Security and Privacy are a top priority for us. Thousands of customers trust us with their data, and Geckoboard takes this responsibility seriously.

We adhere to rigorous security measures and employ industry-accepted security controls and privacy frameworks to maintain the platform's security and compliance with industry regulations.

We are PCI DSS compliant and certified by Cloud Application Security Assessment (CASA).

We also embrace the “data minimization” principle, limiting information collection (particularly personal information) to what is directly relevant and necessary to accomplish the specified purpose: displaying your key metrics. Therefore, data from integrations typically consists of meta-data.

All communication between your computer and Geckoboard is encrypted using HTTPS (256-bit TLS). This is the same level of encryption used by banks and financial institutions, and it is designed to prevent third parties from seeing sensitive information you send to/receive from Geckoboard.

We also encrypt data at rest. For example, when you connect a service to Geckoboard, we encrypt the credentials using AES-GCM cipher.

We recommend reading our detailed security documentation to learn more about Geckoboard’s security framework, processes and features.

To learn more about how personal data is processed (in the context of the EU GDPR, the UK GDPR, the FADP, the UK Data Protection Act 2018, US State Privacy Laws or any

applicable implementation), check our DPA.