GLIDR
This app connects Slack with GLIDR and integrates push notifications so you can stay informed and up to date regarding your new cards, updates to cards, and comments in GLIDR to a Slack channel of your choosing.
Permissions
GLIDR will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Launchpad Central
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Types of Data Collected
GLIDR collects essential user information such as email addresses and first/last name. This data enables effective user interaction within our application and its Slack integration.
Purpose of Data Collection
We collect personal information solely for user identification, access logs, and to enhance customer support services. We ensure that personal data is not sold or rented out. Sharing of information is restricted to necessary activities such as customer support, analytics, and user-installed integrations.
Retention Period
We retain personal data only for the duration that a user maintains an account with GLIDR. All personal data is removed promptly when a user deletes their account.
Data Deletion
In adherence to GDPR’s “Right to be forgotten,” personal data is principally stored in a single location at rest, with all secondary data references made by ID only. This includes information in access logs. IP Addresses are stored in our logs without the last digits to conform to GDPR’s related policy of personally identifiable information. At a user’s request, we eliminate all personal identifying data from our database, logs, and the application to ensure its complete removal.
Security Measures
GLIDR is committed to the highest standards of data security. Our protective measures include encrypting data in transit and at rest. We enforce strict access controls and encryption protocols, supported by a detailed Vulnerability Policy that outlines our process for managing potential data breaches. Our Incident Response Policy provides clear procedures for responding to data breaches, consistent with GDPR guidelines. We use Threat stack to monitor in real-time for unauthorized or suspicious behavior on production instances. This includes monitoring and alerting properly authorized Dev Ops staff performing unusual tasks or accessing protected files. Threat stack also sends alerts based on security issues captured in Amazon AWS CloudTrail logs, which include access to protected Amazon AWS S3 objects.
This policy underscores our dedication to user privacy and data security across all operations, including our Slack integration and the main functionalities of the GLIDR application.
Data archiving and removal policy
In adherence to GDPR’s “Right to be forgotten,” personal data is principally stored in a single location at rest, with all secondary data references made by ID only. This includes information in access logs. IP Addresses are stored in our logs without the last digits to conform to GDPR’s related policy of personally identifiable information. At a user’s request, we eliminate all personal identifying data from our database, logs, and the application to ensure its complete removal.
Data storage policy
Storage Types and Usage
MongoDB: Utilized for storing operational data. All data within MongoDB is replicated across a three-node cluster for high availability and failover capabilities.
Amazon S3: Used for storing static files such as documents, images, and backups. S3 provides robust data durability through multiple redundant copies of data across geographically dispersed data centers.
Data Encryption
At Rest: Data stored on MongoDB and Amazon S3 is encrypted using AES-256 encryption standards. Amazon’s Key Management System (KMS) manages and rotates encryption keys.
In Transit: Data moving between GLIDR services and external systems is protected using TLS encryption protocols.
Data Accessibility and Retention
Defined roles and permissions to ensure that only authorized personnel have access to sensitive data based on their job requirements. Data is retained according to legal and regulatory requirements and is deleted after it is no longer necessary for the purpose for which it was collected.
Backup and Recovery
Regular backups are performed to ensure data can be recovered in the event of hardware failure, accidental deletion, or disaster. Data recovery procedures are tested regularly to ensure effectiveness.
Data center location(s)
United States
Data hosting details
See Data Storage policy
Data hosting company
AWS, MONGODB, LOGGLY
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no
Certifications & compliance
Data deletion request procedure
As mentioned in the Data Retention policy, when a user requests their data to be deleted or to act upon the "Right to be Forgotten" as required by GDPR. A customer success agent processes the request and accesses our customer success portal. We have built the Right to be Forgotten process directly into our system. Once a customer success agent finds a user and clicks on the "Right To Be Forgotten" button, all of their personally identifying information is permanently destroyed. This includes emails and names.
Our logs and associated data structures interface with users only be ID, and IP addresses omit the last 2 digits as required by GDPR
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-06-14
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
no
Contact for security issues
security@glidr.io
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
yes
Bug bounty program URL
Requires third party authorization/connections
no
Third party services used by this app
Loggly, Detectify, Cloudsploit, Google Analytics, Intercom
Uses token rotation
no