Goody’s application is hosted on Amazon Web Services, Heroku, and Vercel, industry-leading SOC 2 Type 2 and ISO 27001-compliant infrastructure providers. Amazon Web Services provides physical, perimeter, and network security.

For business accounts, Google Workspace or Microsoft accounts can be used to SSO into your Goody account. Custom SAML SSO is also available.

We perform third-party penetration testing of our application and infrastructure annually.

HTTPS (TLS) is enforced for all communication between clients and our servers. Data is encrypted at rest in our database. Backups are taken regularly and continuously.

Goody maintains internal security policies covering a range of topics, including data management, incident response, secure development, and business continuity and disaster response. Employees undergo regular security training.

Access to data is restricted only to employees who require it, and segmented using role-based access control. We follow the principle of least privilege to restrict access to data, and all requests for access privileges are logged and go through an approval process.

Goody uses Stripe for payment processing, a PCI Level 1 service provider.