Effective Date: April 2026
At Glyph, the security of your artifacts and knowledge graph is our foremost priority. We employ defense-in-depth methodologies to ensure your data remains completely private, immutable to tampering, and perpetually available to you alone.
All data traversing into and out of Glyph is secured using enterprise-grade TLS (Transport Layer Security) protocols. Your individual workspace payloads are encrypted at-rest using AES-256 standard symmetric keys managed solely by the platform.
In addition to relying on robust password hashing configurations (e.g., Argon2 or bcrypt), Glyph supports Multi-Factor Authentication (MFA). A verified 8-digit PIN verification step is strictly required via secure out-of-band delivery whenever new geographic locations are detected.
Workspaces use rigorous Role-Based Access Control (RBAC). Only explicitly provisioned identifiers are structurally granted read or write permissions to private artifacts, isolated fully at the database query layer.
Glyph servers are continually protected against known exploitation vectors. We enforce strict Cross-Site Request Forgery (CSRF) protections, Content Security Policies (CSP), and rigorously defined Cross-Origin Resource Sharing (CORS) limits to prevent malicious injection.
If you have discovered a potential vulnerability within the Glyph Web Application, please reach out to our secure disclosure team directly before publishing. We will investigate appropriately and patch reported concerns.