Security at Glovo

As a provider of products for many users across the Internet, we recognize how important it is to help protect user privacy and security. We understand that secure products are essential to provide trust to our users and we keep effort to improve that security with our teams

Hosting

Our data centers are hosted by Amazon Web Services (AWS). As such, they are continuously audited with certifications from accreditation bodies across geographies and verticals.

Our application architecture, database encryption, and access are secured, controlled, audited, and monitored by our in-house engineers.

Up-To-Date Infrastructure And Vulnerability Reporting

We keep our infrastructure updated with scheduled security maintenance updates, as well as applying any patches that are recommended to be rolled out immediately.

Similarly, we patch our application code very quickly when vulnerabilities are discovered. That's why we’re committed to set the new standard of trust online, and we look forward to working with the security community to find security vulnerabilities in order to keep our users safe.

If you believe you have discovered a vulnerability in any Glovo product you can report it through our vulnerability program.

Proactive Monitoring

We use redundant, world-wide monitoring services to monitor Glovo’s infrastructure 24x7x365. Any errors or other abnormalities trigger automatic alarms and we proactively work on fixing any issues detected.

Reliable and secure service you can trust

We follow globally recognised information security standards for Information Security Management Systems (ISMS). Our security measures include:

  • encryption of data;
  • security controls which protect our infrastructure from external attack and unauthorised access; and
  • internal policies setting out our data approach and training for employees

GDPR

We respect the privacy rights of users and recognize the importance of protecting the information of our customers. Our privacy policy explains how information (including personal data as defined under GDPR) is collected, retained, used, disclosed and transferred by Glovo and the available choices you have with regard to your personal information.

PCI DSS

PCI DSS Level 1 compliance demonstrates that Glovo has a robust PCI DSS compliant operating model, which we have built over the years. Our ongoing PCI DSS Level 1 compliance is validated on an annual basis by a skilled external audit team against the requirements of the standard.