Big News — Pat Gelsinger Named Executive Chair and Head of Technology at Gloo
Get the Full Story

SVG Path Shimmer

Connect a graphic layer using the handle or upload an SVG file.

Big News — Pat Gelsinger Named Executive Chair and Head of Technology at Gloo
Get the Full Story

SVG Path Shimmer

Connect a graphic layer using the handle or upload an SVG file.

Big News — Pat Gelsinger Named Executive Chair and Head of Technology at Gloo
Get the Full Story

SVG Path Shimmer

Connect a graphic layer using the handle or upload an SVG file.

Trust Center

For the champion - the church
For Individuals & Champions

Gloo Website Terms of Service

Interactive Services and Assessment Terms of Service

Gloo Services Terms of Service

Supplemental Terms of Service

Supplemental Terms for Gloo Impact

Supplemental Terms for Gloo AI

Data Processing Agreement

Gloo Services Acceptable Use Policy (AUP)

For Partners & Vendors

Data Protection Standards

Producer Terms

General

Privacy Statement

HR Privacy Statement

Resources

Security Statement

Data Privacy FAQ

Security Statement

This Gloo Security Statement of technical and organizational data security (this “Statement”) provides an overview of the commercially reasonable technical and organizational data security measures that Gloo, LLC (“Gloo”) has taken to protect data in its custody or control (“Gloo Data”). By itself, this Statement shall not create any rights or entitlements for anyone. If Gloo and its customers incorporate this Statement by reference into a contract, then the parties’ rights and obligations shall be determined based on that contract.

Gloo's security and compliance programs and policies are implemented in accordance with the AICPA 2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy, with additional guidance from the TrustArc-Nymity Integrated Privacy Frameworks and the NIST Cybersecurity Framework. As such, the following have been implemented:

  1. Organizational measures

Gloo implements the following measures to ensure that its employees and contractors (collectively, "Personnel") and vendors align with Gloo's security standards:

  • Gloo implements an acceptable use policy and contractual measures to ensure that its Personnel process Gloo Data in accordance with data security requirements imposed by applicable law and contract;

    • Gloo conducts background checks of Personnel as permitted by applicable law;

    • Gloo regularly trains Personnel regarding privacy and security topics to ensure that they understand and adhere to Gloo’s information security policies and protocols;

    • Gloo conducts due diligence of vendors that process Gloo Data to ensure that they implement appropriate security standards, including to ensure that they are able to implement measures no less protective than those set forth in this Statement; and

    • Gloo implements policies providing for disciplinary action with respect to Personnel who do not comply with its information security policies.

  1. Data processing areas

Gloo implements the following physical security measures to prevent unauthorized persons from gaining physical access to areas containing Gloo’s data processing equipment:

  • Gloo's data centers are hosted by a third-party cloud services provider with externally audited physical access controls;

  • Access to Gloo Personnel workspaces is protected by at least: locks, floor-to-ceilling barriers, a 24/7 security alarm system; and

  • Access to Gloo Personnel workspaces is subject to appropriate restrictions and the principle of least privilege (i.e., on a need-to know basis).

  1. Data processing systems

Gloo implements the following measures to prevent its data processing systems from being used/accessed by unauthorized persons:

  • Gloo maintains an inventory of its assets which may hold or process Gloo Data;

  • Gloo issues Personnel their own unique login credentials which they are required not to share with others;

  • Gloo assigns Personnel access rights dependent on their job requirements and in accordance with the principle of least privilege;

  • Gloo regularly reviews Personnel access rights;

  • Password requirements adhere to industry standard constraints in length, complexity, and history;

  • Gloo disables Personnel access privileges to Gloo’s data processing systems as soon as possible after their access privileges are no longer required such as post-termination;

  • Gloo administers and enforces policies governing Personnel rights and obligations with respect to Gloo Data;

  • Gloo implements two-factor authentication as available and appropriate;

  • Gloo’s data processing systems automatically terminate Personnel sessions after a certain period of inactivity and automatically lock out a Personnel account after a certain number of erroneous passwords being entered on login;

  • Gloo implements automated monitoring systems to detect unusual or unauthorized activities and conditions; and

  • Gloo maintains logs of access and changes to Gloo Data via Gloo’s data processing systems.

