Approach to Security, Compliance, and Privacy

Protection of Glider AI client, partner, and candidate data is critical to our business operations and maintained across our suite products and services. In this article we share our approach on keeping candidate, partner, and client data safe and in compliance with various governmental and organization specific requirements. For questions or comments  about our practices, you can contact us at dataprivacy@glider.ai

Industry Certifications


Approach to Compliance


Glider AI is dedicated to the  proactive monitoring of data security and evolving research methods, ensuring data compliance, protection, and privacy regulations are maintained. 

GDPR & CCPA

The Glider AI platform provides all customers with the ability to comply with appropriate GDPR and CCPA requirements. Glider AI supports its customers’ own compliance programs on an ongoing basis through product features, integration, and configuration options, as required by customers.

• Glider AI’s Privacy Policy provides additional detail. 
• A review of Glider AI’s GDPR compliant strategy is part of the sales process.

Data inventory

Glider AI has reviewed and identified all areas where customer data is collected and processed, validated and guided by Glider AI’s legal team. Glider AI ensures that the appropriate security and privacy safeguards are implemented and maintained across Glider AI’s infrastructure and software ecosystem. Glider AI’s Privacy Policy provides more detail about Glider AI’s data collection methods and data usage. 

SOC 2

As part of our commitment to protecting client data, Glider AI undergoes annual SOC 2 audits. This audit uses the Trust Services Principles, published by the AICPA, to evaluate the effectiveness of a service organization’s controls.

OFCCP

Glider AI supports record keeping standards established by the Office of Federal Contract Compliance Programs (OFCCP) as required by customers who are subject to OFCCP.

Data subjects/consumer rights

Both the GDPR and the CCPA give data subjects/consumers the right to request access to, correction of, or deletion of their personal data in certain circumstances. When using Glider AI, you can comply with deletion requests by deleting the candidates’ data from your Glider AI account, as well as designating the supplementary data Glider AI provides as excluded from future use by your team. For individuals who want to access their personal data, you can export all of the relevant data from your Glider AI account in a computer-readable CSV format. Glider AI can also help you with this process if required.

Campaigns and Personally Identifiable Information

By default, customers will not provide or receive any personally identifiable information (PII) via the Glider AI platform. Glider AI does not collect or share sensitive information such as browser history, health, or financial information, or any other information about a person in a family or household capacity.

If customers choose to use the campaign feature on Glider AI, Glider AI may provide individuals’ email contact information via the platform, surfaced through Glider AI partnerships with third-party integrations, which can be used in outreach to potential candidates.

As part of this feature, Glider AI has the proper privacy controls in place — any individual can opt out of interactions with any company through the Glider AI platform and enforce their privacy settings. For example, if an individual has been contacted by one of Glider AI’s customers utilizing the Glider AI platform as part of an outreach campaign, the individual has the option to opt-out via an unsubscribe link in the outreach (ie. email). This unsubscribe is enforced for the whole company domain attempting to send correspondence to an individual.

Responsible AI

Artificial intelligence (AI) has been core to Glider AI since its founding in 2020. Glider AI is committed to the responsible and ethical use of AI to assist talent decision makers.

Maintaining Security


Glider AI seeks to protect data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of data and how Glider AI processes that data.

Organizational security

All Glider AI employees receive security, privacy, and compliance training during the onboarding process in their first employment week. In addition, Glider AI provides laptops to all employees which are fully encrypted, while the admin configurations are installed on laptops and workstations with firewalls.

Data security

Data encryption

Glider AI encrypts all data at rest and in transit using the AES256 standard. The encryption keys are rotated periodically. Glider AI classifies data as follows:

Confidential

Highly sensitive data requiring the highest levels of protection; access is restricted to specific employees, roles, and/or departments, and these records can only be passed to others with approval from the data owner, or a company executive. Confidential data is subject to the following protection and handling requirements:

• Access is restricted to specific employees, roles, and/or departments.
• Confidential systems shall not allow unauthenticated or anonymous access. 
• Confidential Customer Data shall not be used or stored in non-production systems/environments.

Restricted

Glider AI proprietary information requiring thorough protection; access is restricted to employees on a need-to-know basis. This data can only be distributed outside the company with approval. This is the default for all company information unless stated otherwise. Restricted data is subject to the following protection and handling requirements:

• Access is restricted to users on a need-to-know basis.
• Restricted systems shall not allow unauthenticated or anonymous access.
• Transfer of restricted data to people or entities outside the company require approval
• Restricted data transfer executed per legal contract or with permission of the data owner

Application security

Software development lifecycle

‍Glider AI has adopted secure coding practices and code reviews. In addition, Glider AI performs regular application testing. All developers are required to go through proper training  and code review processes that ensure that all code is assessed and validated.

Penetration testing

Glider AI regularly performs application vulnerability testing to assess application security. A copy of Glider AI’s latest Penn Test can be obtained upon request.

Authentication

‍Glider AI supports login from single-sign-on initiated through third-party identity providers’ compliant solutions. Glider AI uses security roles and configurations for Glider AI customers to easily manage user access and meet their organization’s security requirements.

Infrastructure security

Glider AI uses the major cloud platform providers to host its infrastructure, environments, and applications. Glider AI’s dedicated team deploys and maintains all applications within secure networks designed using industry best practices. In addition, Glider AI performs the following operations:

• Monitor infrastructure and applications to identify and address threats and vulnerabilities.
• Train engineers on secure coding practices
• Securely deploy application and infrastructure changes.
• Perform regular assessments of Glider AI security controls.

Operational security

Glider AI uses major cloud platform providers to host its infrastructure, environments, and applications, and ensure they have secure facilities and processes to host the management and processing of customer data. We periodically review the compliance requirements of these cloud providers to ensure their security controls are audited and meet industry standards and regulatory requirements.

Ensuring Privacy


Glider AI is a Skills Platform, information about an individual will only be accessible when that person’s attributes are a match for a specific role.

Privacy policy

Individuals contacted via the Glider AI platform always retain the ability to change or delete their information as well as unsubscribe from campaigns. 

Only consenting candidates are added to Glider AI’s customers’ Applicant Tracking Systems. Customers can add an unsubscribe link to any email/campaign sent out using the Glider AI platform. 

Glider AI’s full privacy policy is available here.

Opt out

If at any point an individual wishes to have their information removed from Glider AI’s database or updated, they may do so by emailing: dataprivacy@glider.ai.. To correctly process any opt out request, Glider AI requires individuals to provide their email address and any public profile URLs. This data will be removed from Glider AI’s system once the opt out has been processed. 

Related posts