Privacy Policy

1. Data Controller

For the purposes of the GDPR, the Data Controller responsible for your personal data is:

2. Information We Collect

We collect the following types of information:

• Account Data: Name, email address, and password hash.
• User Content (Inputs): Text prompts, images, and brand assets you upload to generate content.
• Usage Data: Device info, IP address, and interaction logs (via PostHog and Google Analytics).

3. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

• Performance of Contract: To provide the Service, generate content, and manage your account.
• Legitimate Interests: To improve our platform via analytics, prevent fraud, and ensure security.
• Consent: For specific marketing communications (which you can withdraw at any time).
• Legal Obligation: To comply with tax and accounting laws in Estonia.

4. AI Processing and Content Generation

We use third-party Large Language Models (LLMs) to provide our core generative features.

• Providers: We utilize APIs from Google (Gemini) and Anthropic (Claude).
• Data Privacy: When you generate content, your Input is sent to these providers via API. We have configured our agreements with these providers to ensure they do not use your data to train their foundation models.
• Our Stance: Glad AI does not use your User Content to train our own internal AI models. Your data remains isolated to your workspace context.

5. Data Processors and Third Parties

We share data with third-party service providers ("Data Processors") who help us operate. These include:

• AI Providers: Google (Gemini) and Anthropic (for content generation).
• Analytics: Google Analytics and PostHog (for usage analysis and debugging).
• Hosting & Database: [e.g., Vercel, AWS, or Supabase] (for storing data).
• Payment Processing: [e.g., Stripe] (we do not store card details).

6. International Data Transfers

Some of our service providers (including Google, Anthropic, and PostHog) may process data outside the European Economic Area (EEA), specifically in the United States.

We ensure that such transfers are protected by appropriate safeguards, such as the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain your personal data only as long as your account is active or as needed to provide the Service. If you delete your account, we delete your User Content immediately, though we may retain basic billing records for 7 years as required by Estonian accounting laws.

8. Your Rights (GDPR)

As a user in the EEA, you have the following rights:

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Ask us to delete your data.
• Right to Restriction: Request we temporarily stop processing your data.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests.

To exercise these rights, email us at info@iamglad.ai. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

9. Cookies and Tracking

We use necessary cookies to make the app work. With your consent, we use analytics cookies (Google Analytics, PostHog) to understand how you use the Service. You can manage your cookie preferences via our Cookie Banner or browser settings.

10. Contact Us

If you have questions about this policy or your data, please contact us at: