Glofox Security: Fitness Management Software You Can Trust
The security of your data is critically important to us, which is why we are constantly reviewing and improving our processes to ensure your data remains safe.
Here, you will learn about the technologies and processes that we use to secure your data and answers some of your frequently asked questions.
Features
Data Security
Data security is a top priority for us here at Glofox. We have significantly invested in our security infrastructure to date and we will continue to invest in our infrastructure to ensure your data remains safe.
Glofox’s Information Security Management System (ISMS) has also been certified to the Global ISO 27001:2013 standard.
Privacy Policy
You can view our Privacy Policy here.
Cloud Security
Infrastructure security
The Glofox platform is hosted in European AWS data centers: ISO 27001, PCI DSS Service Provider Level 1 compliant. AWS data centers are secured physically at the perimeter layer, including several security features depending on the location. These features include security guards, fencing, security feeds, intrusion detection technology, and other security measures.
Security and incident response team
The Glofox SRE Team is able to respond to outages and security incidents around the clock, through a 24/7 on-call rotation.
Architecture and Network security
The Glofox architecture makes use of AWS private networks and services to protect private and sensitive data. Access to these networks and services is restricted to specific users and applications, on a least-privilege principle basis. All users require Multi-Factor Authentication to gain access to private resources. Additionally, any datastore categorised as holding PII is configured with additional monitoring and auditing capabilities.
Third-party security testing
The Glofox platform is assessed by a third-party security team for security vulnerabilities on a monthly basis. Additionally, this team also performs deep-dive Penetration Testing against the Glofox platform twice a year.
Suspicious activity monitoring
The Glofox infrastructure is configured to monitor suspicious activity and anomalous behaviour. These events are escalated for immediate action to the on-call incident response team.
Denial-of-Service protection
Glofox relies on several layers of DDoS protection to prevent malicious actors from compromising service availability. This includes the use of Cloudflare, AWS CloudFront, AWS WAF v2, as well as automated scaling of the Glofox backend services to handle increases in load.
Encryption
Communication with Glofox systems is encrypted via HTTP/TLS to secure traffic in transit. All data is also encrypted at rest in AWS.
Availability
Status and uptime
The Glofox status page is available to track the platform status and other maintenance and security related information.
Reliability
The Glofox infrastructure is spanning across multiple AWS availability zones to ensure application redundancy and database replication without a single point of failure. The Glofox platform is consistently available with a higher than 99.9% uptime.
Monitoring
The Glofox platform is constantly monitored for uptime, errors and performance. Relevant thresholds are in place to alert the on-call teams to respond to possible outage or incidents.
Backups
Glofox databases are backed up on a daily, weekly and monthly basis, with a 6-months retention policy. These backups offer point-in-time recovery which can be used in Disaster Recovery situations.
HR Security
Policies
Glofox has developed a comprehensive set of security policies that have been shared with and made available to all employees and contractors with access to Glofox.
Security Awareness Test
All Glofox employees complete a Security Awareness Test to ensure their security knowledge is up to scratch and that they are aware of security best practices.
Confidentiality Agreements
All new hires are required to sign confidentiality agreements.
