...
Each customer gets their own S3 bucket, which is logically segregated from other customer buckets. Access to ZenGRC storage requires access to an instance of the ZenGRC application; if users outside your organization don't have access to your ZenGRC app, they can't access data in your ZenGRC Storage. This relies on authenticated requests to S3, whereby each customer ZenGRC application has a unique IAM key used to access their S3 bucket.
Encryption at Rest
Currently, data Data is not encrypted at rest in ZenGRC Storage.
...