Security at Harvestry

Protecting your cultivation data is our top priority. Learn about our comprehensive security measures.

Our Security Commitment

At Harvestry, we understand that cannabis cultivators handle sensitive operational data and must maintain strict compliance with state regulations. Our platform is built from the ground up with enterprise-grade security controls to protect your data and support your compliance requirements.

We employ a defense-in-depth approach, implementing multiple layers of security controls across our infrastructure, application, and operational processes. Our security program is continuously monitored and improved to address emerging threats.

Security Features

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Access Control

Role-based access control (RBAC) ensures users only access data they're authorized to view.

Infrastructure Security

Hosted on SOC 2 Type II compliant infrastructure with 24/7 monitoring and intrusion detection.

Audit Logging

Comprehensive audit trails track all system access and changes for compliance and accountability.

Regular Assessments

Annual penetration testing and security assessments by independent third-party firms.

Incident Response

Documented incident response procedures with defined SLAs for breach notification.

Data Protection

Encryption Standards

In Transit: All data transmitted between your devices and our servers uses TLS 1.3 encryption.
At Rest: Data stored in our databases is encrypted using AES-256 encryption.
Backup Encryption: All backups are encrypted and stored in geographically distributed locations.
Key Management: Encryption keys are managed through hardware security modules (HSMs).

Multi-Tenant Isolation

Each customer's data is logically isolated using row-level security (RLS) policies. This ensures that data from different organizations can never be accessed or mixed, even in the event of application-level vulnerabilities.

Authentication & Access

Multi-factor authentication (MFA) support for all accounts
Single Sign-On (SSO) integration for enterprise customers
Password policies enforcing minimum complexity requirements
Automatic session timeout and re-authentication
IP allowlisting for sensitive operations (optional)

Compliance & Certifications

We maintain compliance with industry standards and regulations to ensure your data is handled according to best practices.

SOC 2 Type II certified infrastructure

GDPR compliant data handling

CCPA compliant privacy practices

HIPAA-ready architecture

Regular third-party security audits

Documented data processing agreements

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it to us responsibly. We appreciate your help in keeping Harvestry secure for all users.

Report Security Issues

Email: security@harvestry.io

Please include detailed information about the vulnerability and steps to reproduce.

Questions?

For questions about our security practices or to request our security documentation, please contact our security team.

Harvestry Security Team