Trust is not a product feature.
It is the platform.
glomotec exists to make global mobility move faster, safer, and more transparently. That commitment shapes how the platform handles client information, runs compliance checks, and operates across the jurisdictions where it serves clients and partners.
This page sets out how glomotec handles the trust placed in it.
Information,
treated like infrastructure.
All client information is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using industry-standard AES-256. Database backups inherit the same encryption posture as production data.
Access to client information follows least-privilege principles. Authenticated services use scoped credentials. Internal access is audited. Personally identifiable information is segregated from operational telemetry.
Information is retained only as long as the engagement, regulatory obligation, or legitimate business requirement justifies. Deletion requests are honoured in line with the applicable data protection regime in the client's jurisdiction.
glomotec operates infrastructure in regions aligned with where clients are served. Data residency requirements for institutional engagements are accommodated through dedicated provisioning where regulation requires it.
Adverse-media screening,
before engagement begins.
Every prospective client passes through a compliance pre-check at the start of engagement. The check screens for adverse media, politically exposed persons designations, presence on global sanctions and financial enforcement lists, and any current investigation or court matter relevant to the engagement.
The pre-check is a screening exercise against publicly available sources and structured global databases. It is not a substitute for full statutory due diligence on regulated transactions, which is performed separately where the engagement requires it.
Each cleared client receives a formal Compliance Pre-Check report documenting the findings. The report is dated, references the sources reviewed, and is signed by glomotec's compliance function.
Adverse media, PEP indicators, sanctions and enforcement-list screening, current investigations or court matters, fraudulent identification.
Publicly accessible media records, structured open-source databases, sanctions and enforcement registers maintained globally.
A formal Compliance Pre-Check report, dated, signed by glomotec's compliance function, retained as part of the engagement record.
Operating inside the regulation,
across three jurisdictions.
Compliance with applicable state privacy frameworks including CCPA and VCDPA. Sanctions screening cross-referenced against current OFAC consolidated lists. Federal anti-money-laundering frameworks observed for in-scope engagements.
UK GDPR compliance for data subjects in the United Kingdom. Sanctions screening against the UK consolidated list maintained by HM Treasury. Cross-border mobility and residency engagements operate within the regulatory framework administered by the Home Office.
Personal Data Protection Law (PDPL) compliance for data subjects in the United Arab Emirates. Sanctions screening against the UAE Local Terrorist List and UN consolidated lists. Mainland and free-zone structures observed where engagements operate within them.
Standard Contractual Clauses for international transfers. Adequacy decisions respected where issued. Data residency options available for institutional engagements with jurisdictional requirements.
Control over the information
you share with glomotec.
Request a copy of the information glomotec holds about you. We respond inside the timelines set by the applicable data protection regime.
Request correction of inaccurate or incomplete information. Updated records flow through to all platform components handling that information.
Request erasure where retention is no longer justified. Subject to regulatory or legitimate business obligations that may require continued retention.
Receive a structured copy of your information in a portable format, where the regime supports it.
Object to processing that relies on legitimate interests. Marketing communications can be opted out of at any time without affecting the service.
Raise a concern with the supervisory authority in your jurisdiction. We encourage contact with our team first so we can address the matter directly.
Trust questions,
go to a human.
Trust, compliance, and data-protection questions are handled by glomotec's compliance function. We respond inside the timelines required by the applicable regime, and sooner where the matter is urgent.
For the formal data-protection contact relating to your jurisdiction, see the Privacy Policy. For general trust questions, write to the address below.