GlobMaps Climate Intelligence

Trust & Security

Trust Center

GlobMaps is committed to security, privacy, and transparency. This page provides an overview of our security practices, compliance posture, and how to report vulnerabilities.

Security Issues

security@globmaps.com

Report vulnerabilities or security concerns

Privacy Requests

privacy@globmaps.com

Data subject rights, DSAR, consent withdrawal

Legal & Compliance

legal@globmaps.com

DPA requests, legal notices, compliance inquiries

Security

Security Practices

Encryption in Transit

All data transmitted between clients and our servers is encrypted using TLS 1.2 or higher.

Encryption at Rest

Sensitive data stored in our databases is encrypted at rest using AES-256.

Access Controls

Least-privilege access controls. Employee access to production systems is strictly limited and audited.

API Security

API keys are hashed before storage. Rate limiting and usage monitoring are enforced on all endpoints.

Security Headers

CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers are enforced.

Dependency Management

Dependencies are regularly audited for known vulnerabilities. Security patches are applied promptly.

Compliance

Compliance & Certifications

GDPR

EU 2016/679

Compliant

UK GDPR

Data Protection Act 2018

Compliant

PDPA

Thailand B.E. 2562

Compliant

CCPA/CPRA

California

Compliant

LGPD

Brazil

Compliant

DPDP Act

India 2023

Compliant

SOC 2 Type II

Target Q4 2026

In Progress

View roadmap →

ISO 27001

Target 2027

Roadmap

Vulnerability Disclosure

Vulnerability Disclosure Policy

We take security seriously. If you discover a vulnerability in GlobMaps systems, please report it responsibly.

How to Report

Email security@globmaps.com with a description of the vulnerability, steps to reproduce, potential impact, and any supporting evidence.

Our Commitment

We will acknowledge your report within 2 business days and provide an initial assessment within 7 business days.

Safe Harbour

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith through our official channel.

Out of Scope

Social engineering, physical attacks, denial of service, and vulnerabilities in third-party services outside our control.

Incident Response

Incident Response

In the event of a data breach, we notify affected users and relevant authorities within 48 hours of discovery, in accordance with GDPR Art. 33, UK GDPR, and applicable laws. Notifications include the nature of the breach, data affected, and remediation steps.