Security & Compliance

Enterprise-Grade Security.

GLX Studio operates with the same security posture as the systems it integrates into. SOC 2 Type II. AES-256 encryption at rest. TLS 1.3 in transit. SSO via SAML and OIDC. GDPR-aligned data handling. Optional EU data residency.

Request SOC 2 report Talk to security
Security Certifications

Audited and certified.

Audit

SOC 2 Type II

Independently audited. Reports available under NDA.

Encryption

AES-256 at rest

All customer data and assets encrypted with AES-256.

Transport

TLS 1.3 in transit

All API and dashboard traffic over TLS 1.3 with HSTS.

Privacy

GDPR-aligned

Data subject rights, export, and deletion supported.

Comprehensive Security

Defense in depth.

Identity & Access

  • SSO via SAML 2.0 and OIDC
  • Role-based access control
  • Per-workspace permissions
  • Session timeout policies
  • API key rotation

Infrastructure

  • US-based primary data centers
  • Optional EU data residency
  • Continuous vulnerability scanning
  • Quarterly penetration testing
  • 24/7 security monitoring

Application

  • OWASP Top 10 controls
  • SCA & SAST in CI/CD
  • Audit logs for every action
  • Webhook signature verification
  • Rate-limited API endpoints
Data Protection & Privacy

Your data is your data.

Customer content

Brand assets, source decks, contact lists, and rendered video are owned by you. We process them under a Data Processing Agreement, never train models on customer content, and provide export and deletion on demand.

Subprocessors

We maintain a public list of subprocessors. Notification of any addition or change is provided in advance per our DPA. Critical subprocessors include AWS, ElevenLabs (voice), and Storyblocks (licensed B-roll).

Regulatory Compliance

Built for the regulated enterprise.

Privacy

GDPR & CCPA

Data subject rights, export, deletion, breach notification.

Industry

HIPAA

Available on Enterprise plans. BAA available on request.

Trust

SOC 2 / SOC 3

SOC 2 Type II in place. SOC 3 summary available publicly.

Locality

Data residency

US default. EU residency optional on Enterprise.

Need our SOC 2 or DPA?

Reports are available under NDA. Send a note to security and we'll route the docs and a security engineer if you have questions.

Request reports Read the privacy policy