Prepared for GDPR
The European Union has implemented the General Data Protection Regulations (GDPR), invoking tough new rules on how enterprises gather and use EU citizen information so consumers can have better control of their personal data. Glance has taken every effort to ensure that it complies with these stringent requirements, to ensure the protection of your data.
Personally Identifiable Information (PII)
Glance's systems are built so that, in most cases, PII never touches Glance servers and is never stored.
Contents of Glance Sessions (Screen Sharing, Cobrowsing, and Video) are never recorded or stored on Glance's servers. The session data itself is encrypted while in motion across networks.
We do not store user passwords. Instead, we store password hashes. Our hashing scheme uses industry best practices to make it very difficult to guess passwords from stored hashes. Still, Glance strongly encourages you to use industry-standard Single Sign-on (SSO) mechanisms, such as SAML 2.0, to eliminate the need for Glance to store passwords.
You can mask sensitive user information that may appear during a session, such as credit card number or taxpayer identification number. The contents of masked elements never touch the Glance service, ensuring complete privacy.
While some companies may ask for your name, telephone number, email address, or other sensitive personal information, Glance does not. In general, an IP address is the only information Glance needs to make the service operate. Glance automatically purges these IP addresses after three months using secure deletion methods. Names, telephone numbers, and email addresses gathered on behalf of Glance customers are automatically purged after six months.
Data Privacy Rule
Glance follows a simple data-privacy rule: the personal data of the users of the businesses they serve (Glance customers) belongs to them. Glance fully supports your rights to privacy, and is a strong advocate of an individual's ability to control their information.
Glance keeps up with evolving privacy regulations. Glance is a certified Privacy Shield organization under US Department of Commerce rules, and a Level 1 Validated PCI DSS (Payment Card Industry Data Security Standard) Compliant Service Provider.
At any time you can ask Glance about your information that is held in our system, or you can ask to have it erased. Simply send an email to firstname.lastname@example.org.
Glance values work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.
If you are a security researcher and would like to report a security vulnerability, please send an email to email@example.com. Please provide your name, contact information, and company name (if applicable) with each report. Priority will be granted to encrypted reports – please include your PGP public key with such reports.
Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
- Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
- Do not modify or access data that does not belong to you
- Give us a reasonable time to correct the issue before making any information public
- Glance will attempt to respond to your report within 48 hours.