GlassFrog is hosted on AWS and we use SSL to protect the traffic going from your browser to our servers (https://www.ssllabs.com/ssltest/analyze.html?d=app.glassfrog.com).
We are using New Relic (https://docs.newrelic.com/docs/accounts-partnerships/accounts/security/data-security) and Paper Trail (http://help.papertrailapp.com/kb/how-it-works/why-should-i-trust-you/) outside services to monitor our application and collect log data.
A limited number of people within HolacracyOne have access to the data for an organization using the GlassFrog application. Anyone with that level of access must be a HolacracyOne team member and legally bound to the HolacracyOne non-disclosure agreement.
Full or partial data dumps of the GlassFrog database are stored on encrypted drives. A limited number of engineers who are also HolacracyOne team members have access to the data dumps.
At HolacracyOne we have most of our Governance and Tactical records publicly visible (an option available for organizations to activate at their own discretion). As we still want to keep some information private, we use links to documents stored in Google Drive instead of putting that data in the notes in GlassFrog. If you want to make your organization publicly visible, we recommend that you keep your private data on Google Drive or another dedicated storage service.
You may also name your Circles, Roles, Projects and Policies with names that do not reveal your most sensitive IP. In addition, projects can be marked as "private to circle", which will stop them from being publicly visible, even if that setting is turned on for your organization.