For the champion - the church
Trust center
Trust center
For Individuals & Champions
General
Security Statement
This Gloo Security Statement of technical and organizational data security (this “Statement”) provides an overview of the commercially reasonable technical and organizational data security measures that Gloo, LLC (“Gloo”) has taken to protect data in its custody or control (“Gloo Data”). By itself, this Statement shall not create any rights or entitlements for anyone. If Gloo and its customers incorporate this Statement by reference into a contract, then the parties’ rights and obligations shall be determined based on that contract.
Gloo's security and compliance programs and policies are implemented in accordance with the AICPA 2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy, with additional guidance from the TrustArc-Nymity Integrated Privacy Frameworks and the NIST Cybersecurity Framework. As such, the following have been implemented:
Organizational measures
Gloo implements the following measures to ensure that its employees and contractors (collectively, "Personnel") and vendors align with Gloo's security standards:
Gloo implements an acceptable use policy and contractual measures to ensure that its Personnel process Gloo Data in accordance with data security requirements imposed by applicable law and contract;
Gloo conducts background checks of Personnel as permitted by applicable law;
Gloo regularly trains Personnel regarding privacy and security topics to ensure that they understand and adhere to Gloo’s information security policies and protocols;
Gloo conducts due diligence of vendors that process Gloo Data to ensure that they implement appropriate security standards, including to ensure that they are able to implement measures no less protective than those set forth in this Statement; and
Gloo implements policies providing for disciplinary action with respect to Personnel who do not comply with its information security policies.
Data processing areas
Gloo implements the following physical security measures to prevent unauthorized persons from gaining physical access to areas containing Gloo’s data processing equipment:
Gloo's data centers are hosted by a third-party cloud services provider with externally audited physical access controls;
Access to Gloo Personnel workspaces is protected by at least: locks, floor-to-ceilling barriers, a 24/7 security alarm system; and
Access to Gloo Personnel workspaces is subject to appropriate restrictions and the principle of least privilege (i.e., on a need-to know basis).
Data processing systems
Gloo implements the following measures to prevent its data processing systems from being used/accessed by unauthorized persons:
Gloo maintains an inventory of its assets which may hold or process Gloo Data;
Gloo issues Personnel their own unique login credentials which they are required not to share with others;
Gloo assigns Personnel access rights dependent on their job requirements and in accordance with the principle of least privilege;
Gloo regularly reviews Personnel access rights;
Password requirements adhere to industry standard constraints in length, complexity, and history;
Gloo disables Personnel access privileges to Gloo’s data processing systems as soon as possible after their access privileges are no longer required such as post-termination;
Gloo administers and enforces policies governing Personnel rights and obligations with respect to Gloo Data;
Gloo implements two-factor authentication as available and appropriate;
Gloo’s data processing systems automatically terminate Personnel sessions after a certain period of inactivity and automatically lock out a Personnel account after a certain number of erroneous passwords being entered on login;
Gloo implements automated monitoring systems to detect unusual or unauthorized activities and conditions; and
Gloo maintains logs of access and changes to Gloo Data via Gloo’s data processing systems.
Data management
Gloo uses the following information security technologies to prevent the unauthorized access, use, disclosure, modification and deletion of Gloo Data:
Gloo encrypts all Gloo Data at rest and when in transit over public networks;
Gloo-managed computers are protected with updated antivirus as well as whole disk or partition encryption;
Gloo maintains the integrity of Gloo Data via a vulnerability management program for all programs used; and
Gloo uses vendor recommended Cloud Security Posture Management ("CSPM") services to proactively monitor, alert, and remediate incorrect configurations across our platform.
Availability
Gloo implements the following measures to protect Gloo Data from accidental destruction or loss:
Gloo implements infrastructure redundancy to ensure that data is backed up at an industry-standard frequency and data access can be restored as soon as practicable where necessary;
Gloo ensures that only Personnel authorized by Gloo may authorize the recovery of backups or the movement of data outside of its main data processing systems, and security measures have been adopted to avoid loss or unauthorized access to data, when moved; and
Gloo implements and administers appropriate disaster recovery and business continuity plans.
