Security and Compliances

At Glyph AI, we see the real value in being able to capture, remember, and share spoken information effectively. We understand that your discussions may include very private and sensitive details. For this reason, it's our firm commitment to keep your data safe and private. We also think it is important that everyone involved in a conversation knows what is happening. So, we ask our users to follow all local laws, always get permission, and let others know when they are recording and transcribing their words.

Security

At Glyph AI, we are committed to protecting the confidentiality, integrity, and availability of your data at all times. Glyph AI uses enterprise-grade security practices to keep your data safe and secure. You can access our Terms of Service here, and our Privacy policy here.

GDPR Compliant: ‍Glyph AI is designed to adhere to the strict guidelines set forth by the General Data Protection Regulation (GDPR). This includes ensuring that proper consent is obtained from users before collecting and processing their personal data, providing clear and transparent information about how their data is used, and allowing users to easily access and manage their personal information. Our product also includes robust security measures to protect user data from unauthorised access and breaches. ‍Encryption: ‍All data is encrypted in transit and at rest using industry-leading best practices. At rest, data is encrypted with 256-bit AES. In transit, our modern TLS cipher configuration prevents downgrade attacks.

Data Center and Network Security: ‍Glyph AI hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon's compliance and security documents for more detailed information. 100 percent of Glyph AI's primary application servers are located within Glyph AI's own virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Data Security: ‍All connections to Glyph AI are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys. ‍CCPA: ‍Glyph AI is fully compliant with the California Consumer Privacy Act (CCPA), ensuring that our customers' personal data is securely handled and protected. We have implemented the necessary safeguards and protocols to ensure that all personal information is collected, used, and shared in accordance with the CCPA's requirements. Our customers can trust that their data is secure and that we are committed to upholding their privacy rights. Identity and access management (beta) You can ensure only the right people have access to your company's data in Glyph AI with SAML single sign-on (SSO). Manage user accounts automatically with SCIM provisioning. ‍Security and Development Practices:

  • Design of all new product functionality is reviewed for security impact, with Glyph AI conducting mandatory code reviews for all changes to the code. Glyph AI development and testing environments are separate from its production environment. All code development is done through a standard process.
  • Vulnerability Disclosure Process – Glyph AI considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would be eager to hear from you. ‍

SOC 2 - Type 2 (external audit pending) Glyph AI is in the audit window for SOC 2 Type 2 compliance, attesting to the controls and governance we have in place in adherence to the Trust Service Principles established by the American Institute of Certified Public Accountants.