Legal
How GlobeMeet protects your operations
Security posture across the marketing site, the platform, and our internal operations. Email security@globemeet.in to disclose vulnerabilities โ we respond within 24 hours.
TLS 1.3
Required on every transport
AES-256
Recordings at rest
Quarterly
Third-party pentests
24h
Vulnerability response
All transport encrypted (TLS 1.3, DTLS-SRTP). Recordings encrypted at rest with AES-256. Signed-URL playback only. SSO via SAML 2.0 / OIDC. Per-tenant key isolation. Tamper-evident audit log.
Quarterly third-party penetration testing. Dependency CVE monitoring with automated weekly alerts. Reproducible Docker builds with signed manifests. Pre-shared signed releases. Internal security training for every team member, refreshed annually.
Documented IR playbook covering detection, containment, eradication, recovery, and post-mortem. Ours and yours connect at the contract โ we agree in writing on roles and notification timing for incidents that affect your data.
Email security@globemeet.in. We respond within 24 hours, triage within 72 hours, and credit responsible disclosure publicly (with your permission). We do not pursue legal action against good-faith researchers.
ISO 27001 certification (in progress, target Q4 2026). SOC 2 Type II for the managed cloud (planning stage). Bug-bounty program (under evaluation).
Not yet for the platform. We're targeting SOC 2 Type II for the managed cloud during 2026. ISO 27001 is further along โ currently in audit phase.
Yes โ for self-hosted deployments you can pentest your own instance freely. For managed cloud, request a pentest window via security@globemeet.in.
Customer-affecting advisories go to a private mailing list of named contacts at every customer. Public advisories (post-fix) go on globemeet.in/security.