Powered by Perforce
Gliffy is owned by Perforce, a longstanding and trusted name in the software industry. Perforce is committed to ensuring data security for customers across all its product offerings, including Gliffy, so you can rest assured that the information contained within your diagrams is safe and secure.
To learn more about Perforce’s data security standards and practices, visit the official Perforce site:
Cloud Fortified & SOC 2 Compliant
Gliffy was one of the first apps to achieve Atlassian’s Cloud Fortified designation when the program was introduced in July 2021. Our Cloud apps have also received SOC 2 Type II certification.
These credentials demonstrate our ability to meet enterprise-level standards for reliability, support, and security (including control implementation and validation, risk assessment, testing, and more).
Led by CISO Aaron Kiemele
As the guide for the ongoing maturation of the information security program, Aaron Kiemele is the Chief Information Security Officer (CISO) at Perforce Software. With a technical foundation, Aaron approaches managing an information security program through a foundation of practical, actionable approaches to protecting the confidentiality, integrity, and availability of systems, networks, services, and data.
Aaron’s experience ranges from network engineering to executive leadership roles — including CTO and CISO — with highly regulated industries, which includes healthcare, government, defense, and payment/finance.
With a “Secure by Design and Compliant by Default” approach, Aaron and his team guides the diverse Perforce product lines through their compliance and regulatory obligations. This work is performed with the help of designated liaisons each time, acting as subject matter experts and points of contact to provide tactical support.
Our Data & Security Practices
Personal Information
Personal information (billing information) is not stored within Gliffy, and we do not sell or share your personal information.
Diagram Data
Diagram data stored in Confluence or Jira is covered by Atlassian’s privacy policy. Gliffy’s web-based application, Gliffy Online, does not store diagram data on local devices or Gliffy servers.
Bug Bounty Program
Gliffy participates in the Atlassian Marketplace’s Bug Bounty Program, allowing security researchers to test the application for vulnerabilities and report any vulnerabilities discovered.
Error Capture & Reporting
In the event of an error condition, the information collected for troubleshooting does not contain personal information or complete diagram data.
Encryption
All customer data is encrypted using HTTPS over Transport Layer Security (TLS) 1.2 or higher. All document content is encrypted at rest with AES-256. The encryption is transparent; keys are managed by our cloud infrastructure provider.
Business Continuity Plan
Gliffy is aligned with Perforce Software’s Business Continuity Plan to manage and minimize the effects of unplanned disruptive events (cyber, physical, or natural).
Personal Information
Personal information (billing information) is not stored within Gliffy, and we do not sell or share your personal information.
Diagram Data
Diagram data stored in Confluence or Jira is covered by Atlassian’s privacy policy. Gliffy’s web-based application, Gliffy Online, does not store diagram data on local devices or Gliffy servers.
Bug Bounty Program
Gliffy participates in the Atlassian Marketplace’s Bug Bounty Program, allowing security researchers to test the application for vulnerabilities and report any vulnerabilities discovered.
Gliffy Online
Hosted Security
Gliffy Online servers and customer data are hosted on Amazon Web Services (AWS). Information about AWS Security can be found on the official AWS site.
Backups & Reliability
AWS services are used for daily backups. All our systems are fully redundant and clustered, and Disaster Recovery testing is periodically performed to ensure operations are restored in a timely manner.
Payment Information
All payments made for Gliffy Online use Stripe (PCI Certified). For additional information, please visit Stripe’s privacy page. No credit card data or payment related information is stored on Gliffy systems.