Get started

Information Security Policy

Last updated - February 23, 2022

It is the policy of Level 29 Ltd, who trade under the name Gleanin, to maintain an information management system designed to meet the requirements of ISO 27001 in pursuit of its primary objective; to create, maintain and deliver the Gleanin Social Referral Marketing Platform.

It is the policy of Level 29 Ltd to:

make the details of our policy known to all other interested parties including external where appropriate and determine the need for communication and by what methods relevant to the business management system.

comply with all legal requirements, codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to satisfy applicable requirements related to information security and the continual improvement of the ISMS.

provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met;

ensure that all employees are made aware of their individual obligations in respect of this information security policy;

maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.

This information security policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets.

To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by the leadership team to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.

Scope of the Policy

The scope of this policy relates to the use and development of database and computer systems operated by the company in pursuit of the company’s business of providing the Gleanin Social Referral Marketing Platform (https://gleanin.com) to the events industry. Gleanin is a trading name of Level 29 Ltd. It also relates where appropriate to external risk sources including functions which are outsourced.

Tamar Beck, CEO

Frequently Asked Questions

Where can I find your data processing terms?

Our Terms and Conditions and Data Processing Terms can be found at https://admin.gleanin.com/terms.

What security programs and practices do you have in place?

Gleanin is certified to ISO 27001. We are certified by The British Assessment Bureau and are subject to annual external assessments to maintain the certification.

Our scoped systems operate on Amazon Web Services (AWS) who are also certified to ISO 27001.

Do you meet GDPR?

Yes.

As we store Personally identifiable information (“PII”) we are legally obliged to comply with General Data Protection Regulation. In data processing language we are a data processor and the event organiser remains the data controller.

What event data will be stored?

We don’t store any attendee data. Event organisers can upload speaker data (name, title, company name and optionally email address) to the platform.

In which countries will data be stored?

All data, logs and backups containing PII are stored in Ireland, in the Amazon Web Services (AWS) eu-west-1 region.

Do you use any sub-processors?

We don’t use any third-party processor of personal data other than Amazon Web Services (AWS) .

What level of encryption is used to protect data in transit and rest?

Data is encrypted with SSL while in transit. Data at rest is encrypted using AES-256.

Do you perform penetration tests?

Gleanin undertakes annual external penetration testing, last performed in September 2021. Gleanin also undertook an external application security test in January 2022.

Do you have a Disaster Recovery Plan?

We have a business continuity plan in place and our system is designed for both application and database servers to work across Amazon availability zones.