Security Policy
Last updated: 2026-06-16
GlowHub is committed to the highest security standards to protect your data.
1. Encryption
- In transit: TLS 1.2+ on all connections.
- At rest: databases and backups are encrypted.
- Passwords: Bcrypt with random salt.
2. Access Control
- Multi-level RBAC permissions.
- Two-Factor Authentication (2FA) available to all users.
- Time-limited sessions + immediate revocation on logout.
3. Tenant Isolation
- Every salon has a trusted tenant_id enforced at the database level.
- Automated tests verify one salon's data does not leak to another.
4. Backups
- Automated daily backups retained for 30 days.
- Periodic restore tests.
- Multi-region geographical backups.
5. Security Monitoring
- 24/7 infrastructure monitoring.
- Audit logs for every sensitive operation.
- Real-time alerts on suspicious activity.
6. Vulnerability Management
- Periodic security reviews.
- Annual penetration testing.
- Immediate security updates for dependencies.
7. Reporting a Vulnerability
Send a report to security@glowhub.app. We commit to responding within 48 hours.
8. User Responsibility
- Use a strong, unique password.
- Enable 2FA.
- Do not share credentials.
- Report any suspicious activity immediately.