Glofox Security: Fitness Management Software You Can Trust

The security of your data is critically important to us, which is why we are constantly reviewing and improving our processes to ensure your data remains safe.

Here, you will learn about the technologies and processes that we use to secure your data and answers some of your frequently asked questions.

  • iso-logo-blue-copy@3x
  • gdpr-logo-copy@3x
  • stripe-partner-logo-copy@3x


  • Data security is a top priority for us here at Glofox. We have significantly invested in our security infrastructure to date and we will continue to invest in our infrastructure to ensure your data remains safe.

    Glofox’s Information Security Management System (ISMS) has also been certified to the Global ISO 27001:2013 standard.

  • Infrastructure security

    The Glofox platform is hosted in European AWS data centers: ISO 27001, PCI DSS Service Provider Level 1, and SOC 2 compliant. AWS data centers are secured physically at the perimeter layer, including several security features depending on the location. These features include security guards, fencing, security feeds, intrusion detection technology, and other security measures.

  • Security and incident response team

    The Glofox SRE Team is able to respond to outages and security incidents around the clock, through a 24/7 on-call rotation.

  • Architecture and Network security

    The Glofox architecture makes use of AWS private networks and services to protect private and sensitive data. Access to these networks and services is restricted to specific users and applications, on a least-privilege principle basis. All users require Multi-Factor Authentication to gain access to private resources. Additionally, any datastore categorised as holding PII is configured with additional monitoring and auditing capabilities.

  • Third-party security testing

    The Glofox platform is assessed by a third-party security team for security vulnerabilities on a monthly basis. Additionally, this team also performs deep-dive Penetration Testing against the Glofox platform twice a year.

  • Suspicious activity monitoring

    The Glofox infrastructure is configured to monitor suspicious activity and anomalous behaviour. These events are escalated for immediate action to the on-call incident response team.

  • Denial-of-Service protection

    Glofox relies on several layers of DDoS protection to prevent malicious actors from compromising service availability. This includes the use of Cloudflare, AWS CloudFront, AWS WAF v2, as well as automated scaling of the Glofox backend services to handle increases in load.

  • Encryption

    Communication with Glofox systems is encrypted via HTTP/TLS to secure traffic in transit. All data is also encrypted at rest in AWS.

  • Status and uptime

    The Glofox status page is available to track the platform status and other maintenance and security related information.

  • Reliability

    The Glofox infrastructure is spanning across multiple AWS availability zones to ensure application redundancy and database replication without a single point of failure. The Glofox platform is consistently available with a higher than 99.9% uptime.

  • Monitoring

    The Glofox platform is constantly monitored for uptime, errors and performance. Relevant thresholds are in place to alert the on-call teams to respond to possible outage or incidents.

  • Backups

    Glofox databases are backed up on a daily, weekly and monthly basis, with a 6-months retention policy. These backups offer point-in-time recovery which can be used in Disaster Recovery situations.

  • Policies

    Glofox has developed a comprehensive set of security policies that have been shared with and made available to all employees and contractors with access to Glofox.

  • Security Awareness Test

    All Glofox employees complete a Security Awareness Test to ensure their security knowledge is up to scratch and that they are aware of security best practices.

  • Confidentiality Agreements

    All new hires are required to sign confidentiality agreements.


  • Is my client’s payment information stored on your system?

    No. Our Partner Stripe and GoCardless store payment information and they both are certified to the highest industry standards and have obtained regulatory licenses around the world.

  • By what measures does your organisation monitor the effectiveness of, and level of compliance with its information security policies?

    All employees undergo IT security training. Each employee will be required to take the training and pass an awareness test. This will be maintained on an annual basis.

  • Can you provide SOC or other 3rd party audit reports?

    We can provide 3rd party assessments and pen tests on our infrastructure.

  • Who will have access to our data?

    Restricted Glofox employees, with different access control policies based on the employee role for support purposes.

  • What provider do you use for your servers?

    Amazon Web Services.

Get in Touch


If you believe you have discovered a security-related issue please reach out to us at [email protected]


If you have any questions relating to security and privacy please reach out to us at [email protected]

Don’t just manage your gym, grow it by creating a member experience that retains members.

“Ensuring an effortless experience is a core focus for Uber Shape. Easy bookings, communication, and online store purchases help the business maximize its revenue potential.”
Coby van den Ende
Director and Founder of Uber Shape

Thousands of customers love us because their members love them

  • partner1
  • partner4
  • partner3
  • partner2
  • partner5
  • partner6
Talk to us about taking the next step in
setting your business up for the Digital age.