Security is central to everything we do. We’re trusted by some of the largest brands in the world to deliver an excellent Customer service experience while guarding PII and other sensitive information.
SOC 2 #
We are SOC 2 Type 2 certified by an accredited auditing firm. As part of SOC 2, we’ve designed robust controls and policies to address our business risks and obtained audited enforcement confirmation.
We hire external pentesting firms and remediate discovered issues, and we can provide reports from our most recent pentest upon request.
GDPR and CCPA Policies and Procedures #
We follow GDPR and CCPA requirements and have a process in place to delete data and provide info upon request.
Upon receipt of a data-deletion request from a company on behalf of a user, Gladly Sidekick will delete all data connected to that user ID. That user ID is forever recorded as an unallowed ID.
If a database is restored from a backup, as a first step, an engineer ensures any unallowed ID from past deletion requests are again deleted from the restored backup.
If any data breaches are discovered, they will be patched as the highest priority. The breach disclosure will be clearly communicated to Team Managers in Gladly Sidekick’s dashboard.
We work with the following companies and tool systems to store, analyze, and transmit user data. They have been carefully vetted for best-in-class security practices.
- Google Cloud Platform – Cloud computing services
- Bugsnag – Error reporting
- Kalles Group – Pentesting and security analysis
Account Security #
We implement several account controls to give you and your team peace of mind. TOTP-based multi-factor authentication (works with Google Authenticator) is included for every Gladly Sidekick account.
We provide team management tools that allow you to add and remove team members and enforce their password security and 2FA. We also provide security-focused audit logs for important changes to your account and to detect data exfiltration.
Personally Identifiable Information #
Beyond the above account security efforts, we make numerous efforts to protect personally identifiable information (PII). Short data retention periods ensure we delete data as soon as possible. We anonymize data where possible and encrypt all data in transit and at rest using strong TLS ciphers and AES-256.
High Availability #
We focus on high availability and regularly exceed 99.99% uptime within Google Cloud tier 4 data centers, and Gladly Sidekick’s historical status can be seen at https://status.thankful.ai.
Coordinated Disclosure #
If any vulnerabilities in Gladly Sidekick’s infrastructure or application are found, please disclose these vulnerabilities in an email to [email protected]. We will acknowledge the issue within 24 hours, investigate, and assemble a remediation plan with agreed upon dates in line with our Information Security Policy.