Skip to main content
🚨 Data security

A Non-Disclosure Agreement was already signed to protect your accounting data. Learn more about our security policy at Greenly.

Support @Greenly avatar
Written by Support @Greenly
Updated over 11 months ago

At Greenly, we understand the importance of protecting our customers' data. That's why we have implemented rigorous security measures to ensure the privacy and safety of your sensitive information. We adhere to the most stringent security standards to ensure that our practices meet the highest data protection requirements.


Greenly is certified SOC 2 Type 2 and ISO 27001


What actions has Greenly taken for data security? What is the Security Policy of the company?

Personal data is processed exclusively by Offspend, hosted by Amazon Web Service within the EU. We implement technical and organizational security measures to ensure the confidentiality, integrity, and availability of your personal data. In addition, we are regularly audited by security specialists.

To improve the security of our customers' data, Greenly has established a processing register listing all of our subcontractors.


Furthermore, Greenly is certified both SOC2 & ISO27001 certifications. The trust of many customers such as BNP Paribas, Arkea, RCI, etc. attests to our security policy as these customers have audited our security systems. We have also been audited by the CNIL, who concluded that all our practices were compliant - something that is rarely noted. We're also happy to sign a confidentiality agreement (NDA) at your convenience.

Does Greenly have access to the data I store?

Employees do not have access to the content of your spaces unless you give us specific permission, we are only required to access them as part of an active abuse or fraud investigation or where access is necessary to comply with a valid legal process.

What kind of events are logged/audited?

  • Log In / Log Off

  • Failed login attempts

  • Session Creation / Session Termination

  • Password Change

  • All Administrative actions and configuration changes performed

  • User Create / Read / Update / Delete actions, Document or Object Create / Read / Update

  • Delete actions

  • Metadata Create / Read / Update / Delete actions

  • Identifying users and the actions they performed

  • Integration logs: API call successes and failures

  • Infrastructure logs Hypervisor / OS

  • Database Log+Transaction Logs

  • Source IP address of the actor

Did this answer your question?