// Trust & Security Report

    typeguard, Inc. dba Glide logo

    typeguard, Inc. dba Glide

    No-code AI-powered business app builder (web and mobile)

    Certifications held

    4

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type I
    HELD

    By working with Johanson Group, LLP, an independent auditor, typeguard, Inc. dba Glide is excited to share that we have achieved a SOC 2 Type 1 compliance rating.

    Verify on trust.glideapps.com
    SOC 2 Type II
    HELD

    By working with Johanson Group, LLP, an independent auditor, typeguard, Inc. dba Glide is excited to share that we have achieved a SOC 2 Type II compliance rating.

    Verify on trust.glideapps.com
    GDPR
    HELD

    We have implemented the appropriate technical and security processes to ensure compliance with GDPR obligations.

    Verify on glideapps.com
    CCPA
    HELD

    CCPA COMPLIANT listed under Compliance on the Glide trust center (trust.glideapps.com)

    Verify on trust.glideapps.com
    > Show 6 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence of formal ISO 27001 certification. The security center references 'FedRAMP, ISO 27001, PCI, GDPR, and SOC 2' as frameworks but makes no certification claim. A partner agency (V88) holds ISO 27001, not Glide itself.

    source: glideapps.com
    HIPAA
    NOT CONFIRMED

    Glide explicitly prohibits: 'Protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA)...diagnoses, treatment information, medical test results, or prescription information.'

    source: glideapps.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification. PCI is referenced as a framework on the security center but no certification is claimed. Payment processing is handled via Stripe (a PCI-certified subprocessor).

    source: glideapps.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization. FedRAMP is referenced as a framework Glide adheres to, but no authorization or in-process listing is documented.

    source: glideapps.com
    ISO/IEC 42001 (AI Management)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification on vendor domain.

    source: trust.glideapps.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR registration or certification on vendor domain.

    source: trust.glideapps.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    United States (Google Cloud Platform, Iowa, USA)

    By default Glide trains its AI models on customer content and app structure starting October 1, 2024. Training excludes data 'that relates to an identifiable individual.' Opt-out is only available if 'your account type grants you the ability to opt out' (enterprise/paid tiers). Shared Template Store developers CANNOT opt out: 'by listing a Shared Template on the Template Store, you agree that, notwithstanding any permitted opt out of other artificial intelligence training, Glide may use any of Your Content included in the Shared Template...to train its artificial intelligence algorithms and models.' After opt-out, Glide will not revert prior training. AI features use OpenAI as a subprocessor; per the DPA, OpenAI does not use API customer data to retrain its models.

    // Security controls

    Encryption at rest

    AES-256 bit encryption for all stored data

    glideapps.com

    Encryption in transit

    TLS 1.2 or newer; end-to-end HTTPS for all connections

    glideapps.com

    Cloud infrastructure

    Google Cloud Platform (primary region: Iowa, USA); Cloudflare for CDN/DDoS

    trust.glideapps.com

    Penetration testing

    Annual independent penetration testing; 2024 summary published on trust center

    trust.glideapps.com

    Employee access controls

    2FA enforced for all employee access to internal systems; unique production database authentication enforced

    trust.glideapps.com

    Backup and recovery

    Daily backups retained for one month; quarterly restore drills; Continuity and Disaster Recovery plans established and tested

    glideapps.com

    Data deletion

    Customer data deleted upon leaving; unused customer data deleted after 30 days; customer deletion requests via glideapps.com/rights

    trust.glideapps.com

    Vulnerability management

    Automated vulnerability scans; intrusion detection; cybersecurity insurance maintained

    trust.glideapps.com

    Single Sign-On (SSO)

    SSO and Directory Sync via WorkOS subprocessor; available on enterprise tier

    trust.glideapps.com

    // Products & data scope

    Glide FreeNo-code app builder

    data: App structure, user-uploaded data, Google Sheets or other connected data sources

    AI training opt-out NOT available on free tier. Apps must be private to store certain sensitive (non-HIPAA) data.

    Glide Business/TeamNo-code app builder (paid)

    data: Same as Free plus expanded data rows and integrations

    AI training opt-out may be available depending on plan. Private apps allowed for restricted (non-HIPAA) data categories.

    Glide EnterpriseNo-code app builder (enterprise)

    data: Full platform access including SSO, advanced permissions, and custom integrations

    AI training opt-out available for enterprise account types. SOC 2 Type II and GDPR DPA apply. HIPAA is still not supported.

    Glide AI (GlideOS)AI agents and automation layer

    data: Customer app data passed to OpenAI API for AI feature processing

    Uses OpenAI as subprocessor. OpenAI API terms prevent retraining on customer data. Glide itself may train on non-PII app structure and content unless opted out.

    // What to watch

    • AI TRAINING OPT-IN BY DEFAULT: Glide trains its AI on customer content starting October 1, 2024 unless the customer opts out. Opt-out is only available for certain paid/enterprise account types.
    • SHARED TEMPLATE DEVELOPERS CANNOT OPT OUT: Users who list apps in the Template Store cannot opt out of AI training on that content regardless of account tier.
    • NO REVERT AFTER OPT-OUT: Once training has occurred, opting out does not remove or revert previously trained model data.
    • NO HIPAA: PHI is explicitly prohibited in User Data Rules. Glide must not be used for healthcare workloads involving protected health information.
    • NO ISO 27001 CERTIFICATION: ISO 27001 appears as a referenced framework on the security page but no formal certification is claimed or evidenced. Do not list Glide as ISO 27001 certified.
    • US-ONLY DATA RESIDENCY: All data is hosted on GCP Iowa, USA. No EU or regional data residency options are documented, which may be a concern for EU-regulated customers.
    • OPENAI SUBPROCESSOR: Glide AI features route data through OpenAI's API. OpenAI does not retrain on API customer data, but customers should be aware of this subprocessor relationship.
    • DPA REQUIRES EMAIL REQUEST: A signed DPA copy must be requested via email to dpo@glideapps.com rather than being available for self-service download.

    // At a glance

    Pricing model

    Freemium with paid Business and Enterprise tiers; usage-based limits on data rows and AI actions

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on typeguard, Inc. dba Glide's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.glideapps.com

    > Browse all vendor trust reports