Glean Privacy Policy

This is Glean's privacy policy explaining how the company collects and uses your data when you use its AI-powered workplace search and assistant tool at work. The most important thing to know is that if you use Glean through your employer, your company — not you — controls your data, so requests to access or delete your personal information must go through your employer rather than directly to Glean. If you have concerns about how your workplace data is being used, start by contacting your employer's IT or privacy team.

This document is Glean Technologies, Inc.'s Privacy Policy governing the collection, use, storage, and sharing of personal data by Glean's enterprise AI work assistant platform, operating under a B2B model where Glean acts primarily as a data processor on behalf of corporate customers who are the data controllers. The most significant obligation the document creates is that Glean collects and processes substantial categories of workplace data — including user queries, documents accessed, behavioral activity, and content from connected enterprise applications — and the individual employee's primary data rights (access, deletion, correction) must be exercised through their employer, not directly with Glean. A notable and potentially high-risk provision is that Glean indexes and processes the content of enterprise documents and communications to train and improve its AI models, and individual employees have limited direct recourse against Glean for data practices since their employer controls the data relationship. The policy engages GDPR (with Glean acting as processor under Article 28, requiring Data Processing Agreements), CCPA/CPRA (California residents have enumerated rights with Glean identifying itself as a service provider), and various international frameworks including the UK GDPR and APEC Privacy Framework. Material compliance considerations include ensuring corporate customers have executed appropriate DPAs with Glean, that employee notice obligations are met by the employer-controller, and that AI model training data use is disclosed sufficiently to satisfy GDPR transparency requirements under Articles 13 and 14.