1. What we collect
You provide: email (required), name, avatar, company, role, phone, address, org/project profiles and settings.
Generated by the system: chat transcripts and metadata, project/state, usage metrics (tokens, tool calls, web lookups), documents and versions, vector embeddings (for search), logs.
Auth: Google OAuth, session/JWT identifiers.
Files: stored in cloud object storage with signed URLs.
2. How we use data
- To provide, secure, and improve the Service; to troubleshoot and prevent abuse.
- To power AI features using contracted AI providers; we do not permit those providers to train their general models on your data unless you explicitly opt-in via settings or contract.
- To communicate product updates and security notices. Marketing emails are opt-in and include unsubscribe.
3. Third-party processing (subprocessors)
We use:
- AI: contracted AI model providers
- Infrastructure: hosting, authentication, databases, caching
- Communications: real-time voice services
- Email: transactional email provider
We share only what's necessary for the stated purpose, under data-protection terms with each provider. A current list of subprocessors is available upon request and may be updated from time to time.
4. International transfers
All personal data is stored in cloud infrastructure located in the United States (AWS us-west-2). Authorized personnel may access systems from the United States and Japan; all such access is subject to access controls and is logged. If international transfers require additional safeguards in the future, we will implement recognized mechanisms (e.g., Standard Contractual Clauses) and conduct transfer risk assessments as applicable.
5. Retention & deletion
Operational logs: typically ≤ 90 days unless needed for security or legal holds.
Customer content: retained for your active subscription. On termination or request, we delete or return data and delete backups after a defined window (e.g., 30–90 days). Timelines appear in your order form or DPA.
6. Your rights
Subject to applicable law, you can request access, correction, deletion, restriction, portability, and objection. Contact privacy@glidely.ai. Where we act as processor, we'll help your organization fulfill end-user requests.
7. Law enforcement requests
We may disclose personal data when required by applicable law, court order, or valid legal process. Where legally permitted, we will notify the affected customer before complying with such a request. We will disclose only the minimum data required to satisfy the legal obligation.
8. Children
We do not target or knowingly collect data from children under 13.
9. Changes
We'll post updates and provide advance notice of material changes. Continued use after the effective date indicates acceptance.