Glean · Glean Privacy Policy

Cross-Border Data Transfers

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Glean stores and processes data in the US and other countries, and for EU/UK users, it relies on Standard Contractual Clauses to make those transfers legally compliant.

Consumer impact (what this means for users)

If you use Glean in the EU or UK, your personal work data is transferred to and stored in the United States, which is subject to US government surveillance laws and requires legal protections (SCCs) that must be actively maintained.

Cross-platform context

See how other platforms handle Cross-Border Data Transfers and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Cross-border data transfers to the US remain a live compliance risk post-Schrems II, and reliance on SCCs requires documented supplementary measures — any gap in this process exposes both Glean and its enterprise customers to GDPR enforcement.

View original clause language
Glean may transfer your personal data to countries outside your home country, including to the United States, where our servers and central database are operated. When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Chapter V (Articles 44–49) governs international transfers; Article 46(2)(c) authorizes transfers under SCCs. The EU-US Data Privacy Framework (DPF, adequacy decision July 2023) provides an alternative mechanism for US companies that self-certify. UK International Data Transfer Agreements (IDTAs) apply post-Brexit. Swiss Federal Act on Data Protection (nFADP, effective September 2023) applies to Swiss transfers. The CJEU Schrems II decision (C-311/18) remains controlling precedent requiring supplementary measures analysis.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC enforces EU-US Data Privacy Framework compliance for self-certified US companies; violations of DPF commitments are enforceable as deceptive practices under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
Glean Privacy Policy
Entity
Glean
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004386
Document ID
CA-D-00505
Evidence Provenance
Source URL
https://www.glean.com/privacy-policy
Wayback Machine
View archived versions →
SHA-256
bf35161360eff21ce3dcd83598198afb291214ea440a7d5ff199884f65aef203
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Glean | Document: Glean Privacy Policy | Record: CA-P-004386
Captured: 2026-04-30 09:15:11 UTC | SHA-256: bf35161360eff21c…
URL: https://conductatlas.com/platform/glean/glean-privacy-policy/cross-border-data-transfers/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document