See Gimlet at ALA 2026 - Booth #1524 Learn More
Security & Trust
Gimlet is a hosted library statistics and service-tracking application operated by Sidecar Publications LLC. This page summarizes Gimlet's current approach to security, hosting, privacy, backup and recovery, and incident response for prospective and current clients.
Gimlet is intended for low-risk institutional and operational data. It is appropriate for use where access is restricted to authorized staff and employees, but it is not designed for restricted or highly restricted data.
We recommend that clients do not store personally identifiable information, regulated data, or other sensitive confidential material in Gimlet's free-text fields.
To reduce risk, Gimlet offers a feature called Privacy Guard. Privacy Guard can periodically remove full-text data from the application while preserving the statistical counts and reporting value that clients need.
Learn more: gimlet.us/support/privacy-guard
All data transmitted to and from Gimlet is protected with TLS over HTTPS. The application is configured to enforce secure transport headers, including HSTS.
Customer data is stored in secured production infrastructure. Where enabled by the hosting provider, data at rest is protected using provider-managed encryption for storage volumes and backup snapshots, typically using AES-256.
Gimlet protects data in use through application authentication, authorization, least-privilege administrative access, and secured production infrastructure. Gimlet does not currently claim confidential-computing or hardware-based memory-encryption features such as SEV-ES.
Access to Gimlet is restricted to authorized users within each subscribing organization. Gimlet supports account-based access control and separate privileged accounts.
Microsoft Entra ID Single Sign-On is available at Gimlet's Max tier.
Current operational support vendors include AppSignal, UptimeRobot, and Fathom Analytics.
Gimlet maintains hourly and nightly database snapshots in cloud infrastructure. Backup and disaster recovery workflows are designed to support restoration of service onto a new virtual machine through automation.
Clients may export their data from Gimlet at any time.
Sidecar Publications LLC maintains an incident response process for Gimlet. If an incident is detected that may affect client information or interconnected systems, affected clientele will be notified promptly upon onset of the incident.
As appropriate to the event, Sidecar Publications LLC will share diagnosis, remediation status, and root-cause or post-mortem information after investigation and resolution.
Gimlet uses dependency and vulnerability monitoring as part of its security practice, including GitHub Dependabot alerts and routine maintenance. Weekly vulnerability scanning has also been part of prior customer questionnaire responses.
Sidecar Publications LLC is a small company operated by two co-founders. Gimlet has served libraries for many years and maintains cyber insurance and errors & omissions coverage.
Gimlet is designed for practical, staff-facing operational use in libraries and related institutions, with an emphasis on clarity, low overhead, and responsible handling of lower-risk data.
This page is intended to provide a practical summary for prospective and current clients conducting vendor review. Clients with additional questions may contact Sidecar Publications LLC for follow-up.