Get started

Information Security Policy

Last updated - December 1, 2022

It is the policy of Level 29 Ltd, who trade under the name Gleanin, to maintain an information management system designed to meet the requirements of ISO 27001 in pursuit of its primary objective; to create, maintain and deliver the Gleanin Social Referral Marketing Platform.

Our information security objectives are to:

Exceed all data protection requirements and continue to deliver the Gleanin services within a secure environment.

Continuous improvement through annual risk assessments, regular monitoring and audits to ensure that risk to information in the care of Gleanin is minimised or eliminated.

Maintain ISO27001 certification, which requires external audits every year.

Commit to annual external vulnerability assessment and web application penetration testing.

Provide formal information security education to all employees twice a year.

Make available an information security pack to interested parties.

Our business management system provides a framework for setting, monitoring, reviewing and achieving our objectives.

To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by the leadership team to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.

Scope of the Policy

The scope of this policy relates to the use and development of database and computer systems operated by the company in pursuit of the company’s business of providing the Gleanin Social Referral Marketing Platform (https://gleanin.com) to the events industry. Gleanin is a trading name of Level 29 Ltd. It also relates where appropriate to external risk sources including functions which are outsourced.

Tamar Beck, CEO

Frequently Asked Questions

Where can I find your data processing terms?

Our Terms and Conditions and Data Processing Terms can be found at https://admin.gleanin.com/terms.

What security programs and practices do you have in place?

Gleanin is certified to ISO 27001. We are certified by The British Assessment Bureau and are subject to annual external assessments to maintain the certification. Our latest certificate can be downloaded here.

Do you meet GDPR?

Yes.

As we store Personally identifiable information (“PII”) we are legally obliged to comply with General Data Protection Regulation. In data processing language we are a data processor and the event organiser remains the data controller.

What event data will be stored?

We don’t store any attendee data. Event organisers can upload speaker data (name, title, company name and optionally email address) to the platform.

In which countries will data be stored?

All data, logs and backups containing PII are stored in Ireland, in the Amazon Web Services (AWS) eu-west-1 region.

Do you use any sub-processors?

We don’t use any third-party processor of personal data other than Amazon Web Services (AWS) .

What level of encryption is used to protect data in transit and rest?

Data is encrypted with TLS while in transit. Data at rest is encrypted using AES-256.

Do you perform penetration tests?

Gleanin commits to undertaking third party Vulnerability Assessments and Web Application Penetration Testing on an annual basis. The most recent Vulnerability Assessment was conducted in October 2022 and the Web Application Penetration Testing in January 2022.

Do you have a Disaster Recovery Plan?

We have a business continuity plan in place and our system is designed for both application and database servers to work across Amazon availability zones.