Introduction
Security is an important part of the Gleam platform and we take it very seriously.
We use appropriate technical and organizational security measures to protect any personal information we process about visitors to our application against unauthorized access, disclosure, alteration, and destruction. However, please note that no Internet transmission can ever be guaranteed to be 100% secure, so we encourage you to take care when disclosing personal information online and to use readily available tools such as Internet firewalls, secure e-mail and similar technologies to protect yourself online.
Certifications
Gleam has successfully completed a System and Organization Controls (SOC) 2 Type II audit, performed by Sensiba San Filippo, LLP (SSF). Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality and privacy. A SOC 2 Type II report describes a service organization's systems and whether the design of specified controls meets the relevant trust services categories, and assesses the effectiveness of those controls over a specified period of time. Gleam’s SOC 2 Type II report did not have any noted exceptions and therefore was issued with a “clean” audit opinion from SSF.
Gleam customers can request Gleam's SOC2 Type II by contacting us at security@gleam.io.
Encryption
Sensitive and private data exchange between the Site and its Users happens over an SSL secured communication channel and is encrypted and protected with digital signatures.
Our platform is built using industry-standard encryption such as encrypting data at rest using AES-256 bit encryption and data in transit using TLS 1.2.
In addition to data being encrypted, passwords are hashed using BCrypt.
Cloud Infrastructure
Gleam is hosted on cloud infrastructure from Amazon Web Services. We perform continuous backups and retain daily snapshots. The app is hosted in Oregon in multiple availability zones with Disaster Recovery systems in Ohio.
Authentication
For an extra level of protection, Gleam supports 2FA for customer login.
Breach Disclosure
In case of an unauthorized security intrusion that materially affects you or your users within Gleam, Gleam will notify you as soon as possible and report the action we took in response.
At present, Gleam has not had any data breaches or security incidents.
Penetration Testing
Penetration testing is regularly performed on Gleam's Systems. These reports from these pentration tests available to customers on request. Gleam also uses a variety of tools to monitor the running applications, code, and infrastructure continually.
Bug Bounty Program
Gleam runs a Bug Bounty program with cash bounties via HackerOne. If you have a bug to report and/or would to join this program, please contact our security team at security@gleam.io.
Security Training
All Gleam staff are required to perform Security Training. All employees are anually assessed for their Security Training and receive additional training as required.
Payment Details
Gleam uses Stripe to process our credit card payments and no credit card details are stored on our servers. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
Contacting Us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at privacy@gleam.io