We’ve Got You Covered! Gladly’s Now PCI Compliant

Gladly Team

4 minute read

Ready to see what radically personal customer service looks like? Sign up for a free demo with Gladly today.

According to a recent PwC survey, 87% of consumers say they will take their business elsewhere if they feel a company isn’t handling their data responsibly. That’s an incredibly impactful statistic for the modern contact center today which deals with an immense volume of sensitive customer data on a daily basis. And it also underscores the importance of having a customer service software that handles that information, whether it’s sent over phone, email, chat, or social media, in a secure, reliable manner.

At Gladly, we put a lot of time, effort, and thought towards the security and integrity of our platform. Because we believe it not only gives our customers peace of mind, but it’s important for their customers as well to feel that their important, sensitive information is kept safe and secure.

That’s why we are so pleased to announce that Gladly is now officially PCI compliant. Gladly’s journey towards PCI compliance is but one of the steps we’re taking as part of our overall commitment to providing the highest standard of service to our enterprise customers.

What does Gladly’s PCI compliance mean for you?

Well, if you’re a company that accepts credit card payments from customers, and you store, process, or transfer that information, you’re legally required to have safeguards in place (as mandated by the PCI Security Standards Council) to keep that information secure.

And that requirement extends to the third-party platforms and services that you use to help your customers as well, even if the primary purpose isn’t to process or store credit card information. If there’s any possibility that such information may be exchanged over the platform or service, it must be PCI compliant.

Here are a few ways that we safeguard sensitive customer information in Gladly:

Product

Automatic credit card redaction: Any credit card information provided by a customer over email, SMS, live chat or Facebook Messenger is automatically redacted to just the last four digits, before the information ever reaches our systems.
Pause and delete call recordings: If a customer needs to share sensitive information during a voice call (e.g. credit card or social security numbers) agents can pause the call recording so that information doesn’t get stored on our systems. And when they’re accidentally shared, that recording can just be deleted altogether.
Encryption of, and restricted access to, customer information: All communications within Gladly are secured with industry-standard HTTPS, and all stored data is encrypted to ensure customer information is protected end-to-end. Companies can also restrict access to customer information to a strictly need-to-know basis.

Process

Secure systems and applications: We regularly monitor and update our systems to reduce potential vulnerabilities, including bi-annual penetration testing, monthly security scanning, and regular internal compliance audits.
Annual third-party audits: Our security processes are audited annually by external auditors to ensure we maintain high standards when it comes to protecting customer information.
Automatic security key rotation: Beyond simply encrypting sensitive data, encryption keys are regularly rotated, on an automated basis, to ensure that user data is properly secured.
Compliant data retention policies: Gladly maintains strict data retention policies to ensure that customer data is stored only when absolutely required.

People

Regular security training: All employees undergo mandatory security best practices training on joining Gladly, with regular, recurring updates.
Security and Compliance: Our Security and Compliance team is focused on ensuring the strict enforcement of our standards and policies.
Security-first culture: We’ve prioritized a security-first culture at Gladly, because simply having secure policies is not enough — it’s on the people to not only execute on those policies, but consider security in every action they take. Security is integrated into our everyday processes (from how we hire, to how we handle visitors at Gladly) as well as every feature we build (all the way from its initial planning, through its life cycle).

Gladly’s PCI compliance is a testament to the high standards that we set for ourselves, and we look forward to not only maintaining, but always improving on how we make our platform more secure.

If you’d like to see how Gladly helps deliver a modern customer experience securely, reach out to us at hello@gladly.com.

Shun Chen is the VP of Product at Gladly where he helps drive the roadmap and direction for the platform. Gladly is a customer service platform that focuses on people at the heart of it, not tickets or cases. Built for the 21st-century consumer, Gladly enables companies to converse seamlessly in a lifetime of conversations across voice, email, messaging, chat and social media. Agents are empowered, customers feel known, and companies increase love, loyalty and lifetime value through empathetic conversations. Click here to learn more about what we do and how we do it.

