glean Logo
glean

Privacy Policy

Effective Date: October 8, 2025

Last Updated: October 8, 2025

This Privacy Policy is effective as of October 8, 2025 and supersedes all prior versions. We reserve the right to update this policy as our Services evolve.

Introduction

Glean IP Holdings Inc. ("Glean," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our personal finance application and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

Our Core Privacy Principles:

  • We never sell your financial data. Period.
  • We don't use your data for advertising. We don't serve ads or share your data with advertisers.
  • You control your data. You can export or delete your data at any time.
  • Bank-level security. We use industry-leading encryption and security measures.

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. How We Share Your Information
  4. 4. Third-Party Services
  5. 5. Data Security
  6. 6. Data Retention
  7. 7. Your Rights and Choices
  8. 8. Children's Privacy
  9. 9. California Privacy Rights (CCPA)
  10. 10. International Users
  11. 11. Changes to This Privacy Policy
  12. 12. Contact Us

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

  • Name
  • Email address
  • Password (encrypted and never stored in plain text)
  • Phone number (optional)
  • Profile information

Financial Account Connection Information:

When you connect your financial accounts through our third-party service provider (Plaid Inc.), we receive:

  • Financial institution name
  • Account type (e.g., checking, savings, credit card)
  • Account nickname
  • Last four digits of account number
  • Account balance
  • Transaction history (merchant name, amount, date, category, location)
  • Account holder information associated with your financial accounts

IMPORTANT: We do NOT store your bank login credentials (username and password). These credentials are handled securely by Plaid and are never transmitted to or stored by Glean.

User-Generated Content:

  • Custom merchant names
  • Transaction notes
  • Tags and categories
  • Budget settings
  • Financial goals
  • Comments and feedback

1.2 Information Collected Automatically

Usage Information:

  • Pages visited within the Services
  • Features used
  • Time spent on the Services
  • Interaction with charts and visualizations
  • Search queries within the Services

Device Information:

  • Device type (computer, mobile device, tablet)
  • Operating system and version
  • Browser type and version
  • IP address
  • Device identifiers
  • Mobile carrier (for mobile apps)
  • Time zone and language settings

Location Information:

  • We may collect approximate location information from your IP address to provide localized services (e.g., merchant information, currency formatting)
  • We do NOT collect precise GPS location data

1.3 Cookies and Tracking Technologies

What We Use:

  • Essential Cookies: Required for authentication and core functionality
  • Performance Cookies: Help us understand how users interact with our Services
  • Preference Cookies: Remember your settings and preferences

What We DON'T Use:

  • Advertising cookies
  • Cross-site tracking for marketing purposes
  • Third-party advertising networks

Your Control: You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

Analytics: We use analytics services (such as Vercel Analytics, Google Analytics, and Supabase Analytics) to understand aggregate usage patterns. These services are configured to respect user privacy and do not track individual users for advertising purposes.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Providing and Improving Our Services

  • Create and manage your account
  • Sync and display your financial transactions
  • Categorize transactions automatically
  • Provide spending analytics and insights
  • Generate charts, reports, and visualizations
  • Detect and alert you about recurring subscriptions
  • Identify vendors and merchants
  • Enable budget tracking and financial goal setting
  • Provide month-over-month spending comparisons

2.2 Communication

  • Send you transactional emails (account verification, password resets, etc.)
  • Respond to your support requests
  • Send important service updates and security notifications
  • Send optional product updates and tips (you can opt out)

2.3 Security and Fraud Prevention

  • Detect and prevent fraudulent activity
  • Monitor for security incidents
  • Verify your identity
  • Protect the rights and safety of Glean and our users

What We DON'T Do:

  • ❌ We do NOT use your financial data for advertising purposes
  • ❌ We do NOT sell or rent your personal information to third parties
  • ❌ We do NOT share your data with marketers or advertisers
  • ❌ We do NOT use your identifiable financial data to train AI models that are shared with or sold to third parties
  • ❌ We do NOT share your data with data brokers

What We MAY Do with Anonymized Data:

  • ✅ We may use aggregated and anonymized data (data that cannot identify you) to improve our internal machine learning models for features like transaction categorization, merchant identification, and spending insights
  • ✅ Such anonymized data is used solely to enhance our Services and is never used to identify individual users

3. How We Share Your Information

We share your information only in the following limited circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf:

  • Plaid Inc. – Financial data aggregation and bank connectivity
  • Supabase – Database hosting, authentication, and cloud infrastructure
  • Vercel – Application hosting and delivery
  • Email service providers – Transactional email delivery
  • Customer support tools – To provide customer service

Important: All service providers are contractually obligated to protect your data and may only use it to provide services to us. They cannot use your data for their own purposes.

3.2 Other Users (With Your Permission)

If you use our family/household features and invite other users to your workspace:

  • Members of your workspace can view shared financial data
  • Each workspace member has their own login credentials
  • You control who has access to your workspace

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoena, court order, etc.)
  • Government or regulatory requests
  • Requests from law enforcement
  • To protect the rights, property, or safety of Glean, our users, or the public
  • To enforce our Terms of Service

4. Third-Party Services

4.1 Plaid Inc.

We use Plaid Inc. to connect to your financial institutions and retrieve your financial data. When you link a financial account:

  • Plaid handles your bank credentials securely – We never see or store your bank login credentials
  • Plaid accesses your financial data – Account balances, transactions, and account details
  • Plaid's security – Plaid uses bank-level encryption and security measures
  • Plaid's privacy policy applies – Your interactions with Plaid are governed by Plaid's End User Privacy Policy, available at https://plaid.com/legal/

Important: Plaid is certified under industry security standards (SOC 2, ISO 27001). You can revoke Plaid's access at any time through your bank or through Glean. Plaid does not sell or rent your personal financial information.

