Powered by PerforceGliffy is owned by Perforce, a longstanding and trusted name in the software industry. Perforce is committed to ensuring data security for customers across all its product offerings, including Gliffy, so you can rest assured that the information contained within your diagrams is safe and secure.To learn more about Perforce’s data security standards and practices, visit the official Perforce site:SECURITY AT PERFORCECloud Fortified & SOC 2 CompliantGliffy was one of the first apps to achieve Atlassian’s Cloud Fortified designation when the program was introduced in July 2021. Our Cloud apps have also received SOC 2 Type II certification.These credentials demonstrate our ability to meet enterprise-level standards for reliability, support, and security (including control implementation and validation, risk assessment, testing, and more).Led by CISO Aaron KiemeleAs the guide for the ongoing maturation of the information security program, Aaron Kiemele is the Chief Information Security Officer (CISO) at Perforce Software. With a technical foundation, Aaron approaches managing an information security program through a foundation of practical, actionable approaches to protecting the confidentiality, integrity, and availability of systems, networks, services, and data.Aaron’s experience ranges from network engineering to executive leadership roles — including CTO and CISO — with highly regulated industries, which includes healthcare, government, defense, and payment/finance.With a “Secure by Design and Compliant by Default” approach, Aaron and his team guides the diverse Perforce product lines through their compliance and regulatory obligations. This work is performed with the help of designated liaisons each time, acting as subject matter experts and points of contact to provide tactical support.Our Data & Security PracticesPersonal InformationPersonal information (billing information) is not stored within Gliffy, and we do not sell or share your personal information.Diagram DataDiagram data stored in Confluence or Jira is covered by Atlassian’s privacy policy. Gliffy’s web-based application, Gliffy Online, does not store diagram data on local devices or Gliffy servers. Bug Bounty ProgramGliffy participates in the Atlassian Marketplace’s Bug Bounty Program, allowing security researchers to test the application for vulnerabilities and report any vulnerabilities discovered.Error Capture & ReportingIn the event of an error condition, the information collected for troubleshooting does not contain personal information or complete diagram data.EncryptionAll customer data is encrypted using HTTPS over Transport Layer Security (TLS) 1.2 or higher. All document content is encrypted at rest with AES-256. The encryption is transparent; keys are managed by our cloud infrastructure provider.Business Continuity PlanGliffy is aligned with Perforce Software’s Business Continuity Plan to manage and minimize the effects of unplanned disruptive events (cyber, physical, or natural).Gliffy OnlineHosted SecurityGliffy Online servers and customer data are hosted on Amazon Web Services (AWS). Information about AWS Security can be found on the official AWS site.Backups & ReliabilityAWS services are used for daily backups. All our systems are fully redundant and clustered, and Disaster Recovery testing is periodically performed to ensure operations are restored in a timely manner.Payment InformationAll payments made for Gliffy Online use Stripe (PCI Certified). For additional information, please visit Stripe’s privacy page. No credit card data or payment related information is stored on Gliffy systems.