Greetly security

All PII is securely stored in Greetly’s cloud environment, with hosting options in both the EU and North America to meet regional compliance requirements.

All data in Greetly is encrypted in transit and at rest, ensuring that sensitive visitor and employee information is protected end-to-end. Greetly also protects visitor PII data with: 

• Role-based access controls: Only authorized admins can view or export data
• Audit logs: All check-ins, check-outs, and changes are logged for accountability

Admins can configure data retention policies to automatically delete Visitor Log entries after a set period, or request manual purges at any time.

Yes. Greetly supports SAML 2.0-based SSO with providers such as Okta and Azure AD, allowing secure authentication for employees and admins.

No. User provisioning is not SCIM-based today. Users can be added manually, uploaded via CSV, or synced via directory integrations such as Azure AD, Active Directory, or Google Workspace.

Yes. Greetly offers hosting options in both the European Union and North America, enabling organizations to select where their visitor data is stored to meet regional compliance requirements.

Yes. Greetly is fully GDPR compliant, including configurable data retention, consent messaging, and visitor log deletion to align with EU privacy regulations.

Yes. Greetly aligns with the California Consumer Privacy Act (CCPA) by providing transparency in what data is collected and allowing admins to configure deletion of visitor records or request purges on demand.

Retention is fully configurable by admins. You can set Visitor Log deletion policies to automatically remove records after a defined period, or manually purge data at any time.

Yes. All visitor check-ins, check-outs, and admin changes are logged for visibility and compliance reviews. These logs can be exported for audits or investigations, and logs can be automatically distributed via email to admins and other stakeholders for on-site visibility. 

Greetly does not currently publish SOC 2 or ISO 27001 certifications. However, as part of the OfficeSpace family, Greetly follows enterprise-grade security practices and benefits from the same security posture. For detailed documentation and certifications, IT leaders should visit our OfficeSpace Trust Center. 

Yes. Regular penetration testing is conducted as part of Greetly’s security program, aligned with OfficeSpace standards.

Greetly APIs are secured via API keys. The platform also supports OpenAPI 3.1, though custom API integrations beyond Zapier are limited.