We secure and protect your data.
Glint is designed to demonstrate compliance with GDPR.
Data privacy is a priority.
In line with the principles of privacy by design and by default, the Glint platform enables customers to honor data subjects’ rights under GDPR, such as the right to access, correct, and delete data.
Glint meets GDPR data retention and minimization requirements.
Glint’s standard privacy notices provide data subjects with the information required by GDPR (Articles 13 and 14). We have translated our privacy notices into more than 50 languages.
Glint and LinkedIn use Standard Contractual Clauses (SCCs) as the legal mechanism for cross-border data transfers, as do our subprocessors, listed online.
Glint’s data protection strategy is three-pronged.
Glint encrypts data in transit and at rest using secure, up-to-date protocols and key lengths.
- Encryption in motion – TLS 1.2
- Encryption at rest – AES–256 disk encryption
Glint uses VPN, unique user accounts, single sign-on, and two-factor authentication for all systems.
- Role-based access controls (RBAC) for Glint users and customers
- As a default, the Glint Engage dashboard will display only aggregate results, not raw data
- Access by the Glint team to the database is based on a business need to know and follows the principle of least privilege
- Access is removed promptly when no longer required due to employee termination or job change
- Access rights review is performed regularly
- Access requires approval and is tracked at all stages
Glint logs all users and network activity, and responds to alerts of any abnormal activity.
- Firewalls and host-based intrusion detection (HIDS) are in place
- Logs are reviewed monthly and upon alert
- Logs are retained for one year
Glint protects your data in its data centers.
Customer data is physically protected by Glint’s ISO and SOC 2 audited cloud hosting provider.
- Unmarked data center facility
- External barriers and guards
- CCTV at data center
- Locks, card readers, and alarms
- No data center public tours
- Authorized visitor procedures
- Access control lists
Environmental protections against fire, moisture, and loss of power or connectivity.
- HVAC and humidity controls
- Heat and smoke detection
- Fire suppression
- Redundant and backup power
- Redundant ISPs
We can back up what we say.
Annual SOC 2 Type II audit conducted by a reputable third party
This audit validates the processes and policies of Glint’s Information Security Management Program (ISMP).
Weekly vulnerability scans by an independent third party, and annual external application penetration testing
All critical, high and medium findings are remediated appropriately.
The LinkedIn Data Processing Agreement (DPA) is incorporated into customers’ agreements with Glint and LinkedIn. The DPA, drafted with Article 28 of the GDPR in mind, addresses the following key topics, among others:
- compliance with laws
- customer and LinkedIn obligations
- data processing
- audits and certifications
- data transfer (including cross-border transfers)
- data return and deletion