Ongoing measures
Gloo implements additional measures to protect Gloo Data, including (but not limited to):
Gloo undergoes external penetration testing upon significant product changes through trusted security partners, to ensure the systems remain secure and contained;
Gloo undergoes regular internal audits with respect to its security policies and procedures;
Gloo maintains a risk assessment program that includes identification, tracking, and remediation of all identified risk and vulnerabilities to Gloo’s infrastructure and Gloo Data;
Gloo administers policies to ensure that Gloo Data is securely deleted, destroyed or erased once it is no longer required, regardless of the media on which it is stored; and
Gloo administers policies to identify and respond to incidents involving Gloo Data, mitigate the effects of any such incidents, document their outcomes, and notify appropriate stakeholders.
Last Revised: April 11, 2023
For Individuals & Champions
General
Security Statement
This Gloo Security Statement of technical and organizational data security (this “Statement”) provides an overview of the commercially reasonable technical and organizational data security measures that Gloo, LLC (“Gloo”) has taken to protect data in its custody or control (“Gloo Data”). By itself, this Statement shall not create any rights or entitlements for anyone. If Gloo and its customers incorporate this Statement by reference into a contract, then the parties’ rights and obligations shall be determined based on that contract.
Gloo's security and compliance programs and policies are implemented in accordance with the AICPA 2017 Trust Services Criteria for Security, Availability, Confidentiality, and Privacy, with additional guidance from the TrustArc-Nymity Integrated Privacy Frameworks and the NIST Cybersecurity Framework. As such, the following have been implemented:
Organizational measures
Gloo implements the following measures to ensure that its employees and contractors (collectively, "Personnel") and vendors align with Gloo's security standards:
Gloo implements an acceptable use policy and contractual measures to ensure that its Personnel process Gloo Data in accordance with data security requirements imposed by applicable law and contract;
Gloo conducts background checks of Personnel as permitted by applicable law;
Gloo regularly trains Personnel regarding privacy and security topics to ensure that they understand and adhere to Gloo’s information security policies and protocols;
Gloo conducts due diligence of vendors that process Gloo Data to ensure that they implement appropriate security standards, including to ensure that they are able to implement measures no less protective than those set forth in this Statement; and
Gloo implements policies providing for disciplinary action with respect to Personnel who do not comply with its information security policies.
Data processing areas
Gloo implements the following physical security measures to prevent unauthorized persons from gaining physical access to areas containing Gloo’s data processing equipment:
Gloo's data centers are hosted by a third-party cloud services provider with externally audited physical access controls;
Access to Gloo Personnel workspaces is protected by at least: locks, floor-to-ceilling barriers, a 24/7 security alarm system; and
Access to Gloo Personnel workspaces is subject to appropriate restrictions and the principle of least privilege (i.e., on a need-to know basis).
Data processing systems
Gloo implements the following measures to prevent its data processing systems from being used/accessed by unauthorized persons:
Gloo maintains an inventory of its assets which may hold or process Gloo Data;
Gloo issues Personnel their own unique login credentials which they are required not to share with others;
Gloo assigns Personnel access rights dependent on their job requirements and in accordance with the principle of least privilege;
Gloo regularly reviews Personnel access rights;
Password requirements adhere to industry standard constraints in length, complexity, and history;
Gloo disables Personnel access privileges to Gloo’s data processing systems as soon as possible after their access privileges are no longer required such as post-termination;
Gloo administers and enforces policies governing Personnel rights and obligations with respect to Gloo Data;
Gloo implements two-factor authentication as available and appropriate;
Gloo’s data processing systems automatically terminate Personnel sessions after a certain period of inactivity and automatically lock out a Personnel account after a certain number of erroneous passwords being entered on login;
Gloo implements automated monitoring systems to detect unusual or unauthorized activities and conditions; and
Gloo maintains logs of access and changes to Gloo Data via Gloo’s data processing systems.
Data management
Gloo uses the following information security technologies to prevent the unauthorized access, use, disclosure, modification and deletion of Gloo Data:
Gloo encrypts all Gloo Data at rest and when in transit over public networks;
Gloo-managed computers are protected with updated antivirus as well as whole disk or partition encryption;
Gloo maintains the integrity of Gloo Data via a vulnerability management program for all programs used; and
Gloo uses vendor recommended Cloud Security Posture Management ("CSPM") services to proactively monitor, alert, and remediate incorrect configurations across our platform.
