Greenly Security Certifications: Protecting Your Environmental Data
At Greenly, security is not just a feature; it is a foundational pillar of our platform. We handle sensitive financial and operational data to help you manage your carbon footprint, and we are committed to maintaining the highest industry standards for data protection.
Our security posture is validated by independent third-party auditors and continuous monitoring.
Core Certifications & Audits
1. SOC 2 Type II
Greenly successfully undergoes an annual SOC 2 Type II examination. This report, prepared by independent auditors (Sensiba), provides assurance that our service commitments and system requirements are achieved based on the trust services criteria:
Security: Protection against unauthorized access
Availability: Ensuring systems are accessible for operation and monitoring
Confidentiality: Protecting information designated as confidential
Processing Integrity: Ensuring system processing is complete, valid, and accurate
Privacy: Managing personal information in conformity with our privacy notice
2. ISO/IEC 27001
We maintain an ISO/IEC 27001 certified Information Security Management System (ISMS). This certification confirms that Greenly has implemented a comprehensive suite of security controls—from physical security to software development—to manage risks and protect information assets.
Technical Security Standards
Our certifications are supported by robust, "Security-by-Design" technical measures:
Data Residency & Sovereignty: All customer data is hosted in Europe(primarily GCP France), ensuring compliance with GDPR and local data residency requirements
Encryption: We use industry-standard encryption to safeguard your data:
At Rest: Data in our databases (PostgreSQL) is encrypted using AES-256-In Transit: All data movement is protected via SSL/TLS 1.3 secured connections
Continuous Monitoring: We utilize Vanta for 24/7 automated monitoring of our security controls and Datadog for real-time security signals and log analysis
Penetration Testing: We conduct annual third-party penetration tests to identify and remediate potential vulnerabilities before they can be exploited
Employee & Operational Security
Security is embedded in our company culture and daily operations:
Access Control: We follow the principle of Least Privilege. Access to customer data is strictly controlled via Role-Based Access Control (RBAC) and is reviewed quarterly
Identity Management: Multi-Factor Authentication (MFA) is enforced across all critical cloud resources.
Training: 100% of Greenly employees complete mandatory security awareness training upon hire and annually thereafter
Secure SDLC: Our development process includes automated code checks, peer reviews, and mandatory unit testing to ensure no code enters production without passing security gates
Accessing our Reports:
Existing customers and qualified prospects can request our full SOC 2 Type II Report or view our live security posture through our Vanta Trust Center. Please contact your Account Manager or our Support team for access.
