How we keep your test data private, your API keys secure,
and your simulations running reliably.
Gridmock is a testing tool. Here's what security means for us.
Hosted on AWS. Standard best practices. Nothing fancy.
All connections (dashboard, API, WebSocket) use TLS 1.3 encryption.
Automatic backups and monitoring to keep your tests running.
We're working toward SOC 2 Type II certification. If your procurement process requires it,contact us — we can prioritize it or provide alternative attestations.
Only your team. Test data is isolated per account. We don't access it unless you explicitly request support and grant temporary access.
Message logs are retained based on your plan (24h to 30 days). You can export anytime via CSV/JSON. After account deletion, all data is permanently removed within 30 days.
Yes, but rate limits apply. If you're planning aggressive load tests (>10k requests/sec), contact us first to avoid triggering DDoS protection.
Revoke it immediately in your dashboard. Generate a new key within seconds. We also support IP whitelisting (Professional tier+) to limit where keys can be used from.
Please report it to security@gridmock.com. We respond within 24 hours and credit researchers in our changelog.
No bug bounty program yet — we're a small team. But we'll send you swag and public thanks if you help us fix something important.