Security is an important part of the Gleam platform and we take it very seriously.
We use appropriate technical and organizational security measures to protect any personal information we process about visitors to our application against unauthorized access, disclosure, alteration, and destruction. However, please note that no Internet transmission can ever be guaranteed to be 100% secure, so we encourage you to take care when disclosing personal information online and to use readily available tools such as Internet firewalls, secure e-mail and similar technologies to protect yourself online.
Gleam has successfully completed a System and Organization Controls (SOC) 2 Type I audit, performed by Sensiba San Filippo, LLP (SSF). Developed by the American Institute of Certified Public Accountants (AICPA), the SOC 2 information security standard is an audit report on the examination of controls relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality and privacy. A SOC 2 Type I report describes a service organization's systems and whether the design of specified controls meets the relevant trust services categories at a point-in-time. Gleam's SOC 2 Type I report did not have any noted exceptions and therefore was issued with a “clean” audit opinion from SSF.
Gleam customers can request Gleam's SOC2 Type I by contacting us at firstname.lastname@example.org.
Gleam is currently in the observation period for a SOC 2 Type II. This report is expected to be available by January 2022.
Sensitive and private data exchange between the Site and its Users happens over an SSL secured communication channel and is encrypted and protected with digital signatures.
Our platform is built using industry-standard encryption such as encrypting data at rest using AES-256 bit encryption and data in transit using TLS 1.2.
In addition to data being encrypted, passwords are hashed using BCrypt.
Gleam is hosted on cloud infrastructure from Amazon Web Services. We perform continuous backups and retain daily snapshots. The app is hosted in Oregon in multiple availability zones with Disaster Recovery systems in Ohio.
For an extra level of protection, Gleam supports 2FA for customer login.
In case of an unauthorized security intrusion that materially affects you or your users within Gleam, Gleam will notify you as soon as possible and report the action we took in response.
At present, Gleam has not had any data breaches or security incidents.
Penetration testing is regularly performed on Gleam's Systems. These reports from these pentration tests available to customers on request. Gleam also uses a variety of tools to monitor the running applications, code, and infrastructure continually.
All Gleam staff are required to perform Security Training. All employees are anually assessed for their Security Training and receive additional training as required.
Gleam uses Stripe to process our credit card payments and no credit card details are stored on our servers. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
If you have any questions about Gleam's security, please contact our security team at email@example.com.
This document was last updated on Oct 7th, 2021