently to ensure that ShareGate's existing and new processes comply with all applicable laws and regulations.

Learn more about our policies:

Note: For additional questions, please contact our support team.