Security & privacy

Compliance Hub

Gladia never trains on customer data by default and applies enterprise-grade security and compliance controls to protect your data. Learn more below.

Compliance belt — GDPR, HIPAA, SOC 2, ISO 27001

Trusted by 300,000+ developers worldwide

Klarna Aircall HeyGen VEED Recall Attention Livestorm Method Sana Mojo Adversus Claap Attio Carv Selectra Spoke
Klarna Aircall HeyGen VEED Recall Attention Livestorm Method Sana Mojo Adversus Claap Attio Carv Selectra Spoke

Built for trust from day one

Privacy, security, and compliance are core values at Gladia. Our systems are built to protect customer data by default, minimize risk exposure, and support production workloads in regulated environments.

Your data is not a bargaining chip

Customer data protection is non-negotiable. It's built on a strict framework that ensures control, transparency, and trust:

  • Customer data remains fully owned by the customer
  • Data is processed solely to deliver the requested service
  • Zero Data Retention policy for paid plans
  • Clear retention and deletion controls
  • Full transparency on data usage and data location
Data protection principles

EU design, global security

Data subject rights are fully supported by design and by default. This includes:

  • Security embedded across infrastructure and development
  • HDS hosting available for enterprise customers
  • Encryption in transit and at rest
  • Least-privilege access controls
  • Audit logging & monitoring of production systems
  • Regular third-party security reviews
Security by design

Ready for regulated industries

We support teams operating in regulated environments including healthcare, financial services, enterprise SaaS, and EU-regulated markets through documented controls and contractual safeguards.

Data lifecycle & usage

How Gladia manages your data

Data retention and deletion

Your data is retained only as long as needed and permanently deleted once expired or upon account closure.

  • Deleted data cannot be recovered
  • Account closure triggers an expired data state
  • Customers must export or back up data before account closure
  • Expired data is permanently deleted after the retention period

Model training & data usage

Your data is isolated by default and never used for model training unless explicitly agreed.

  • No cross-customer data sharing
  • Training exclusions applied by default
  • Any exception requires explicit agreement

Data Subject Rights (GDPR)

Full GDPR compliance, EU-style.

  • Support for access, rectification, and deletion requests
  • Requests handled within applicable regulatory timelines
  • Clear contact paths defined in the Privacy Notice
Access & encryption

How Gladia secures your data

Data access controls

Access to your data is strictly limited, isolated per account, and continuously audited.

  • Data is logically isolated per customer account
  • Employee access to production data is disabled by default
  • Temporary access requires explicit approval
  • All access is logged and regularly reviewed

Encryption & secure transfer

All data is encrypted at rest and in transit using secure, authenticated connections.

  • All customer data is encrypted in transit and at rest
  • Secure, authenticated connections are enforced across services

Incident response

Security incidents are documented, with timely investigation, notification, and remediation.

  • Incident response procedures are clearly documented
  • Incidents are promptly investigated, contained, and remediated
  • Notifications follow contractual and legal requirements
  • Post-incident reviews are conducted to prevent recurrence
Data residency & infra

How Gladia processes your data

Data residency & processing location

Data from EU and US workloads are kept separate on region-specific infrastructure.

  • Data is processed on region-specific infrastructure
  • EU and US workloads are hosted separately

Contractual safeguards

Our transparent contracts govern data processing, confidentiality, and regulatory obligations.

  • Data Processing Agreements (DPA) available for EU and US customers
  • Business Associate Agreements (BAA) available for healthcare use cases
  • Confidentiality and non-disclosure obligations enforced contractually

Sub-processors & third-party services

Core infrastructure relies on vetted third parties

  • We use third-party service providers to deliver core infrastructure
  • A maintained list of subprocessors, purposes, and processing locations is available