Family hugging in park

A commitment to security

Glooko has made privacy protection and data security a critical part of our process and is certified by key global organizations

Established culture
of trust and governance

Because we recognize the importance of trust and the security of your personal data and protected health information, we have instituted formal security and privacy governance and regularly report on both to the company Board of Directors

Our company leadership team is deeply involved, making the security of personal and protected data our highest priority in every aspect of Glooko culture and practice

Certified by leading global security
and privacy organizations


Glooko’s HITRUST certification places the company in an elite group of organizations worldwide, proving that its attested security controls meet standards for protecting sensitive patient health data

HITRUST certification is a validated assessment conducted by an objective third party that certifies that a company’s security policies, procedures, and practices are compliant with HIPAA, the US federal regulation protecting personal health information (PHI)

HITRUST certification demands best practice security safeguards and sets the highest bar for proof of a company’s security posture

For any security issues, please reach out to our senior security official at [email protected]

HIPPA Compliant Logo

HIPAA compliance involves fulfilling the requirements of the Health Insurance Portability and Accountability Act of 1996, its subsequent amendments, and any related legislation such as HITECH

Compliance helps ensure that technical, physical and administrative safeguards are in place and adhered to, that they comply with the HIPAA to protect the integrity of PHI

HIPPA Compliant Logo

Glooko uses OneTrust, the number one privacy platform in the world to ensure compliance with CCPA, GDPR, LGPD and hundreds of the world’s privacy laws and frameworks

OneTrust ensures transparency and consent for online tracking and keeps Glooko up to date with the latest regulations

SOC Type 1 Glooko

Glooko has SOC 2 Type 1 and Type 2 certifications, reporting standards verified through independent validation that the company has all the required controls in place for its people, systems and processes to ensure the security of its customers’ data as well as the company’s own software

These extensive reporting standards provide independent validation from a sophisticated, Silicon Valley third-party auditing firm that Glooko’s attested security controls and policies work extremely well in securing patient health data

Frequently asked questions


We work hard to make sure your data is secure, private, and available to you when you need it

We know that health data is critical AND sensitive

Our platform leverages security best practices to ensure that your data is safeguarded

All data is encrypted in transit and at rest using modern, well-regarded encryption methods and protocols

We have independent third parties regularly conduct penetration testing and independent cybersecurity risk assessments, and we monitor our platform for vulnerabilities and any unusual behavior

Our platform is designed for redundancy and resiliency, and we have strong policies, procedures, and practices to assure security through technical, organizational, and procedural controls


We are protective of your personal data, and we will not share your identifiable data without your consent

If you use Glooko services through a healthcare provider, then your care provider will work with you to manage your diabetes, and your data will be available to your provider, for example when you visit your doctor

In that case, our services are just a portion of the health care operations of your health care provider, just like any other system they may use to provide you with care


Our practices ensure that security and privacy remain paramount and are not dismissed for expediency or profit

We have documented policies that lay out our expectations for security and privacy

We have a formal, adopted Data Ethics policy that outlines the proper treatment of sensitive data and what we will not do

We have a governance board for security and privacy that helps drive critical decisions and ensures proper prioritization and resource allocation for security and privacy efforts

We have a leadership team that truly believes that the effort to lead in security and privacy is worth it, because trust is worth it