  1. Data management

Gloo uses the following information security technologies to prevent the unauthorized access, use, disclosure, modification and deletion of Gloo Data:

  • Gloo encrypts all Gloo Data at rest and when in transit over public networks;

  • Gloo-managed computers are protected with updated antivirus as well as whole disk or partition encryption;

  • Gloo maintains the integrity of Gloo Data via a vulnerability management program for all programs used; and

  • Gloo uses vendor recommended Cloud Security Posture Management ("CSPM") services to proactively monitor, alert, and remediate incorrect configurations across our platform.

  1. Availability

Gloo implements the following measures to protect Gloo Data from accidental destruction or loss:

  • Gloo implements infrastructure redundancy to ensure that data is backed up at an industry-standard frequency and data access can be restored as soon as practicable where necessary;

  • Gloo ensures that only Personnel authorized by Gloo may authorize the recovery of backups or the movement of data outside of its main data processing systems, and security measures have been adopted to avoid loss or unauthorized access to data, when moved; and

  • Gloo implements and administers appropriate disaster recovery and business continuity plans.

  1. Ongoing measures

Gloo implements additional measures to protect Gloo Data, including (but not limited to):

  • Gloo undergoes external penetration testing upon significant product changes through trusted security partners, to ensure the systems remain secure and contained;

  • Gloo undergoes regular internal audits with respect to its security policies and procedures;

  • Gloo maintains a risk assessment program that includes identification, tracking, and remediation of all identified risk and vulnerabilities to Gloo’s infrastructure and Gloo Data;

  • Gloo administers policies to ensure that Gloo Data is securely deleted, destroyed or erased once it is no longer required, regardless of the media on which it is stored; and

  • Gloo administers policies to identify and respond to incidents involving Gloo Data, mitigate the effects of any such incidents, document their outcomes, and notify appropriate stakeholders.

Last Revised: April 11, 2023

For Individuals & Champions

Gloo Website Terms of Service

Interactive Services and Assessment Terms of Service

Gloo Services Terms of Service

Supplemental Terms of Service

Supplemental Terms for Gloo Impact

Supplemental Terms for Gloo AI

Data Processing Agreement

Gloo Services Acceptable Use Policy (AUP)

For Partners & Vendors

Data Protection Standards

Producer Terms

General

Privacy Statement

HR Privacy Statement

Resources

Security Statement

Data Privacy FAQ

Security Statement

This Gloo Security Statement of technical and organizational data security (this “Statement”) provides an overview of the commercially reasonable technical and organizational data security measures that Gloo, LLC (“Gloo”) has taken to protect data in its custody or control (“Gloo Data”). By itself, this Statement shall not create any rights or entitlements for anyone. If Gloo and its customers incorporate this Statement by reference into a contract, then the parties’ rights and obligations shall be determined based on that contract.

Gloo's security and compliance programs and policies are implemented in accordance with the AICPA 2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy, with additional guidance from the TrustArc-Nymity Integrated Privacy Frameworks and the NIST Cybersecurity Framework. As such, the following have been implemented:

  1. Organizational measures

Gloo implements the following measures to ensure that its employees and contractors (collectively, "Personnel") and vendors align with Gloo's security standards:

  • Gloo implements an acceptable use policy and contractual measures to ensure that its Personnel process Gloo Data in accordance with data security requirements imposed by applicable law and contract;

    • Gloo conducts background checks of Personnel as permitted by applicable law;

    • Gloo regularly trains Personnel regarding privacy and security topics to ensure that they understand and adhere to Gloo’s information security policies and protocols;

    • Gloo conducts due diligence of vendors that process Gloo Data to ensure that they implement appropriate security standards, including to ensure that they are able to implement measures no less protective than those set forth in this Statement; and

    • Gloo implements policies providing for disciplinary action with respect to Personnel who do not comply with its information security policies.

  1. Data processing areas

Gloo implements the following physical security measures to prevent unauthorized persons from gaining physical access to areas containing Gloo’s data processing equipment:

  • Gloo's data centers are hosted by a third-party cloud services provider with externally audited physical access controls;

  • Access to Gloo Personnel workspaces is protected by at least: locks, floor-to-ceilling barriers, a 24/7 security alarm system; and

  • Access to Gloo Personnel workspaces is subject to appropriate restrictions and the principle of least privilege (i.e., on a need-to know basis).