Cookie	Duration	Description
_biz_flagsA	1 year	A Cloudflare cookie set to record users’ settings as well as for authentication and analytics.
_biz_pendingA	1 year	A Cloudflare cookie set to record users’ settings as well as for authentication and analytics.
_biz_sid	30 minutes	This cookie is set by Bizible, to store the user's session id.
_lfa	2 years	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
AWSELB	session	Associated with Amazon Web Services and created by Elastic Load Balancing, AWSELB cookie is used to manage sticky sessions across production servers.
BIGipServer*	session	Marketo sets this cookie to collect information about the user's online activity and build a profile about their interests to provide advertisements relevant to the user.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__debugmode__	session	No description
_an_uid	7 days	No description available.
_clck	1 year	No description
_clsk	1 day	No description
_g2_session_id	session	Description is currently not available.
_gaexp_rc	past	No description available.
_lfa_test_cookie_stored	past	No description
_sp_id.e982	2 years	No description
_sp_ses.e982	30 minutes	No description
6suuid	2 years	No description available.
adEdition	1 day	No description available.
adops_master_kvs	never	No description available.
akaas_TODAY	10 days	No description available.
AnalyticsSyncHistory	1 month	No description
BIGipServerab46web-nginx-app_https	session	No description
cf_clearance	1 year	Description is currently not available.
cto_bundle	1 year 24 days	No description available.
cto_writeable	1 hour	No description
debug	never	No description available.
deviceToken	7978 years	No description
dpi_test	1 day	No description
dpi_utmOrigVals	1 month	No description
events_distinct_id	session	Description is currently not available.
geoEdition	1 day	No description available.
glady_viewed_demo_popup	session	No description
glady_viewed_notification	1 year 4 months 13 days	No description
li_gc	2 years	No description
m	2 years	No description available.
muc_ads	2 years	No description
nbcnews_geolocation	session	No description
next-i18next	1 year	No description available.
SM	session	No description available.
visitorId	1 year	No description

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
IMRID	1 year 24 days	The domain of this cookie is owned by Nielsen. The cookie is used for storing the start and end of the user session for nielsen statistics. It helps in consumer profiling for online advertising.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
sp	1 year	This cookie is set by the host c.jabmo.app. This cookie is used to serve the content based on user interest and improve content creation.
TDID	1 year	TDID cookie is set by Cloudflare service to store a unique ID that identifies a returning user's device which is then used for targeted advertising.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_BUID	1 year	This cookie, set by Bizible, is a universal user id to identify the same user across multiple clients’ domains.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_57791012_1	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_svisitor	2 years	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_gd_visitor	2 years	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_parsely_session	30 minutes	This cookie is used to track the behavior of a user within the current session.
_sp_id.*	1 year 1 month 4 days	Snowplow sets this cookie to store user information that is created when a user first visits a site and is updated on subsequent visits.
_sp_ses.*	30 minutes	Snowplow sets this cookie to store user information that is created when a user first visits a site and is updated on subsequent visits.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.
ajs_anonymous_id	never	This cookie is set by Segment to count the number of people who visit a certain site by tracking if they have visited before.
ajs_group_id	never	This cookie is set by Segment to track visitor usage and events within the website.
ajs_user_id	never	This cookie is set by Segment to help track visitor usage, events, target marketing, and also measure application performance and stability.
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
SSCVER	1 year 24 days	The domain of this cookie is owned by Nielsen. The cookie is used for online advertising by creating user profile based on their preferences.
UID	2 years	Scorecard Research sets this cookie for browser behaviour research.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_alid_	session	This cookie is set by the provider mielevod-vh.akamaihd.net. This cookie is used for making the live streaming of video content more efficient.
_biz_nA	1 year	This cookie, set by Bizible, is a sequence number that Bizible includes for all requests, for internal diagnostics purposes.
_biz_uid	1 year	This cookie is set by Bizible, to store user id on the current domain.
_vis_opt_test_cookie	session	Visual Website Optimizer creates this cookie to determine whether or not cookies are enabled on the user's browser.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
language	session	This cookie is used to store the language preference of the user.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
PBSECURESUSID	session	This cookie is set by the provider Podbean. This is a session cookie used to verify that the users are on secure sessions. It helps iin implementing audio files on the website.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

We’ve Got You Covered! Gladly’s Now PCI Compliant

What does Gladly’s PCI compliance mean for you?

What Is a Customer Service Hero?

The Magic of Gladly – Driving Irrational Customer Loyalty

The Journey to AI – Real Business Cases Brands Are Testing Today