Security, Privacy & Compliance

Whether you’re serving millions of customers or your first hundred, we built Gladly to treat your information as if it's our own.


Security & Availability

API Security

All API calls are encrypted. Calls are made from static addresses that can be whitelisted. API keys can be rotated by the customer from the admin dashboard. We also log all API calls for a 1 year duration.

Disaster Recovery

Gladly has a Disaster Recovery plan and a Backup plan, in addition to a Business Continuity Plan, to ensure that we are able to continue serving our customers in adverse situations. These plans are periodically tested and updated.

High Availability (HA)

Gladly is designed for deployment across several regions and leverages multiple AWS availability zones for redundancy. We also deploy and rollback updates with zero downtime.

Information Encryption in Transit and at Rest

All customer data is using TLS 1.2+ for web traffic, and AES-256 at rest.

Intrusion Detection and Prevention Systems (IDS/IPS)

Gladly has implemented an automated intrusion prevention system as well as a Web Application Firewall which allows us to proactively block any malicious attempts that impact our security system.

Secure Credentials for Support Agents

We use salted and one-way cryptographically hashed passwords. We have strong password requirements and also support SSO.

Secure Credit Card Payments

As an optional feature, Gladly offers the ability to securely capture and transmit credit and debit card data through voice and chat. This data is never stored by Gladly, and is only available for a few minutes so that the support agent can process a transaction.

Secure Development Processes

Gladly has several processes in place to ensure that our software stays secure. Some highlights include:
  • Change management controls
  • Risk assessments before major changes
  • Periodic internal and external penetration tests
  • Strong access control policies
  • Periodic security trainings

Secure Infrastructure

Gladly uses a host of security best practices for our infrastructure, including but not limited to: Federated Identity Access Management (IAM), Security Groups, FIPS 140-2 standards-based encryption, logical network isolation using Virtual Private Clouds (VPCs) and an Application Load Balancer (ALB).

Separate Database Schema Per Customer

Gladly is a multi-tenant environment, with logical separation between customer organizations, assuring that no data is ever shared

Vulnerability Remediation

All critical vulnerabilities are addressed within 30 days of discovery. You can disclose security vulnerabilities to Gladly at All new lines of code go through a rigorous change management control process.



Gladly complies with CCPA.


Gladly complies with GDPR.


Gladly agrees to comply with the Health Insurance Portability and Accountability Act as a Business Associate (BA).

Privacy Shield

On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.



Gladly is WCAG ADA 2.0 AA compliant. Our certificate is available on request.


Gladly is PCI v3.2.1 compliant as a Service Provider. Our certificate is available on request.

Questions? Anything we didn’t answer? Please contact us.