Security and compliance

Your client data is sensitive. We treat it that way. This page describes the concrete measures we use to protect it.

Book a demo

Data hosting & residency

All data is stored in UK-based data centres
Data centres hold appropriate security certifications
No data transferred outside the UK unless explicitly required and agreed

Encryption

AES-256 encryption for data at rest
TLS 1.3 for data in transit
Encryption applied across all client data and system communications

Access control & authentication

Role-based permissions to control who can see and edit what
User-level access logging for audit purposes
Session management with automatic timeout

Backups & availability

Automated daily backups with 30-day retention
Point-in-time recovery for database restoration
Infrastructure monitoring with alerting

GDPR & privacy

Built with UK GDPR and data protection requirements in mind
Full data export at any time in standard formats (CSV, JSON)
Documented incident response procedures with 72-hour breach notification
Privacy policy available at /legal/privacy

Subprocessors

We use a limited number of third-party subprocessors for infrastructure and service delivery. All subprocessors are contractually bound to appropriate data protection obligations. A current list of subprocessors is available on request—contact us at hello@glimzer.com.

Built for regulated firms

Features designed specifically for FCA-regulated advice firms.

Complete audit trails for all user actions and data changes
Document version control with full history
Time-stamped records for compliance demonstrations
Secure client communication logging
Built-in workflows for regulatory requirements
Book a demo

See how Glimzer works for your firm

Learn more about the platform and how it supports regulated advice firms.

CRM for financial advisers

Pipeline, client servicing, and compliance for UK IFA firms.

CRM for mortgage & protection advisers

Lead tracking and case management for mortgage workflows.

Frequently asked questions

Where is my data stored?

All data is stored in UK-based data centres with appropriate security certifications. We do not transfer data outside the UK unless explicitly required and agreed.

Can I export my data?

Yes. You can export all your data at any time in standard formats (CSV, JSON). This supports both GDPR requirements and ensures you always have access to your own data.

How do you handle data breaches?

We have documented incident response procedures. In the unlikely event of a breach, we would notify affected customers within 72 hours as required by GDPR, and provide full details of the impact and remediation steps.

How often do you back up data?

Automated backups run daily with 30-day retention. We also maintain point-in-time recovery capabilities for database restoration.

Can I get a detailed security overview?

Yes. Contact us to request a detailed overview of our security practices, architecture, and data handling procedures. We are happy to discuss specifics with prospective and existing customers.

Questions about security?

We're happy to discuss our security practices in detail.

Book a demoRequest security overview