  1. Data processing systems

Gloo implements the following measures to prevent its data processing systems from being used/accessed by unauthorized persons:

  • Gloo maintains an inventory of its assets which may hold or process Gloo Data;

  • Gloo issues Personnel their own unique login credentials which they are required not to share with others;

  • Gloo assigns Personnel access rights dependent on their job requirements and in accordance with the principle of least privilege;

  • Gloo regularly reviews Personnel access rights;

  • Password requirements adhere to industry standard constraints in length, complexity, and history;

  • Gloo disables Personnel access privileges to Gloo’s data processing systems as soon as possible after their access privileges are no longer required such as post-termination;

  • Gloo administers and enforces policies governing Personnel rights and obligations with respect to Gloo Data;

  • Gloo implements two-factor authentication as available and appropriate;

  • Gloo’s data processing systems automatically terminate Personnel sessions after a certain period of inactivity and automatically lock out a Personnel account after a certain number of erroneous passwords being entered on login;

  • Gloo implements automated monitoring systems to detect unusual or unauthorized activities and conditions; and

  • Gloo maintains logs of access and changes to Gloo Data via Gloo’s data processing systems.

  1. Data management

Gloo uses the following information security technologies to prevent the unauthorized access, use, disclosure, modification and deletion of Gloo Data:

  • Gloo encrypts all Gloo Data at rest and when in transit over public networks;

  • Gloo-managed computers are protected with updated antivirus as well as whole disk or partition encryption;

  • Gloo maintains the integrity of Gloo Data via a vulnerability management program for all programs used; and

  • Gloo uses vendor recommended Cloud Security Posture Management ("CSPM") services to proactively monitor, alert, and remediate incorrect configurations across our platform.

  1. Availability

Gloo implements the following measures to protect Gloo Data from accidental destruction or loss:

  • Gloo implements infrastructure redundancy to ensure that data is backed up at an industry-standard frequency and data access can be restored as soon as practicable where necessary;

  • Gloo ensures that only Personnel authorized by Gloo may authorize the recovery of backups or the movement of data outside of its main data processing systems, and security measures have been adopted to avoid loss or unauthorized access to data, when moved; and

  • Gloo implements and administers appropriate disaster recovery and business continuity plans.

  1. Ongoing measures

Gloo implements additional measures to protect Gloo Data, including (but not limited to):

  • Gloo undergoes external penetration testing upon significant product changes through trusted security partners, to ensure the systems remain secure and contained;

  • Gloo undergoes regular internal audits with respect to its security policies and procedures;

  • Gloo maintains a risk assessment program that includes identification, tracking, and remediation of all identified risk and vulnerabilities to Gloo’s infrastructure and Gloo Data;

  • Gloo administers policies to ensure that Gloo Data is securely deleted, destroyed or erased once it is no longer required, regardless of the media on which it is stored; and

  • Gloo administers policies to identify and respond to incidents involving Gloo Data, mitigate the effects of any such incidents, document their outcomes, and notify appropriate stakeholders.

Last Revised: April 11, 2023

Security Statement

Security Statement

This Gloo Security Statement of technical and organizational data security (this “Statement”) provides an overview of the commercially reasonable technical and organizational data security measures that Gloo, LLC (“Gloo”) has taken to protect data in its custody or control (“Gloo Data”). By itself, this Statement shall not create any rights or entitlements for anyone. If Gloo and its customers incorporate this Statement by reference into a contract, then the parties’ rights and obligations shall be determined based on that contract.

Gloo's security and compliance programs and policies are implemented in accordance with the AICPA 2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy, with additional guidance from the TrustArc-Nymity Integrated Privacy Frameworks and the NIST Cybersecurity Framework. As such, the following have been implemented:

  1. Organizational measures

Gloo implements the following measures to ensure that its employees and contractors (collectively, "Personnel") and vendors align with Gloo's security standards:

  • Gloo implements an acceptable use policy and contractual measures to ensure that its Personnel process Gloo Data in accordance with data security requirements imposed by applicable law and contract;

    • Gloo conducts background checks of Personnel as permitted by applicable law;

    • Gloo regularly trains Personnel regarding privacy and security topics to ensure that they understand and adhere to Gloo’s information security policies and protocols;

    • Gloo conducts due diligence of vendors that process Gloo Data to ensure that they implement appropriate security standards, including to ensure that they are able to implement measures no less protective than those set forth in this Statement; and

    • Gloo implements policies providing for disciplinary action with respect to Personnel who do not comply with its information security policies.