Availability
Gloo implements the following measures to protect Gloo Data from accidental destruction or loss:
Gloo implements infrastructure redundancy to ensure that data is backed up at an industry-standard frequency and data access can be restored as soon as practicable where necessary;
Gloo ensures that only Personnel authorized by Gloo may authorize the recovery of backups or the movement of data outside of its main data processing systems, and security measures have been adopted to avoid loss or unauthorized access to data, when moved; and
Gloo implements and administers appropriate disaster recovery and business continuity plans.
Ongoing measures
Gloo implements additional measures to protect Gloo Data, including (but not limited to):
Gloo undergoes external penetration testing upon significant product changes through trusted security partners, to ensure the systems remain secure and contained;
Gloo undergoes regular internal audits with respect to its security policies and procedures;
Gloo maintains a risk assessment program that includes identification, tracking, and remediation of all identified risk and vulnerabilities to Gloo’s infrastructure and Gloo Data;
Gloo administers policies to ensure that Gloo Data is securely deleted, destroyed or erased once it is no longer required, regardless of the media on which it is stored; and
Gloo administers policies to identify and respond to incidents involving Gloo Data, mitigate the effects of any such incidents, document their outcomes, and notify appropriate stakeholders.
Last Revised: April 11, 2023
Data Privacy FAQ
Data Privacy FAQ
Gloo was founded to bring the best possible data and technology to churches, charities, and community service organizations that help people grow. Gloo is committed to maintaining the privacy and security of your data. Below are a few frequently asked questions and our responses about our privacy practices. Further information regarding our privacy practices is set out in our Privacy Statement.
What Services does Gloo provide?
We offer a variety of products, services, mobile applications, and software offerings (collectively, the “Services”) that help organizations know and understand their members, prospective members, and communities; connect organizations and individuals to one another; and measure their impact as they help people on their journey towards growth. As part of providing the Services, we collect and receive information in a variety of ways, including information on our websites and applications, from our organizational customers and/or prospective customers, from individuals that use the Services as well as other third parties described below.To whom does Gloo offer its Services?
Gloo offers Services to organizations that support personal growth, including churches, charities, addiction recovery institutions, and community service organizations (we may refer to these organizations as Champions). We are open to all organizations whose principles align with our Services Acceptable Use Policy. We do not unlawfully discriminate against any religions, churches, or other organizations.
We also offer Services to individuals who are interested in connecting with the organizations we work with.How does Gloo collect and use personal information?
As we explain in our Privacy Statement, we use personal information about individuals to provide our Services. We may collect the following data:When individuals visit our website or sign up for our Services, we receive data from these individuals themselves. We do not disclose this data in identifiable form with others, except at the request or direction of the individual, such as when individuals ask us to connect them with churches or other organizations who can help them or in the limited circumstances described in our Privacy Statement (e.g., to service providers).
When a church or other organization engages us as a service provider, we process personal information the organization provides to us on the organization’s behalf, such as to create surveys and social media outreach campaigns for those organizations at the explicit instruction of the organization.
We also license personal information from data providers. We use this data to provide insights and related Services to our customers. Gloo does not seek to receive names and contact information of data subjects provided by data providers. However, if a data provider were to include names or contact information, we remove this identifying information. In any event, we do not share such information in identifiable form with customers or other organizations.
What information does Gloo receive from and about Gloo Customers?
We receive information from data partners about our customers, including contact information about individuals who work for those organizations (e.g., pastors). We use this information for market research, product development, and marketing in accordance with applicable laws as further described in our Privacy Statement.Is Gloo a data broker?
No. Gloo does not “sell” a consumer’s personal information to third parties as defined by applicable law and/or engage in activities that meet the definition of “data” broker.How does Gloo safeguard Gloo Services?
As set out in our Services Acceptable Use Policy, we contractually prohibit recipients of our Services from using our Services (a) for any illegal purposes, (b) to promote hate speech or incite violence, (c) to create a risk to a person’s health or safety, (d) for the advancement of political parties or election campaigns, (e) for anything malicious, fraudulent, harassing or threatening, or (f) for any covert, misleading or unfair communications, including, without limitation, any advertisements or social media campaigns that fail to identify the organization that controls or pays for the communication.What does Gloo do to maintain the privacy of personal information?
