Security & Compliance Policies

From advanced encryption techniques to thorough employee training programs, we go above and beyond to guarantee the security of your work environment.


ISO.27001 Glartek is certified by SGS for the ISO 27001 security certification, the international standard for Information Security Management Systems (ISMS). You can access our official certification document here.
GDPR We respect the EU’s General Data Protection Regulation, which outlines strict protections for consumer data, prioritizing integrity and confidentiality and limiting how organizations can handle data.
SOC 2 Type II We build our products to be compliant with AICPA’s SOC for Service Organizations Trust Services Criteria (SOC 2).


1 | Platform Access

Authentication Single Sign-on (SSO), Lightweight Directory Access Protocol (LDAP) and SAML to authenticate users in systems.
Password Enforce password complexity and expiration.s in systems.
Roles and Permissions Configurable user access to data and features.Enforce password complexity and expiration.s in systems.

2 | Customer Data

Encrypted Industry leading standard protocols to protect data in transit (including TLS 1.2 and 256 AES encryption) and at rest (including FIPS 140-2 compliant encryption standards).
Transfer Data transfers within or between countries/regions respect the EU, Swiss, UK and CCPA legislations.
Auditable All user and device actions and Data changes are logged for audit purposes.

3 | Availability

Uptime Redundant hosting partners providing 99.9% uptime SLAs.
Hardened Virtual Private Cloud Servers in separated infrastructure to prevent unauthorized access to/from our IT network.
Backups All customer Data is backed up off-site at least on a daily basis.


1 | Our Company

CISO We have appointed an experienced CISO full-time employee.
Risk Assessments We regularly perform Processes, Policies and Procedures (3P) and Privacy Impact self-assessments.
Security Assessments We work with partners for independent company and product assessments, such as black-box penetration testing.

2 | Our Employees

Training All employees undergo software development life-cycle security and awareness training annually.
Confidentially All employee and partner contracts include confidentiality clauses.
Data access All access to customer data is registered, logged and reported to the customer.

Contact Us

For further information, please contact Glartek’s security team by email at [email protected].

Still need help? Message Us