7 Total
3 High severity
4 Medium severity
0 Low severity
Summary

This privacy policy establishes Glassdoor's data collection, use, and sharing practices for Glassdoor.com and Fishbowlapp.com. The policy authorizes collection of sensitive personal information categories including race, sexual orientation, disability status, and religion, and establishes data sharing with employers, advertisers, affiliated companies including Indeed, and analytics providers. Users may modify privacy settings within their accounts and, depending on jurisdiction, submit requests to access, delete, or restrict processing of personal data through Glassdoor's privacy request portal.

Technical / Legal Breakdown

This document is Glassdoor LLC's Privacy Policy (revised April 22, 2026), governing personal data processing across Glassdoor.com and Fishbowlapp.com, with Glassdoor LLC designated as data controller and separate GDPR representatives named for the UK (Glassdoor Global Ltd.) and EU (Glassdoor Hiring Solutions Ireland Ltd.). The policy states that Glassdoor collects an extensive range of personal data categories including demographics (race/ethnicity, sexual orientation, disability, religion), job applications, direct messages, profile information, and behavioral/usage data, and the terms authorize sharing this data with affiliates (including Indeed and Indeed Flex), employers, advertising partners, data analytics providers, and other third parties for purposes including targeted advertising, service improvement, and research. Notably, the policy covers sensitive personal information categories such as racial/ethnic origin, sexual orientation, health data (disability status), and religion under both GDPR Special Category Data and US state-law Sensitive Personal Information frameworks, which imposes heightened consent and processing obligations that the policy does not exhaustively detail within its visible text; the scope of data sharing with employers and advertising partners in the context of a platform where users may post anonymously creates meaningful re-identification risk not fully addressed in the document. The policy engages GDPR (with named EU and UK representatives), US state privacy laws including CCPA/CPRA for California residents, and potentially other state frameworks; applicable law or regulatory guidance may limit how broadly asserted data sharing and processing rights apply in practice, particularly for sensitive data categories, and compliance obligations will vary materially by jurisdiction.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

3 important changes detected

4 versions captured · Last updated: July 2026

What changed Glassdoor's privacy policy was updated on July 2, 2026, with several administrative and organizational changes. The policy now identifies Indeed, Inc. as the data controller instead of Glassdoor LLC, and expands the definition of Glassdoor affiliates to include other Indeed services and entities. The UK and EU GDPR representative entries were removed, and minor formatting adjustments were made to data category listings and punctuation throughout the document. These changes reflect Glassdoor's corporate restructuring under Indeed ownership but do not materially alter the types of data collected or how user information is processed.
Why this matters The updated policy reorganizes Glassdoor's corporate structure under Indeed, Inc.'s data controller role. This is an administrative restructuring rather than a functional change to what data is collected or how it is used. The removal of UK and EU GDPR representative contact information may affect how users in those regions submit data subject access requests or GDPR-related inquiries, though applicable law likely still requires appropriate representation under GDPR regardless of whether it is listed in the policy. The policy continues to authorize collection of the same categories of data: profile information, job application details, employment preferences, communications, and service activity.
View full change record →
What changed Glassdoor updated its privacy policy on April 23, 2026 to add specific rights for individuals whose data is transferred under the Data Privacy Framework, a U.S.-EU data transfer agreement. The new language confirms that EU, UK, and Swiss users can request access to their personal data, correct or delete it, and opt out of data sharing with third parties. The policy also clarifies complaint resolution procedures and response timelines for data deletion requests.
Why this matters The updated policy grants EU, UK, and Swiss residents explicit rights to request access to their personal data held by Glassdoor in the United States, and to correct, amend, or delete that data. Glassdoor commits to responding to deletion requests within a reasonable timeframe and to obtaining explicit consent before sharing sensitive data with third parties or using data for purposes beyond the original collection. You can exercise these rights by following the instructions in the 'Controlling Your Personal Data' section of the policy.
View full change record →

March 19, 2026 high

Glassdoor removed several data access and control rights from its privacy policy on March 19, 2026. Previously, the policy stated users could correct, amend, or delete personal information, could request …

View change record →

Recent Provision Changes Jul 2, 2026

Added (1)
Communications Activity Tracking Medium

This new provision reveals granular tracking of user engagement with communications including opens, clicks, and address book data, expanding transparency about behavioral monitoring beyond previous 'Behavioral Tracking and Inference Data' provision.

Removed (1)
Behavioral Tracking and Inference Data

This provision was removed and replaced with more detailed 'Communications Activity Tracking' provision, potentially narrowing the stated scope of behavioral tracking to communications-specific activities only.

Modified (6)
Sensitive Personal Information Collection

Previous version had empty excerpt; current version now provides detailed enumeration of specific sensitive data categories collected including race, sexual orientation, disability, religion, and other protected classifications.

Data Sharing With Employers and Advertising Partners

Previous version had empty excerpt; current version now specifies that data sharing practices may change with service modifications and clarifies consequences of not providing personal data.

Affiliate Data Sharing (Indeed and Indeed Flex)

Previous version had empty excerpt; current version now explicitly names Indeed and Indeed Flex as affiliates and references a Privacy Center for more information.

GDPR Data Controller and Representative Designation

Renamed from 'GDPR Dual-Representative Structure' with empty excerpt to current version that explicitly designates Glassdoor LLC as data controller and names specific UK and EU GDPR representatives.

Job Application Data Collection

Previous version had empty excerpt; current version now details specific job application data collected including resumes, interactions, and classifies it as special category data.

View full change record →
High — 3 provisions
Medium — 4 provisions

Monitoring

Glassdoor has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Data Sharing with Employers and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
CAN-SPAM
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
VPPA
United States Federal
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured July 2, 2026 00:16 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000156
Version ID CA-V-004396
SHA-256 fcdb86510256509e0ae9d01fa822f0a90c3cd3d1c660b4c95b6a32023e2d20ef
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans