Information Security Practices at Groww

We are committed to maintaining the highest standards of security practices to protect your valuable data and ensure your peace of mind. At Groww, we prioritize your security above all else. In this section, we present the best practices that we diligently follow to safeguard your sensitive information and maintain a secure environment. By adhering to industry-leading best practices, we strive to ensure the confidentiality, integrity, and availability of your data. 

1. Cloud Infrastructure - The Virtual Private Cloud on Google Cloud Platform serves as a secure and robust technology platform for Groww. This empowers us to deliver our services to users with the highest levels of security and reliability.

 - Identity and access management: By adhering to the principle of least privilege, we ensure that our employees only possess the necessary permissions, eliminating excessive privileges.

 - Perimeter Security: We enforce strict network segmentation, isolating environments and services to enhance security and prevent unauthorized access. We have a solution in place to mitigate DDoS. This solution serves as a protective shield for all our public endpoints. Additionally, we have an advanced Web application firewall (WAF) in place for protecting against various types of attacks, including cross-site scripting (XSS), SQL injection, and other web-based vulnerabilities.

- Business continuity and disaster recovery: Our disaster recovery program ensures service availability and easy recovery in emergencies. It involves creating robust technical systems, devising recovery plans, and conducting regular testing to ensure effectiveness.

2. Endpoint Security: All endpoints are equipped with antivirus and antimalware solutions for comprehensive protection against threats and malicious software.

3. Client side Security: For customers, we have 2FA enabled which requires PIN (In every session) and 3FA which requires OTP (When customer’s log in to new device or browser) 

4. Virtual Private network:

We utilize an advanced Zero Trust Network Access (ZTNA) platform to ensure secure remote access for our hybrid workforce, combining remote and on-premises capabilities. This solution helps us in inspecting the traffic in network, URL Filtering, reliable user identification, secure end to end connection between internal and cloud based apps etc

5. Audit and Compliance:

 - Our dedicated internal Security Team conducts regular internal and external security audits to ensure the ongoing security of our systems and processes. These periodic assessments help identify vulnerabilities and ensure compliance with security standards and regulations.

 - Before onboarding any third-party vendors, we subject them to a rigorous risk assessment process. This ensures that potential risks associated with the vendors are thoroughly evaluated and mitigated. Our goal is to maintain a secure environment by carefully selecting vendors who meet our stringent security standards.

6. Vulnerability Assessment and Penetration Testing (VAPT):

 - Our periodic external security testing is carried out by CERT-In empanelled auditors, reinforcing our commitment to maintaining robust security practices.

 - In order to uphold the highest level of security within our organization, our information security team employs advanced tools and technologies, conducting both manual and automated vulnerability assessment and penetration testing activities.

7. Data Security 

 - Encryption at rest and in motion: All business critical and/or sensitive information of customers including payment information is protected by strong encryption mechanisms during data at rest and data at transfer within systems/applications.

 - Authentication and authorization: Individuals or systems are granted only the minimum level of access or privileges necessary to perform their authorized tasks preventing potential damage and reducing the risk of unauthorized access or misuse of resources.

 - Auditing: Periodic audits are carried out by both internal and external auditors to ensure a thorough assessment and adherence to compliance standards throughout the Groww ecosystem.

 - Tooling: We deploy best in class technologies to prevent any data loss events. By having this solution in place we make sure that users/employees do not send sensitive or critical information outside the corporate network, avoiding bulk download of data,  configuring user workstations to block the use of USB devices etc.

8. Standards and certifications: 

 - We are ISO 27001:2013, MASA certified ensuring compliance with industry best practices for secure information management. This demonstrates our commitment to data protection and security in handling sensitive information

 - To enhance the effectiveness of our business operations, we adhere to various regulatory frameworks such as RBI (Reserve Bank of India), SEBI (Securities and Exchange Board of India), and NSE/BSE (National Stock Exchange/Bombay Stock Exchange). Compliance with these frameworks helps us maintain regulatory standards and ensures transparency, trust, and accountability in our business practices.

9. Privacy Policy

 - At Groww, we prioritize your privacy, which means we never share or trade your personal information with any external parties for their marketing objectives unless we have received your explicit consent.

Check out our privacy policy here

10. Responsible Disclosure

In the event that you discover a potential security vulnerability on Groww products and you are a security enthusiast or researcher, we urge you to responsibly report the issue to us.

To submit the bug, please visit https://security.groww.in

Vaishnavi Tech Park, 3rd & 4th Floor

Sarjapur Main Road, Bellandur

Bengaluru – 560103

Contact Us

PRODUCTS
StocksFutures & OptionsIPOMutual FundsNFOETFCreditBill Payments
GROWW
About UsPricingBlogMedia & PressCareersHelp and SupportTrust and Safety
QUICK LINKS
AMC Mutual FundsCalculatorsGlossaryOpen Demat AccountGroww DigestSitemapWeb Stories
ⓒ 2016-2024 Groww. All rights reserved, Built with in India
MOST POPULAR ON GROWWVERSION - 5.4.9
STOCK MARKET INDICES:  S&P BSE SENSEX |  S&P BSE 100 |  NIFTY 100 |  NIFTY 50 |  NIFTY MIDCAP 100 |  NIFTY BANK |  NIFTY NEXT 50
POPULAR MUTUAL FUNDS:  QUANT SMALL CAP FUND |  ICICI PRUDENTIAL COMMODITIES FUND |  NIPPON INDIA SMALL CAP FUND |  PARAG PARIKH FLEXI CAP FUND |  GROWW NIFTY TOTAL MARKET INDEX FUND |  SBI SMALL MIDCAP FUND |  TATA DIGITAL INDIA FUND |  AXIS SMALL CAP FUND |  ICICI PRUDENTIAL TECHNOLOGY FUND |  HDFC INDEX FUND SENSEX PLAN |  HDFC SMALL CAP FUND |  AXIS EQUITY FUND |  CANARA ROBECO SMALL CAP FUND |  TATA SMALL CAP FUND |  UTI NIFTY FUND
MUTUAL FUNDS COMPANIES:  GROWWMF |  SBI |  AXIS |  HDFC |  UTI |  NIPPON INDIA |  ICICI PRUDENTIAL |  TATA |  KOTAK |  DSP |  CANARA ROBECO |  SUNDARAM |  MIRAE ASSET |  IDFC |  FRANKLIN TEMPLETON |  PPFAS |  MOTILAL OSWAL |  INVESCO |  EDELWEISS |  ADITYA BIRLA SUN LIFE |  LIC |  HSBC |  NAVI |  QUANTUM |  UNION |  ITI |  MAHINDRA MANULIFE |  360 ONE |  BOI |  TAURUS |  JM FINANCIAL |  PGIM |  SHRIRAM |  BARODA BNP PARIBAS |  QUANT |  WHITEOAK CAPITAL |  TRUST |  SAMCO |  NJ
TOOLS:  BROKERAGE CALCULATOR |  MARGIN CALCULATOR |  SIP CALCULATOR |  SWP CALCULATOR |  SUKANYA SAMRIDDHI YOJANA CALCULATOR |  MUTUAL FUND RETURNS CALCULATOR |  FD CALCULATOR |  RD CALCULATOR |  EMI CALCULATOR |  PPF CALCULATOR |  EPF CALCULATOR |  NPS CALCULATOR |  GRATUITY CALCULATOR
OTHERS:  NSE |  BSE |  Terms and Conditions |  Policies and Procedures |  Regulatory & Other Info |  Privacy Policy |  Disclosure |  Bug Bounty |  Download Forms |  Investor Charter and Grievance |  Redressal of Investor Grievances