GlassFrog is hosted on AWS and we use SSL to protect the traffic going from your browser to our servers (https://www.ssllabs.com/ssltest/analyze.html?d=app.glassfrog.com).
We are using New Relic (https://docs.newrelic.com/docs/accounts-partnerships/accounts/security/data-security) and Paper Trail (http://help.papertrailapp.com/kb/how-it-works/why-should-i-trust-you/) outside services to monitor our application and collect log data.
Full or partial data dumps of the GlassFrog database are stored on encrypted drives. A limited number of engineers who are GlassFrog team members have access to the data dumps.
Organizations have the option of making their GlassFrog account publicly visible. For organizations with this setting turned on, there are options available for limiting the visibility of more sensitive items.Notes, Projects, Checklists, and Metrics may be marked "Private to Circle," which will make them visible only to circle members and account administrators. Access may also be limited by hosting documents outside of GlassFrog with access restrictions (via Google Drive or a similar dedicated storage service), and linking to them from fields within GlassFrog.