Skip to main content

Security Certifications

S
Written by Support

Greenly Security Certifications: Protecting Your Environmental Data

At Greenly, security is not just a feature; it is a foundational pillar of our platform. We handle sensitive financial and operational data to help you manage your carbon footprint, and we are committed to maintaining the highest industry standards for data protection.
Our security posture is validated by independent third-party auditors and continuous monitoring.

Core Certifications & Audits

1. SOC 2 Type II

Greenly successfully undergoes an annual SOC 2 Type II examination. This report, prepared by independent auditors (Sensiba), provides assurance that our service commitments and system requirements are achieved based on the trust services criteria:

  • Security: Protection against unauthorized access

  • Availability: Ensuring systems are accessible for operation and monitoring

  • Confidentiality: Protecting information designated as confidential

  • Processing Integrity: Ensuring system processing is complete, valid, and accurate

  • Privacy: Managing personal information in conformity with our privacy notice

2. ISO/IEC 27001

We maintain an ISO/IEC 27001 certified Information Security Management System (ISMS). This certification confirms that Greenly has implemented a comprehensive suite of security controls—from physical security to software development—to manage risks and protect information assets.

Technical Security Standards

Our certifications are supported by robust, "Security-by-Design" technical measures:

  • Data Residency & Sovereignty: All customer data is hosted in Europe(primarily GCP France), ensuring compliance with GDPR and local data residency requirements

  • Encryption: We use industry-standard encryption to safeguard your data:

  • At Rest: Data in our databases (PostgreSQL) is encrypted using AES-256-In Transit: All data movement is protected via SSL/TLS 1.3 secured connections

  • Continuous Monitoring: We utilize Vanta for 24/7 automated monitoring of our security controls and Datadog for real-time security signals and log analysis

  • Penetration Testing: We conduct annual third-party penetration tests to identify and remediate potential vulnerabilities before they can be exploited


Employee & Operational Security

Security is embedded in our company culture and daily operations:

  • Access Control: We follow the principle of Least Privilege. Access to customer data is strictly controlled via Role-Based Access Control (RBAC) and is reviewed quarterly

  • Identity Management: Multi-Factor Authentication (MFA) is enforced across all critical cloud resources.

  • Training: 100% of Greenly employees complete mandatory security awareness training upon hire and annually thereafter

  • Secure SDLC: Our development process includes automated code checks, peer reviews, and mandatory unit testing to ensure no code enters production without passing security gates


Accessing our Reports:
Existing customers and qualified prospects can request our full SOC 2 Type II Report or view our live security posture through our Vanta Trust Center. Please contact your Account Manager or our Support team for access.

Did this answer your question?