  1. Data processing areas

Gloo implements the following physical security measures to prevent unauthorized persons from gaining physical access to areas containing Gloo’s data processing equipment:

  • Gloo's data centers are hosted by a third-party cloud services provider with externally audited physical access controls;

  • Access to Gloo Personnel workspaces is protected by at least: locks, floor-to-ceilling barriers, a 24/7 security alarm system; and

  • Access to Gloo Personnel workspaces is subject to appropriate restrictions and the principle of least privilege (i.e., on a need-to know basis).

  1. Data processing systems

Gloo implements the following measures to prevent its data processing systems from being used/accessed by unauthorized persons:

  • Gloo maintains an inventory of its assets which may hold or process Gloo Data;

  • Gloo issues Personnel their own unique login credentials which they are required not to share with others;

  • Gloo assigns Personnel access rights dependent on their job requirements and in accordance with the principle of least privilege;

  • Gloo regularly reviews Personnel access rights;

  • Password requirements adhere to industry standard constraints in length, complexity, and history;

  • Gloo disables Personnel access privileges to Gloo’s data processing systems as soon as possible after their access privileges are no longer required such as post-termination;

  • Gloo administers and enforces policies governing Personnel rights and obligations with respect to Gloo Data;

  • Gloo implements two-factor authentication as available and appropriate;

  • Gloo’s data processing systems automatically terminate Personnel sessions after a certain period of inactivity and automatically lock out a Personnel account after a certain number of erroneous passwords being entered on login;

  • Gloo implements automated monitoring systems to detect unusual or unauthorized activities and conditions; and

  • Gloo maintains logs of access and changes to Gloo Data via Gloo’s data processing systems.

  1. Data management

Gloo uses the following information security technologies to prevent the unauthorized access, use, disclosure, modification and deletion of Gloo Data:

  • Gloo encrypts all Gloo Data at rest and when in transit over public networks;

  • Gloo-managed computers are protected with updated antivirus as well as whole disk or partition encryption;

  • Gloo maintains the integrity of Gloo Data via a vulnerability management program for all programs used; and

  • Gloo uses vendor recommended Cloud Security Posture Management ("CSPM") services to proactively monitor, alert, and remediate incorrect configurations across our platform.

  1. Availability

Gloo implements the following measures to protect Gloo Data from accidental destruction or loss:

  • Gloo implements infrastructure redundancy to ensure that data is backed up at an industry-standard frequency and data access can be restored as soon as practicable where necessary;

  • Gloo ensures that only Personnel authorized by Gloo may authorize the recovery of backups or the movement of data outside of its main data processing systems, and security measures have been adopted to avoid loss or unauthorized access to data, when moved; and

  • Gloo implements and administers appropriate disaster recovery and business continuity plans.

  1. Ongoing measures

Gloo implements additional measures to protect Gloo Data, including (but not limited to):

  • Gloo undergoes external penetration testing upon significant product changes through trusted security partners, to ensure the systems remain secure and contained;

  • Gloo undergoes regular internal audits with respect to its security policies and procedures;

  • Gloo maintains a risk assessment program that includes identification, tracking, and remediation of all identified risk and vulnerabilities to Gloo’s infrastructure and Gloo Data;

  • Gloo administers policies to ensure that Gloo Data is securely deleted, destroyed or erased once it is no longer required, regardless of the media on which it is stored; and

  • Gloo administers policies to identify and respond to incidents involving Gloo Data, mitigate the effects of any such incidents, document their outcomes, and notify appropriate stakeholders.

Last Revised: April 11, 2023

Security Statement

Security Statement

This Gloo Security Statement of technical and organizational data security (this “Statement”) provides an overview of the commercially reasonable technical and organizational data security measures that Gloo, LLC (“Gloo”) has taken to protect data in its custody or control (“Gloo Data”). By itself, this Statement shall not create any rights or entitlements for anyone. If Gloo and its customers incorporate this Statement by reference into a contract, then the parties’ rights and obligations shall be determined based on that contract.

