Security & Compliance

Information Security

Glassity OÜ (registry code 16668651), Tallinn, Estonia.

ISO/IEC 27001 ISO/IEC 27017 SOC 1-3 PCI DSS GDPR
ISO 27001 Certificate
ISO 27001 Certified
Annual external audits by independent auditors. Full commitment to data protection and GDPR compliance.
AWS Qualified Software
AWS Qualified Software
Approved through the AWS Foundational Technical Review (FTR) process.
View AWS Partner listing
Trust Center
View our live security posture, policies, and compliance documentation.
Open Trust Center
Encryption & Data Protection

In transit: Industry-standard TLS encryption. End-to-end encryption for all services.

At rest: AWS encryption infrastructure with secret management services for data storage.

Data Handling

Retention: User data accessible for 30 days after service termination. Complete removal from servers thereafter.

Consent: GDPR-compliant consent model. Users maintain ownership and control over their data.

Infrastructure Security
  • No self-hosted physical infrastructure; runs on AWS cloud providers
  • Verified against ISO/IEC 27001, ISO/IEC 27017, SOC 1-3, PCI DSS
  • Multi-zone network architecture
  • IDS/IPS and DDoS mitigation services
Software Security
  • Secure Software Development Lifecycle (S-SDLC)
  • SAST/DAST vulnerability detection
  • Regular penetration testing on production environments
  • Framework assessments: ATT&CK, OWASP Top 10, SANS Top 25

Responsible Disclosure

Report vulnerabilities to support@glassity.cloud with proof of concept.