Glowdun.AIHow we protect your financial data
Glowdun.AI is built by a finance-first team for finance buyers. This page summarizes the specific controls we have in place, where we fall short today, and where we're going next. If you need something not covered here, email security@glowdun.ai.
Compliance
SOC 2 Type IROADMAP
Target: Q3 2026. Interim: security questionnaire + mutual NDA on request.
SOC 2 Type IIROADMAP
Target: Q2 2027, 6 months after Type I.
DPA (Data Processing Agreement)
Standard template, DocuSign or countersigned PDF. Email privacy@glowdun.ai.
Security questionnaire
CAIQ or custom. Typically returned within 5 business days.
GDPR — EU hosting optionROADMAP
US-only today. EU region considered for customers with contractual data-residency needs.
We don't claim certifications we don't hold. The roadmap above is what we can commit to in writing today.
Data handling
Credentials encrypted at rest
Provider API keys, IAM credentials, and service-account JSON are encrypted with AES-256-GCM. The key is held in a server-side environment variable, never checked into source, never exposed to the browser. Credentials decrypt only at sync time inside the server action that calls the provider.
User email encrypted at rest
Login email is stored encrypted (AES-256-GCM); lookups use a SHA-256 hash. Passwords are bcrypt-hashed at cost 10. We cannot read your password — password reset requires a one-time link, not a customer-service lookup.
Transport security
All web traffic is HTTPS-only with HSTS. API routes enforce a strict CORS policy scoped to our own origin. Webhook destinations are validated against an SSRF allowlist that blocks private IPs, loopback (including IPv6 [::1] and [fe80::…]), and link-local ranges.
Audit log
Every organization has an append-only audit log covering provider adds/updates/deletes, alert-threshold changes, and approval-queue actions. Exportable as CSV for SOC 2 evidence or internal review from Settings → Audit log.
No training on your data
Your cost data is yours. We never use it to train models — not our own, not third-party, not in aggregate. We don't read the contents of your prompts or completions (we only read cost and usage metadata from the provider's billing API).
Access controls
Each organization's data is scoped by organizationId at every query path. Cross-tenant reads are architecturally prevented, not just policy-enforced. Glowdun employees can access customer data only via a logged, two-person-approved support path — and only to resolve a customer-reported issue.
Sub-processors
The services we use to operate Glowdun.AI. Changes to this list trigger a 30-day email notice to organization admins.
| Sub-processor | Purpose | Region |
|---|---|---|
| Vercel | Application hosting & edge runtime | US |
| Managed Postgres (US) | Primary database | US |
| Resend | Transactional email (alerts, password reset, digests) | US |
| Sentry | Error monitoring — tokens and credentials scrubbed before upload | US |
| Upstash Redis | Rate limiting on the public API and webhook dispatch | US |
Your chosen AI providers (OpenAI, Anthropic, AWS, Azure, Google, OpenRouter) are your vendors, not our sub-processors — Glowdun just calls them on your behalf with credentials you supply.
Reporting a security issue
If you believe you've found a security vulnerability, email security@glowdun.ai with the details. We acknowledge within 24 hours on business days. Please don't disclose publicly until we've had a reasonable window to investigate and fix — typically 30–90 days depending on severity.
We don't run a paid bug bounty at this stage. We do thank researchers by name on this page when a finding leads to a fix.