// Trust & Security Report
typeguard, Inc. dba Glide
No-code AI-powered business app builder (web and mobile)
Certifications held
4
Maturity
Growth
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.glideapps.com“By working with Johanson Group, LLP, an independent auditor, typeguard, Inc. dba Glide is excited to share that we have achieved a SOC 2 Type 1 compliance rating.”
Verify on trust.glideapps.com“By working with Johanson Group, LLP, an independent auditor, typeguard, Inc. dba Glide is excited to share that we have achieved a SOC 2 Type II compliance rating.”
Verify on glideapps.com“We have implemented the appropriate technical and security processes to ensure compliance with GDPR obligations.”
Verify on trust.glideapps.com“CCPA COMPLIANT listed under Compliance on the Glide trust center (trust.glideapps.com)”
> Show 6 unconfirmed / not-held certifications
source: glideapps.comNo public evidence of formal ISO 27001 certification. The security center references 'FedRAMP, ISO 27001, PCI, GDPR, and SOC 2' as frameworks but makes no certification claim. A partner agency (V88) holds ISO 27001, not Glide itself.
source: glideapps.comGlide explicitly prohibits: 'Protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA)...diagnoses, treatment information, medical test results, or prescription information.'
source: glideapps.comNo public evidence of PCI DSS certification. PCI is referenced as a framework on the security center but no certification is claimed. Payment processing is handled via Stripe (a PCI-certified subprocessor).
source: glideapps.comNo public evidence of FedRAMP authorization. FedRAMP is referenced as a framework Glide adheres to, but no authorization or in-process listing is documented.
source: trust.glideapps.comNo public evidence of ISO 42001 certification on vendor domain.
source: trust.glideapps.comNo public evidence of CSA STAR registration or certification on vendor domain.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
United States (Google Cloud Platform, Iowa, USA)
By default Glide trains its AI models on customer content and app structure starting October 1, 2024. Training excludes data 'that relates to an identifiable individual.' Opt-out is only available if 'your account type grants you the ability to opt out' (enterprise/paid tiers). Shared Template Store developers CANNOT opt out: 'by listing a Shared Template on the Template Store, you agree that, notwithstanding any permitted opt out of other artificial intelligence training, Glide may use any of Your Content included in the Shared Template...to train its artificial intelligence algorithms and models.' After opt-out, Glide will not revert prior training. AI features use OpenAI as a subprocessor; per the DPA, OpenAI does not use API customer data to retrain its models.
// Security controls
Cloud infrastructure
Google Cloud Platform (primary region: Iowa, USA); Cloudflare for CDN/DDoS
trust.glideapps.comPenetration testing
Annual independent penetration testing; 2024 summary published on trust center
trust.glideapps.comEmployee access controls
2FA enforced for all employee access to internal systems; unique production database authentication enforced
trust.glideapps.comBackup and recovery
Daily backups retained for one month; quarterly restore drills; Continuity and Disaster Recovery plans established and tested
glideapps.comData deletion
Customer data deleted upon leaving; unused customer data deleted after 30 days; customer deletion requests via glideapps.com/rights
trust.glideapps.comVulnerability management
Automated vulnerability scans; intrusion detection; cybersecurity insurance maintained
trust.glideapps.comSingle Sign-On (SSO)
SSO and Directory Sync via WorkOS subprocessor; available on enterprise tier
trust.glideapps.com// Products & data scope
data: App structure, user-uploaded data, Google Sheets or other connected data sources
AI training opt-out NOT available on free tier. Apps must be private to store certain sensitive (non-HIPAA) data.
data: Same as Free plus expanded data rows and integrations
AI training opt-out may be available depending on plan. Private apps allowed for restricted (non-HIPAA) data categories.
data: Full platform access including SSO, advanced permissions, and custom integrations
AI training opt-out available for enterprise account types. SOC 2 Type II and GDPR DPA apply. HIPAA is still not supported.
data: Customer app data passed to OpenAI API for AI feature processing
Uses OpenAI as subprocessor. OpenAI API terms prevent retraining on customer data. Glide itself may train on non-PII app structure and content unless opted out.
// What to watch
- AI TRAINING OPT-IN BY DEFAULT: Glide trains its AI on customer content starting October 1, 2024 unless the customer opts out. Opt-out is only available for certain paid/enterprise account types.
- SHARED TEMPLATE DEVELOPERS CANNOT OPT OUT: Users who list apps in the Template Store cannot opt out of AI training on that content regardless of account tier.
- NO REVERT AFTER OPT-OUT: Once training has occurred, opting out does not remove or revert previously trained model data.
- NO HIPAA: PHI is explicitly prohibited in User Data Rules. Glide must not be used for healthcare workloads involving protected health information.
- NO ISO 27001 CERTIFICATION: ISO 27001 appears as a referenced framework on the security page but no formal certification is claimed or evidenced. Do not list Glide as ISO 27001 certified.
- US-ONLY DATA RESIDENCY: All data is hosted on GCP Iowa, USA. No EU or regional data residency options are documented, which may be a concern for EU-regulated customers.
- OPENAI SUBPROCESSOR: Glide AI features route data through OpenAI's API. OpenAI does not retrain on API customer data, but customers should be aware of this subprocessor relationship.
- DPA REQUIRES EMAIL REQUEST: A signed DPA copy must be requested via email to dpo@glideapps.com rather than being available for self-service download.
// At a glance
Pricing model
Freemium with paid Business and Enterprise tiers; usage-based limits on data rows and AI actions
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on typeguard, Inc. dba Glide's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.glideapps.com