Security at Glosaro

Your security is our priority. Here's how we protect your data.

Our Security Principles

Defense in Depth

Multiple layers of security protect your data at every level - from network to application to database.

Privacy by Design

Security and privacy are built into every feature from the ground up, not added as an afterthought.

Continuous Monitoring

24/7 security monitoring and automated threat detection keep our systems protected around the clock.



Technical Security Measures

Encryption

  • 256-bit SSL/TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive API communications
  • Perfect Forward Secrecy to protect past sessions

Authentication & Access Control

  • Bcrypt password hashing with salt (cost factor 12)
  • Multi-factor authentication (MFA) available for all accounts
  • API key rotation and automatic expiration
  • Role-based access control (RBAC) for team accounts
  • Session management with automatic timeout

Infrastructure Security

  • Cloud infrastructure hosted on AWS with ISO 27001 certification
  • DDoS protection with Cloudflare
  • Web Application Firewall (WAF) to filter malicious traffic
  • Regular security patches and system updates
  • Isolated database environments with restricted access

Monitoring & Detection

  • Real-time intrusion detection with automated alerts
  • Comprehensive logging of all system access and API calls
  • Anomaly detection for suspicious activity
  • Security Information and Event Management (SIEM)


Data Protection

Automatic Code Expiration

Temporary location codes automatically expire and are permanently deleted after 30 minutes. We don't keep historical location data unless you explicitly save it (Pro feature).

Regular Backups

Encrypted daily backups stored in geographically distributed locations. All backups are encrypted with separate keys and tested regularly for integrity.

Data Minimization

We only collect the minimum data necessary to provide the service. No unnecessary tracking, no behavioral profiling, no selling your data.

Right to Delete

Delete your account and all associated data anytime. We permanently erase your data within 30 days of deletion request (except where required by law).



Compliance & Certifications

GDPR

Full compliance with EU General Data Protection Regulation

CCPA

California Consumer Privacy Act compliance

SOC 2 Type II

Independently audited security controls

ISO 27001

International information security standard



Responsible Disclosure

We take security seriously and appreciate the security research community's efforts to improve our security posture.

If you discover a security vulnerability:

  • Email us at security@glosaro.com
  • Include detailed steps to reproduce the issue
  • Give us reasonable time to fix the issue before public disclosure
  • Don't access or modify other users' data

We commit to responding within 48 hours and will keep you updated on our progress. Researchers who follow responsible disclosure will be thanked publicly (if desired).



Questions About Security?

We're happy to answer any security questions or provide additional documentation for enterprise customers.