As part of our commitment to provide an industry-leading platform to our customers, Glympse is pleased that the Glympse En Route Platform for Enterprise Customers continues to comply with the AICPA Security Trust Principles and Criteria for Security (SOC 2 Type 2). Glympse has been SOC 2 Type 2 certified for years.
Glympse sees our SOC 2 Type 2 report as a commitment to our clients and their customers, but it’s not enough. Even as we continue to push the boundaries of private permission user location sharing, we will never sacrifice safety and data security. The future success of location-based experiences depends on our ability to responsibly utilize data while maintaining procedures that rigorously protect our customers.
Recently, we collaborated with an independent privacy researcher who specializes in GPS applications, Daniel Faram, who advised us on the importance of using stronger URL-based location sharing invite codes. Specifically, he advised us on enhancing our solution to avoid “brute-force guessing” – the use of trial-and-error to guess at things like hidden web pages – on our Glympse invitations sent to end customers. Even though the situation was never about sensitive PII data being easily accessible, we replaced Base32 invites with Base64 encoded invites, increasing invite codes from 32 to 64 bits of entropy. We have tested and are moving our consumer users and business customers over to a more secure 64-bit solution.
“At Glympse we take privacy and security very seriously. From our inception, we chose to delete all personally identifiable location information within 48 hours from our systems, we never sell data to 3rd parties and we have successfully been SOC 2 Type 2 audited by accredited external 3rd parties, which is way beyond most in our industry,” said Chris Ruff CEO of Glympse. “We will continue to look for ways to improve our platform by putting customers’ privacy and security at the forefront.”
As Glympse grows, we will continue to seek out visible methods to demonstrate our best-in-class data security and data management procedures, such as SOC 2 Type 2 certification. The need for better data security will never abate, but neither will our resolve to deliver a unique competitive edge for our clients while prioritizing data security and data privacy.