AI Security and Compliance

Table of Contents

AI and Data Security
- System safeguards and control mechanisms
- Compliance and Certification
Voice Transcription Security
Privacy and Compliance with Data Protection Regulations
- Conclusion

At Gladly, safeguarding customer data is not just a priority—it’s the foundation of everything we do. We’ve built a robust security infrastructure with stringent measures and advanced encryption protocols. These protections extend across our entire platform, from AI-driven features to payment processing, ensuring industry-leading compliance standards. Our commitment to data security, privacy, and integrity ensures your information remains protected at every touchpoint. Below, you’ll find an in-depth look at the steps we take to uphold these standards.

Visit https://trust.gladly.com/ to find documentation of our compliance with global standards, including certifications, attestations, and audit reports.

AI and Data Security #

Gladly’s AI enhances the customer experience while ensuring comprehensive data protection. Our AI is integrated through enterprise-grade APIs, generating contextually accurate responses to customer inquiries.

No Public Model Usage

Gladly does not require new customer data to train our proprietary models, nor do we provide customer data to any third parties to train their models, including large language models.

Data Privacy and Protection

Customer messages processed by our AI are never used to train AI models. AI vendors store data temporarily (up to 30 days) solely for monitoring purposes, such as detecting abuse or misuse, and then delete it unless required otherwise by law.

Encryption Standards

Gladly uses industry-standard encryption to protect all data in transit and at rest. This includes AES-256 encryption and TLS 1.2 for data transfer, ensuring that sensitive customer information remains secure.

Third-Party Audits and Compliance

Gladly’s AI partners, Azure, OpenAI, and Deepgram, are SOC 2 Type 2 and PCI Compliance and undergo annual penetration testing by third-party security auditors. These tests identify and fix potential vulnerabilities before they can be exploited. Additionally, Gladly maintains a Data Processing Agreement (DPA), which outlines how customer data is handled securely and in compliance with data protection regulations, such as GDPR.

System safeguards and control mechanisms #

Gladly employs several control mechanisms and system safeguards to prevent misuse of AI features and ensure customer interactions remain secure and accurate.

Entity Identification

When training our internal model, Gladly automatically identifies and removes any personally identifiable information (PII) (e.g., names, addresses, emails) to ensure that sensitive customer data is not exposed during the AI’s learning process.

Guardrails for AI Responses

Built-in safeguards are in place to ensure Gladly AI-powered features remain reliable and accurate. This includes:

Content detection: Identifying sensitive or inappropriate content and rerouting it to a human agent.
Hallucination prevention: Ensuring AI-generated responses are based on factual, approved content from your knowledge base.
~~Action limitations: Restricting the AI from performing tasks outside of its predefined capabilities, ensuring secure and on-brand interactions.~~
Action limitations and knowledge reliance: AI generates responses based on information provided in Gladly Answers. It is restricted from performing tasks outside of its predefined capabilities, ensuring a secure and on-brand tone in interactions.
Quality assurance: A review is conducted to ensure all responses adhere to approved content and align with brand standards.

Data Retention and Usage

For any customer conversation handled by AI, messages are processed temporarily to respond but are never retained or used for model training. Data retention is limited to 30 days for abuse detection purposes, after which it is deleted.

Compliance and Certification #

Gladly adheres to a range of global security standards and regulations to ensure customer data is processed and stored securely.

SOC 2 Type 2 and PCI Compliance

Gladly’s AI partners, Azure and Deepgram, are SOC 2 Type and PCI compliant, ensuring our systems meet rigorous security, availability, processing integrity, and confidentiality standards. Additionally, Gladly is PCI-DSS compliant, ensuring that payment data is processed securely and complies with industry regulations. Gladly runs redaction logic before sending the data to any third-party vendor.

DPA with Partners

We have signed Data Processing Agreements (DPAs) with all third-party vendors to ensure data is handled per GDPR and other data protection laws. These agreements outline how data is stored, processed, accessed, and used to ensure compliance with legal and security standards.

Voice Transcription Security #

Gladly uses Deepgram for Voice Summaries to transcribe and summarize voice interactions, ensuring the protection of sensitive customer data.

Data Security

Deepgram is SOC 2 Type and PCI compliant, meaning it adheres to the highest standards of data protection and confidentiality. All voice transcriptions and summaries are processed securely, and Gladly retains data ownership. Deepgram is the data custodian, ensuring that all sensitive information is stored and processed securely.

Data Handling

Our DPA with Deepgram ensures that voice data is always protected, following strict security protocols, including GDPR compliance, data breach reporting, and cooperation with relevant authorities. Voice data is used solely for transcription and summarization, with no unauthorized access or processing.

Privacy and Compliance with Data Protection Regulations #

Gladly is fully committed to ensuring the platform complies with privacy regulations such as CCPA and GDPR. We provide tools and processes to ensure customers are fully informed about how their data is collected and processed.

Customer Consent

Businesses can use Gladly to obtain explicit consent from customers for the collection and use of their personal data in accordance with GDPR and other privacy regulations. This can include pre-chat disclaimers and automated consent messages.

Data Subject Requests

Customers have the right to request the deletion of their data or conversation history and Gladly provides functionality to manage Data Subject Requests efficiently and securely.

Conclusion #

Gladly’s commitment to security spans across all aspects of the platform, from AI processing to payment handling. With industry-standard encryption, compliance with global regulations like SOC 2 Type 2 and PCI-DSS, and advanced data protection protocols, we ensure your customer data is always protected. As we continue to evolve our platform and integrate more advanced AI technologies, we remain dedicated to maintaining the highest standards of security, privacy, and compliance.

Was this article helpful?

0 Comments

Inline Feedbacks

View all comments

Contact Support

Can’t find the answer you need? Get in touch with the Gladly Support Team for assistance.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
__cf_bm	29 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_wpfuuid	1 year 1 month 4 days	This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.
BIGipServer*	session	Marketo sets this cookie to collect information about the user's online activity and build a profile about their interests to provide advertisements relevant to the user.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Performance

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_visitor	1 year 1 month 4 days	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_sp_id.*	1 year 1 month 4 days	Snowplow sets this cookie to store user information that is created when a user first visits a site and is updated on subsequent visits.
_sp_ses.*	30 minutes	Snowplow sets this cookie to store user information that is created when a user first visits a site and is updated on subsequent visits.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
mf_user	3 months	Mouseflow sets this cookie to identify whether a visitor is new or returning.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_an_uid	7 days	No description available.
6suuid	1 year 1 month 4 days	No description available.
mf_98ebb315-7080-447b-a20f-9f1c64bcae56	session	Description is currently not available.
receive-cookie-deprecation	1 year 1 month 4 days	Description is currently not available.

Search Gladly Connect

Gladly Hero

Documentation highlights

AI and Data Security #

System safeguards and control mechanisms #

Compliance and Certification #

Voice Transcription Security #

Privacy and Compliance with Data Protection Regulations #

Conclusion #

Share This Article:

Was this article helpful?

AI Security and Compliance

Recently Added

AI Security and Compliance

November Releases

Shopify Overview

October Releases

Most Popular

Glossary and Key Concepts

Q. Why do I keep getting errors when sending an email?

Add Email Address

Q. What does ‘We detected the contents of this message may violate carrier acceptable use policies’ when sending a text mean?

Contact Support