Glofox Security: Fitness Management Software You Can Trust

The security of your data is critically important to us, which is why we are constantly reviewing and improving our processes to ensure your data remains safe.

Here, you will learn about the technologies and processes that we use to secure your data and answers some of your frequently asked questions.

  • iso
  • gdpr
  • stripe

Features

  • Data Security

    • Data security is a top priority for us here at Glofox. We have significantly invested in our security infrastructure to date and we will continue to invest in our infrastructure to ensure your data remains safe.

      Glofox’s Information Security Management System (ISMS) has also been certified to the Global ISO 27001:2013 standard.

  • Privacy Policy

  • Cloud Security

    • Infrastructure security

      The Glofox platform is hosted in European AWS data centers: ISO 27001, PCI DSS Service Provider Level 1, and SOC 2 compliant. AWS data centers are secured physically at the perimeter layer, including several security features depending on the location. These features include security guards, fencing, security feeds, intrusion detection technology, and other security measures.

    • Security and incident response team

      The Glofox SRE Team is able to respond to outages and security incidents around the clock, through a 24/7 on-call rotation.

    • Architecture and Network security

      The Glofox architecture makes use of AWS private networks and services to protect private and sensitive data. Access to these networks and services is restricted to specific users and applications, on a least-privilege principle basis. All users require Multi-Factor Authentication to gain access to private resources. Additionally, any datastore categorised as holding PII is configured with additional monitoring and auditing capabilities.

    • Third-party security testing

      The Glofox platform is assessed by a third-party security team for security vulnerabilities on a monthly basis. Additionally, this team also performs deep-dive Penetration Testing against the Glofox platform twice a year.

    • Suspicious activity monitoring

      The Glofox infrastructure is configured to monitor suspicious activity and anomalous behaviour. These events are escalated for immediate action to the on-call incident response team.

    • Denial-of-Service protection

      Glofox relies on several layers of DDoS protection to prevent malicious actors from compromising service availability. This includes the use of Cloudflare, AWS CloudFront, AWS WAF v2, as well as automated scaling of the Glofox backend services to handle increases in load.

    • Encryption

      Communication with Glofox systems is encrypted via HTTP/TLS to secure traffic in transit. All data is also encrypted at rest in AWS.

  • Availability

    • Status and uptime

      The Glofox status page is available to track the platform status and other maintenance and security related information.

    • Reliability

      The Glofox infrastructure is spanning across multiple AWS availability zones to ensure application redundancy and database replication without a single point of failure. The Glofox platform is consistently available with a higher than 99.9% uptime.

    • Monitoring

      The Glofox platform is constantly monitored for uptime, errors and performance. Relevant thresholds are in place to alert the on-call teams to respond to possible outage or incidents.

    • Backups

      Glofox databases are backed up on a daily, weekly and monthly basis, with a 6-months retention policy. These backups offer point-in-time recovery which can be used in Disaster Recovery situations.

  • HR Security

    • Policies

      Glofox has developed a comprehensive set of security policies that have been shared with and made available to all employees and contractors with access to Glofox.

    • Security Awareness Test

      All Glofox employees complete a Security Awareness Test to ensure their security knowledge is up to scratch and that they are aware of security best practices.

    • Confidentiality Agreements

      All new hires are required to sign confidentiality agreements.

Frequently Asked Questions

still-have-question

Still have questions?

Let us help you out.

Contact Us