Security

We take reasonable measures to protect customer data and platform integrity. Payment card processing is handled by a PCI-DSS compliant payment processor; we do not store full card numbers on our systems.

Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256). Keys managed in a secure vault.

Access control

Role-based access (Owner, Admin, Member, Viewer). Scoped API tokens and webhook signing secrets.

Audit logs

Audit logs for team actions and API usage. Retention configurable (e.g. 90 days).

Compliance direction

We follow security best practices and are working toward SOC 2 and GDPR alignment. DPA available on request.

Responsible Disclosure

If you believe you've found a security vulnerability, email hi@glazertech.software with details and steps to reproduce. Please do not publicly disclose until we have had a reasonable opportunity to investigate and remediate.