Safe & secure data

Trust at Glassdoor

At Glassdoor, trust is a key tenet for helping people everywhere find a job and company they love.  We’re committed to keeping your data safe and private.  Rest easy knowing your data is secure and protected 24/7 via our robust Security, Privacy, and Compliance programs.

Security

Our top priority is keeping your data secure. We deploy a variety of security controls at all levels to ensure that your data remains safe.

Impersonation Scams

  • Glassdoor users can be targeted by scammers impersonating Glassdoor attempting to gather personal or financial information via text messages or email.
  • Glassdoor will never contact individuals using SMS text messages, WhatsApp, Skype, Signal, Telegram, or any other messaging or video communication service.
  • Glassdoor users only receive email communications they have signed up for, and those communications only originate from the glassdoor.com domain.
  • Tips on recognizing impersonation scams and protecting yourself can be found here.

Monitoring & Authentication

  • Our services are monitored 24/7 by our Network Operations and Security Operations Centers (NOC and SOC).
  • Access to Glassdoor services is uniquely identified, logged, and monitored.
  • Employee access to customers’ Glassdoor Employer Center is provided solely for support purposes. Access requires approval and multiple layers of authentication.
  • Access to Glassdoor’s backend services is granted on the principle of least privilege and controlled via MFA and Bastion hosts.

Encryption

  • Data in transit is encrypted from the user’s browser to the services via TLS 1.2 or higher.
  • Data at rest is encrypted via AES-256.
  • Native usernames and passwords are secured using a dedicated password-based key derivation function with hashing and salting.

Cloud Infrastructure

  • Glassdoor services reside in AWS facilities, which comply with over 50 security certifications, regulations, and frameworks.
  • Glassdoor data is logically separated from other AWS customers in a multi-tenant environment.
  • GIassdoor services are hosted in a variety of AWS regions and zones to ensure redundancy, high availability, and resiliency.
  • Proactive security procedures, such as network intrusion prevention systems (IPS) and web application firewalls (WAF) are implemented.

Vulnerability Management

  • Glassdoor’s internal and external facing systems undergo regular vulnerability scanning.
  • External penetration testing via a 3rd party is performed on an annual basis.
  • Glassdoor operates a responsible disclosure and bug bounty program via HackerOne.

Application Security

  • Code development is executed through a documented SDLC process.
  • Code is peer reviewed prior to main code branch commitment.
  • Developers are regularly trained on secure coding practices leveraging the OWASP Top 10.
  • Automated code quality tests targeting injection flaws, input validation, and proper CSRF token usage are utilized.

Privacy

As a global company, Glassdoor is subject to a variety of privacy laws that confer a range of privacy rights upon our users. We are committed to compliance with the requirements of these global privacy laws and ensuring the rights and protections they offer are available to all of our users, regardless of their location.

Privacy Program

  • Glassdoor is a data controller, responsible for the processing of users’ personal information.
  • We share information with our vendors, partners, and affiliates.
  • We keep users’ personal information only so long as we need it to provide our services and fulfill the purposes described in our Privacy Policy.
  • You can read more about our privacy practices, including how we collect, use, and share information, in our Privacy Policy.

Controlling Your Data

  • Users of Glassdoor services have the right to learn about, access, download, delete, and control the personal data that we hold about them.
  • Users can also opt out of:
    • targeted advertising by changing their cookie settings in our Cookie Tool (located in the footer or settings of our site) and
    • data sharing with our affiliates and advertisers using our opt-out.

Compliance

We know how much data privacy, confidentiality, integrity, security, and availability mean to our users and customers. Glassdoor operates a formal and comprehensive compliance program designed to ensure we meet the requirements of all applicable laws, regulations, and key industry-recognized compliance standards.

SOC Certification

Glassdoor maintains a SOC 2 Type 2 certification for the Security, Availability, Privacy, and Confidentiality Trust Services Criteria for our production environment.

GDPR & UK DPA Compliance

Glassdoor is committed to compliance with GDPR and UK DPA requirements.

CCPA/CPRA Compliance

Glassdoor is committed to compliance with CCPA/CPRA requirements.

LGPD Compliance

Glassdoor is committed to compliance with LGPD requirements.

DSA

Glassdoor is committed to compliance with the Digital Services Act (DSA)

2025 DSA Transparency Report
2026 DSA Transparency Report