We secure and protect your data.

Glint is designed to demonstrate compliance with GDPR.

Data privacy is a priority.

Glint complies with well-known privacy and data protection regulations and programs.
Glint is designed to help its customers demonstrate compliance with GDPR.

In line with the principles of privacy by design and by default, the Glint platform enables customers to honor data subjects’ rights under GDPR, such as the right to access, correct, and delete data.

Glint meets GDPR data retention and minimization requirements.

Glint’s standard privacy notices provide data subjects with the information required by GDPR (Articles 13 and 14). We have translated our privacy notices into more than 50 languages.

Glint has a legal mechanism for EU, EEA, and Swiss data transfers.

Glint and LinkedIn use Standard Contractual Clauses (SCCs) as the legal mechanism for cross-border data transfers, as do our subprocessors, listed online.

Glint’s data protection strategy is three-pronged.

Encryption, two-factor authentication, and comprehensive logging.
Encryption

Glint encrypts data in transit and at rest using secure, up-to-date protocols and key lengths.

  • Encryption in motion – TLS 1.2
  • Encryption at rest – AES–256 disk encryption
Access controls

Glint uses VPN, unique user accounts, single sign-on, and two-factor authentication for all systems.

  • Role-based access controls (RBAC) for Glint users and customers
  • As a default, the Glint Engage dashboard will display only aggregate results, not raw data
  • Access by the Glint team to the database is based on a business need to know and follows the principle of least privilege
  • Access is removed promptly when no longer required due to employee termination or job change
  • Access rights review is performed regularly
  • Access requires approval and is tracked at all stages
Event logging and monitoring

Glint logs all users and network activity, and responds to alerts of any abnormal activity.

  • Firewalls and host-based intrusion detection (HIDS) are in place
  • Logs are reviewed monthly and upon alert
  • Logs are retained for one year

Glint protects your data in its data centers.

Your data is protected from physical and environmental threats in a secure data center.
Physical protection

Customer data is physically protected by Glint’s ISO and SOC 2 audited cloud hosting provider.

  • Unmarked data center facility
  • External barriers and guards
  • CCTV at data center
  • Locks, card readers, and alarms
  • No data center public tours
  • Authorized visitor procedures
  • Access control lists
Environmental protection

Environmental protections against fire, moisture, and loss of power or connectivity.

  • HVAC and humidity controls
  • Heat and smoke detection
  • Fire suppression
  • Redundant and backup power
  • Redundant ISPs

We can back up what we say.

Glint undergoes independent security auditing, vulnerability scanning, and penetration testing.
Industry-standard security evaluation

Annual SOC 2 Type II audit conducted by a reputable third party

This audit validates the processes and policies of Glint’s Information Security Management Program (ISMP).

Vulnerability scanning and penetration

Weekly vulnerability scans by an independent third party, and annual external application penetration testing

All critical, high and medium findings are remediated appropriately.

Glint is subject to the LinkedIn Data Processing Agreement.

The LinkedIn Data Processing Agreement (DPA) is incorporated into customers’ agreements with Glint and LinkedIn. The DPA, drafted with Article 28 of the GDPR in mind, addresses the following key topics, among others:

  • compliance with laws
  • customer and LinkedIn obligations
  • data processing
  • audits and certifications
  • data transfer (including cross-border transfers)
  • data return and deletion
Ready to see Glint in action?
Request a Demo