Trust, Security & Privacy

This page is maintained by the Glideback team to answer common security and privacy questions about Glideback. It describes our current practices and the controls enabled in the product today. It is editable content, not an independent audit or certification.

Access & authentication

Email/password and Google sign-in via our managed authentication provider.
Role-based access: admin operations are gated server-side, not in the browser.
Sensitive returner data is scoped to the returner and the people they explicitly include.

Data protection

Data is stored in a managed Postgres database with encryption at rest and in transit.
Row-level security policies enforce that records can only be read or modified by authorized users.
Secrets and API keys live in a server-side secret store, never in client code.

Subprocessors & integrations

Glideback connects to tools your company already uses (for example Slack, Google Workspace, Jira, Salesforce) only when an admin explicitly enables them. We request the narrowest scopes needed to assemble a returner's Landscape and digest.

Retention & deletion

Returner content is retained while the account is active. Customers can request export or deletion of their data by contacting us; we respond within a reasonable timeframe.

Contact

Security questions, vulnerability reports, or privacy requests: security@glidebackhub.com.

Glideback is in pilot. Specific compliance certifications (e.g. SOC 2, ISO 27001, HIPAA, GDPR DPA wording) are roadmap items — contact us for the latest status before signing.