Gloo's security and compliance programs and policies are implemented in accordance with the AICPA 2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy, with additional guidance from the TrustArc-Nymity Integrated Privacy Frameworks and the NIST Cybersecurity Framework. As such, the following have been implemented:

  1. Organizational measures

Gloo implements the following measures to ensure that its employees and contractors (collectively, "Personnel") and vendors align with Gloo's security standards:

  • Gloo implements an acceptable use policy and contractual measures to ensure that its Personnel process Gloo Data in accordance with data security requirements imposed by applicable law and contract;

    • Gloo conducts background checks of Personnel as permitted by applicable law;

    • Gloo regularly trains Personnel regarding privacy and security topics to ensure that they understand and adhere to Gloo’s information security policies and protocols;

    • Gloo conducts due diligence of vendors that process Gloo Data to ensure that they implement appropriate security standards, including to ensure that they are able to implement measures no less protective than those set forth in this Statement; and

    • Gloo implements policies providing for disciplinary action with respect to Personnel who do not comply with its information security policies.

  1. Data processing areas

Gloo implements the following physical security measures to prevent unauthorized persons from gaining physical access to areas containing Gloo’s data processing equipment:

  • Gloo's data centers are hosted by a third-party cloud services provider with externally audited physical access controls;

  • Access to Gloo Personnel workspaces is protected by at least: locks, floor-to-ceilling barriers, a 24/7 security alarm system; and

  • Access to Gloo Personnel workspaces is subject to appropriate restrictions and the principle of least privilege (i.e., on a need-to know basis).

  1. Data processing systems

Gloo implements the following measures to prevent its data processing systems from being used/accessed by unauthorized persons:

  • Gloo maintains an inventory of its assets which may hold or process Gloo Data;

  • Gloo issues Personnel their own unique login credentials which they are required not to share with others;

  • Gloo assigns Personnel access rights dependent on their job requirements and in accordance with the principle of least privilege;

  • Gloo regularly reviews Personnel access rights;

  • Password requirements adhere to industry standard constraints in length, complexity, and history;

  • Gloo disables Personnel access privileges to Gloo’s data processing systems as soon as possible after their access privileges are no longer required such as post-termination;

  • Gloo administers and enforces policies governing Personnel rights and obligations with respect to Gloo Data;

  • Gloo implements two-factor authentication as available and appropriate;

  • Gloo’s data processing systems automatically terminate Personnel sessions after a certain period of inactivity and automatically lock out a Personnel account after a certain number of erroneous passwords being entered on login;

  • Gloo implements automated monitoring systems to detect unusual or unauthorized activities and conditions; and

  • Gloo maintains logs of access and changes to Gloo Data via Gloo’s data processing systems.

  1. Data management

Gloo uses the following information security technologies to prevent the unauthorized access, use, disclosure, modification and deletion of Gloo Data:

  • Gloo encrypts all Gloo Data at rest and when in transit over public networks;

  • Gloo-managed computers are protected with updated antivirus as well as whole disk or partition encryption;

  • Gloo maintains the integrity of Gloo Data via a vulnerability management program for all programs used; and

  • Gloo uses vendor recommended Cloud Security Posture Management ("CSPM") services to proactively monitor, alert, and remediate incorrect configurations across our platform.

  1. Availability

Gloo implements the following measures to protect Gloo Data from accidental destruction or loss:

  • Gloo implements infrastructure redundancy to ensure that data is backed up at an industry-standard frequency and data access can be restored as soon as practicable where necessary;

  • Gloo ensures that only Personnel authorized by Gloo may authorize the recovery of backups or the movement of data outside of its main data processing systems, and security measures have been adopted to avoid loss or unauthorized access to data, when moved; and

  • Gloo implements and administers appropriate disaster recovery and business continuity plans.

  1. Ongoing measures

Gloo implements additional measures to protect Gloo Data, including (but not limited to):

  • Gloo undergoes external penetration testing upon significant product changes through trusted security partners, to ensure the systems remain secure and contained;

  • Gloo undergoes regular internal audits with respect to its security policies and procedures;

  • Gloo maintains a risk assessment program that includes identification, tracking, and remediation of all identified risk and vulnerabilities to Gloo’s infrastructure and Gloo Data;

  • Gloo administers policies to ensure that Gloo Data is securely deleted, destroyed or erased once it is no longer required, regardless of the media on which it is stored; and

  • Gloo administers policies to identify and respond to incidents involving Gloo Data, mitigate the effects of any such incidents, document their outcomes, and notify appropriate stakeholders.

Last Revised: April 11, 2023