4.2 Supabase

We use Supabase for database hosting, authentication, and cloud infrastructure:

  • Your data is encrypted at rest using AES-256 encryption
  • Data is encrypted in transit using TLS 1.2+
  • Supabase's privacy policy is available at https://supabase.com/privacy

5. Data Security

We take the security of your information seriously and employ multiple layers of protection:

5.0 Financial Data Protection Standards

While Glean is not a financial institution under the Gramm-Leach-Bliley Act (GLBA), we recognize the sensitive nature of financial information and implement security safeguards that meet or exceed GLBA requirements. This includes:

  • Administrative safeguards (employee training, access controls)
  • Technical safeguards (encryption, secure authentication)
  • Physical safeguards (secure data centers, access logging)

Our approach to financial data security follows industry best practices established for banks and financial institutions.

5.1 Encryption

  • Data in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
  • Data at rest: All data stored in our databases is encrypted using AES-256 encryption
  • Password security: Passwords are hashed using industry-standard algorithms and are never stored in plain text

5.2 Access Controls

  • Strict access controls limit who can access user data
  • All access to user data is logged and monitored
  • Multi-factor authentication is required for administrative access
  • Role-based access control (RBAC) restricts data access based on job function

Two-Factor Authentication

Given the sensitive nature of financial data, we provide two-factor authentication (2FA) for all user accounts. We strongly recommend enabling this feature in your account security settings.

Important: While we implement strong security measures, no system is completely secure. You can help protect your account by:

  • Using a strong, unique password
  • Enabling two-factor authentication
  • Not sharing your password with others
  • Logging out after using the Services on shared devices
  • Keeping your devices and software updated

6. Data Retention

6.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide you with our Services.

Retention Periods:

  • Account information: Retained while your account is active
  • Financial data: Retained while your account is active, or until you disconnect the financial institution
  • Transaction history: Retained while your account is active
  • Usage data: Retained for up to 2 years for analytics purposes

6.2 Deleted Accounts

When you delete your account:

  • We permanently delete your account information and financial data within 90 days
  • Some information may be retained for longer if required by law or to:
    • Resolve disputes
    • Enforce our Terms of Service
    • Comply with legal obligations (e.g., tax records, fraud prevention)
    • Protect against fraudulent or illegal activity

Backup Systems: Deleted data may persist in backup systems for up to 90 days before being permanently purged.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access Your Information

  • View your account information in your Glean account settings
  • Request a copy of your personal information by contacting support@glean.ai

7.2 Delete Your Information

  • Delete your account at any time through your account settings
  • Upon deletion, your data will be permanently removed within 90 days
  • Some data may be retained as described in Section 6.2

7.3 Export Your Data

Export your data in machine-readable formats (CSV or JSON). Your export includes all data categories:

  • Transaction history (all fields including custom names, notes, tags)
  • Account information
  • Budget settings and goals
  • Vendor/merchant data
  • Categories and tags you've created
  • User preferences and settings

Access the export feature in your account settings. Exports are generated instantly for accounts with standard transaction volumes.

7.4 Opt-Out of Communications

  • Marketing emails: Unsubscribe using the link in any marketing email
  • Product updates: Opt out in your account notification settings

Note: You cannot opt out of transactional or security-related emails (e.g., password resets, security alerts)

8. Children's Privacy

Glean is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@glean.ai. We will delete such information promptly.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request that we disclose:

  • The categories of personal information we collected about you
  • The categories of sources from which we collected your personal information
  • The business or commercial purpose for collecting your personal information
  • The categories of third parties with whom we share your personal information
  • The specific pieces of personal information we collected about you

9.4 Right to Opt-Out of Sale or Sharing

We do not sell your personal information.

For purposes of the CCPA, "selling" can include certain data sharing for online advertising. We do not engage in this practice with your financial data or personal information.

9.8 How to Exercise Your Rights

To exercise your CCPA rights:

  • Email: support@glean.ai with "CCPA Request" in the subject line
  • In-App: Use the "Request Data" or "Delete Account" options in account settings

We will verify your identity before responding to your request. We will respond to verifiable requests within 45 days.

10. International Users

Glean is based in the United States. If you are accessing our Services from outside the United States, please be aware that:

  • Your information will be transferred to, stored, and processed in the United States
  • The United States may not have the same data protection laws as your jurisdiction
  • By using our Services, you consent to the transfer of your information to the United States

European Economic Area (EEA), UK, and Switzerland:

If you are in the EEA, UK, or Switzerland, we will comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). We rely on the following legal bases for processing your information: Contract, Consent, Legitimate Interests, and Legal Obligation. You have additional rights under GDPR, including the right to lodge a complaint with your local supervisory authority.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • We will post the updated Privacy Policy on this page
  • We will update the "Last Updated" date at the top
  • For material changes, we will notify you via:
    • Email to the address associated with your account
    • Prominent notice in the Services
    • In-app notification

Your Continued Use: Your continued use of our Services after changes to this Privacy Policy constitutes your acceptance of the updated policy.

Opt-Out: If you do not agree with the updated Privacy Policy, you may delete your account.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Glean IP Holdings Inc.

Email: support@glean.ai
Privacy Inquiries: privacy@glean.ai
Security Issues: security@glean.ai

Response Time: We will respond to your inquiry within 30 days.

Additional Information

Security Incident Reporting

If you believe you have discovered a security vulnerability, please report it to security@glean.ai. We take security reports seriously and will investigate promptly.

Accessibility

If you have a disability and need this Privacy Policy in an alternative format, please contact support@glean.ai.