Glaut commitment to data security and compliance ensures that your valuable insights remain confidential and protected. Here we have written our principles in terms of data privacy and compliance:

1. We build secure AI-native software

Glaut incorporates security directly into its platform:

• End-to-end encryption: data is secured with transport Layer Security (TLS) version 1.2 or higher, encrypted both in transit and at rest. We rely on trusted cloud providers like MongoDB Atlas, Heroku, and AWS for advanced data protection.
• Role-based access control (RBAC): easily manage user permissions and data access at the Organization, Workspace, and Project levels, ensuring only authorized personnel access sensitive data.
• Advanced authentication: multi-factor authentication (MFA) and strong password policies protect critical systems. Credentials are securely managed through GitHub Secrets and Heroku Config Vars, supported by regular security audits.

2. We put privacy at the core

Our minimal data collection strategy significantly enhances data privacy:

• Zero personal data storage: Glaut does not collect or retain personally identifiable information (PII), such as names, email addresses, or IP addresses, ensuring robust compliance with GDPR and other privacy regulations.
• Anonymized respondent IDs: utilize anonymized IDs in your URLs to perform segmentation and longitudinal analyses without compromising respondent anonymity.

3. We always follow the highest standards

Glaut is built for global compliance:

• Fully compliant with GDPR (EU) and CCPA (USA).
• EU-based Data Storage: Data resides exclusively on EU-based servers, with options available for US infrastructure if required.
• Transparent Data Processing Agreements (DPA): Clearly defined roles ensure compliance; you act as the Data Controller, and Glaut manages data securely as your Data Processor.

4. We communicate transparently

Transparent communication builds trust. Glaut supports GDPR-compliant respondent communications by:

• Offering customizable privacy notices.
• Helping you clearly communicate data usage and privacy practices to respondents.

5. We respect the “right to erasure” in research (GDPR)

At the end of your research project, request permanent data deletion aligned with GDPR's "right to erasure." Data deletion at Glaut is irreversible, ensuring complete confidentiality.

6. We strive for the best certification: ISO 27001

Glaut is finalizing its ISO/IEC 27001 certification, the internationally recognized standard for information security management, anticipated by May 2025. Our current practices already reflect key ISO standards, reinforcing our dedication to data security.

Secure your research with Glaut

Privacy isn’t a feature. It’s the foundation. Glaut integrates stringent security, privacy, and compliance measures into every aspect of our platform.

We’re making qual-quant research secure by default.