Whether you’re serving millions of customers or your first hundred, we built Gladly to treat your information as if it's our own.
Security & Availability
All API calls are encrypted. Calls are made from static addresses that can be whitelisted. API keys can be rotated by the customer from the admin dashboard. We also log all API calls for a 1 year duration.
Gladly has a Disaster Recovery plan and a Backup plan, in addition to a Business Continuity Plan, to ensure that we are able to continue serving our customers in adverse situations. These plans are periodically tested and updated.
High Availability (HA)
Gladly is designed for deployment across several regions and leverages multiple AWS availability zones for redundancy. We also deploy and rollback updates with zero downtime.
Information Encryption in Transit and at Rest
All customer data is using TLS 1.2+ for web traffic, and AES-256 at rest.
Intrusion Detection and Prevention Systems (IDS/IPS)
Gladly has implemented an automated intrusion prevention system as well as Web Application Firewall which allow us to proactively block any malicious attempts that impact our security system. Additionally, Gladly monitors any critical security alerts that may have impact to the security of Gladly’s system and customer data.
Secure Credentials for Support Agents
We use salted and one-way cryptographically hashed passwords. We have strong password requirements and also support SSO.
Secure Credit Card Payments
As an optional feature, Gladly offers the ability to securely capture and transmit credit and debit card data through voice and chat. This data is never stored by Gladly, and is only available for a few minutes so that the support agent can process a transaction.
Secure Development Processes
Gladly has several processes in place to ensure that our software stays secure. Some highlights include:
Change management controls
Risk assessments before major changes
Periodic internal and external penetration tests
Strong access control policies
Periodic security trainings
Gladly uses a host of security best practices for our infrastructure, including but not limited to: Federated Identity Access Management (IAM), Security Groups, FIPS 140-2 standards-based encryption, logical network isolation using Virtual Private Clouds (VPCs) and an Application Load Balancer (ALB).
Separate Database Schema Per Customer
Gladly is a multi-tenant environment, with logical separation between customer organizations, assuring that no data is ever shared
All critical vulnerabilities are addressed within 30 days of discovery. Additionally, we have a bug bounty program to continually test and improve our security. All new lines of code go through rigorous change management control process.
Gladly complies with CCPA.
Gladly complies with GDPR.
Gladly agrees to comply with the Health Insurance Portability and Accountability Act as a Business Associate (BA).
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
Gladly is WCAG ADA 2.0 AA compliant. Our certificate is available on request.
Gladly is PCI v3.2.1 compliant as a Service Provider. Our certificate is available on request.
Questions? Anything we didn’t answer? Please contact us.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.