We may handle sensitive information, including information on faith, religion, family, health, and finances. Gloo has taken measures to mitigate privacy risks with data security and data privacy protection mechanisms including the following:We limit data access within our company to those individuals who have a need to access data.
We implement the measures described in our Security Statement.
We limit the personal information that we share, as described under this Section.
We restrict what our customers may do with the Services and personal information, as set forth in our terms of service, Privacy Statement, and acceptable use policy (see our answers to Questions 3 and 6).
If you have any further questions, please contact us at: privacy@gloo.us.
Last Revised: March 16, 2023
Data Privacy FAQ
Data Privacy FAQ
Gloo was founded to bring the best possible data and technology to churches, charities, and community service organizations that help people grow. Gloo is committed to maintaining the privacy and security of your data. Below are a few frequently asked questions and our responses about our privacy practices. Further information regarding our privacy practices is set out in our Privacy Statement.
What Services does Gloo provide?
We offer a variety of products, services, mobile applications, and software offerings (collectively, the “Services”) that help organizations know and understand their members, prospective members, and communities; connect organizations and individuals to one another; and measure their impact as they help people on their journey towards growth. As part of providing the Services, we collect and receive information in a variety of ways, including information on our websites and applications, from our organizational customers and/or prospective customers, from individuals that use the Services as well as other third parties described below.To whom does Gloo offer its Services?
Gloo offers Services to organizations that support personal growth, including churches, charities, addiction recovery institutions, and community service organizations (we may refer to these organizations as Champions). We are open to all organizations whose principles align with our Services Acceptable Use Policy. We do not unlawfully discriminate against any religions, churches, or other organizations.
We also offer Services to individuals who are interested in connecting with the organizations we work with.How does Gloo collect and use personal information?
As we explain in our Privacy Statement, we use personal information about individuals to provide our Services. We may collect the following data:When individuals visit our website or sign up for our Services, we receive data from these individuals themselves. We do not disclose this data in identifiable form with others, except at the request or direction of the individual, such as when individuals ask us to connect them with churches or other organizations who can help them or in the limited circumstances described in our Privacy Statement (e.g., to service providers).
When a church or other organization engages us as a service provider, we process personal information the organization provides to us on the organization’s behalf, such as to create surveys and social media outreach campaigns for those organizations at the explicit instruction of the organization.
We also license personal information from data providers. We use this data to provide insights and related Services to our customers. Gloo does not seek to receive names and contact information of data subjects provided by data providers. However, if a data provider were to include names or contact information, we remove this identifying information. In any event, we do not share such information in identifiable form with customers or other organizations.
What information does Gloo receive from and about Gloo Customers?
We receive information from data partners about our customers, including contact information about individuals who work for those organizations (e.g., pastors). We use this information for market research, product development, and marketing in accordance with applicable laws as further described in our Privacy Statement.Is Gloo a data broker?
No. Gloo does not “sell” a consumer’s personal information to third parties as defined by applicable law and/or engage in activities that meet the definition of “data” broker.How does Gloo safeguard Gloo Services?
As set out in our Services Acceptable Use Policy, we contractually prohibit recipients of our Services from using our Services (a) for any illegal purposes, (b) to promote hate speech or incite violence, (c) to create a risk to a person’s health or safety, (d) for the advancement of political parties or election campaigns, (e) for anything malicious, fraudulent, harassing or threatening, or (f) for any covert, misleading or unfair communications, including, without limitation, any advertisements or social media campaigns that fail to identify the organization that controls or pays for the communication.What does Gloo do to maintain the privacy of personal information?
We may handle sensitive information, including information on faith, religion, family, health, and finances. Gloo has taken measures to mitigate privacy risks with data security and data privacy protection mechanisms including the following:We limit data access within our company to those individuals who have a need to access data.
We implement the measures described in our Security Statement.
We limit the personal information that we share, as described under this Section.
We restrict what our customers may do with the Services and personal information, as set forth in our terms of service, Privacy Statement, and acceptable use policy (see our answers to Questions 3 and 6).
If you have any further questions, please contact us at: privacy@gloo.us.
Last Revised: March 16, 2023