Security, Privacy & Compliance
Whether you’re serving millions of customers or your first hundred, we built Gladly to treat your information as if it's our own.
X
Security & Availability
API Security
All API calls are encrypted. Calls are made from static addresses that can be whitelisted. API keys can be rotated by the customer from the admin dashboard. We also log all API calls for a 1 year duration.
Disaster Recovery
Gladly has a Disaster Recovery plan and a Backup plan, in addition to a Business Continuity Plan, to ensure that we are able to continue serving our customers in adverse situations. These plans are periodically tested and updated.
High Availability (HA)
Gladly is designed for deployment across several regions and leverages multiple AWS availability zones for redundancy. We also deploy and rollback updates with zero downtime.
Information Encryption in Transit and at Rest
All customer data is using TLS 1.2+ for web traffic, and AES-256 at rest.
Intrusion Detection and Prevention Systems (IDS/IPS)
Gladly has implemented an automated intrusion prevention system as well as Web Application Firewall which allow us to proactively block any malicious attempts that impact our security system. Additionally, Gladly monitors any critical security alerts that may have impact to the security of Gladly’s system and customer data.
Secure Credentials for Support Agents
We use salted and one-way cryptographically hashed passwords. We have strong password requirements and also support SSO.
Secure Credit Card Payments
As an optional feature, Gladly offers the ability to securely capture and transmit credit and debit card data through voice and chat. This data is never stored by Gladly, and is only available for a few minutes so that the support agent can process a transaction.
Secure Development Processes
Gladly has several processes in place to ensure that our software stays secure. Some highlights include:
- Change management controls
- Risk assessments before major changes
- Periodic internal and external penetration tests
- Strong access control policies
- Periodic security trainings
Secure Infrastructure
Gladly uses a host of security best practices for our infrastructure, including but not limited to: Federated Identity Access Management (IAM), Security Groups, FIPS 140-2 standards-based encryption, logical network isolation using Virtual Private Clouds (VPCs) and an Application Load Balancer (ALB).
Separate Database Schema Per Customer
Gladly is a multi-tenant environment, with logical separation between customer organizations, assuring that no data is ever shared
Vulnerability Remediation
All critical vulnerabilities are addressed within 30 days of discovery. Additionally, we have a bug bounty program to continually test and improve our security. All new lines of code go through rigorous change management control process.
Privacy
CCPA
Gladly complies with CCPA.
GDPR
Gladly complies with GDPR.
HIPAA
Gladly agrees to comply with the Health Insurance Portability and Accountability Act as a Business Associate (BA).
Privacy Shield
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
Compliance
ADA
Gladly is WCAG ADA 2.0 AA compliant. Our certificate is available on request.
PCI
Gladly is PCI v3.2.1 compliant as a Service Provider. Our certificate is available on request.
Questions? Anything we didn’t answer? Please contact us.
