Privacy Policy | GlideForge

Controller and Contact

For account, billing, support, website, and service operation data, GlideForge is the controller. Where a business customer uploads third-party personal data into a workspace, GlideForge may act as processor for that customer.

GlideForge. Email: support@glideforge.co.uk.

Personal Data We Collect

Account data: name, email address, password/authentication metadata, account status, and workspace membership.
Workspace data: customer workspace names, story descriptions, acceptance criteria, notes, references, generated plans, implementation steps, test steps, and documents.
Billing data: Stripe customer IDs, subscription status, invoice/payment metadata, package and credit information. Stripe processes full payment details.
Support and email data: support requests, notification delivery records, replies, and message metadata.
Usage and security data: IP address, device/browser metadata, server logs, audit events, AI run records, token usage, credit usage, and error reports.
Cookie data: necessary authentication/session cookies, theme preference, and active workspace preference.

How We Use Personal Data

Purpose	Typical lawful basis
Create accounts, authenticate users, and provide the app.	Contract and legitimate interests.
Store workspaces, stories, notes, references, generated outputs, and exports.	Contract and legitimate interests.
Run AI actions through OpenAI and record AI usage.	Contract and legitimate interests.
Process payments, subscriptions, invoices, tax/payment records, and fraud checks.	Contract, legal obligation, and legitimate interests.
Send transactional emails about account, billing, support, credits, and security.	Contract, legal obligation, and legitimate interests.
Protect the service, investigate abuse, debug errors, and enforce terms.	Legitimate interests and legal obligation.
Respond to legal, privacy, support, and security requests.	Legal obligation, contract, and legitimate interests.

AI Processing

When you use AI features, GlideForge may send story text, acceptance criteria, workspace context, notes, saved references, fetched reference excerpts, prior generated output, and your question or instruction to OpenAI.

OpenAI is the active AI provider. According to OpenAI's API data controls, API inputs and outputs are not used to train OpenAI models by default unless the API customer opts in, but OpenAI may retain abuse monitoring logs and application state according to its policies.

GlideForge does not use AI to make solely automated decisions with legal or similarly significant effects about users.

Sharing and Subprocessors

We share personal data with service providers only where needed to operate GlideForge, process payments, deliver email, host the app, secure the service, provide AI features, or comply with law.

Subprocessors include Supabase, Vercel, Stripe, Resend, and OpenAI. See the Subprocessors page for details.

We do not sell personal information and do not share personal information for cross-context behavioural advertising.

International Transfers

Our providers may process data outside the UK, including in the United States and other countries. Where required, we rely on adequacy regulations, standard contractual clauses, UK international data transfer safeguards, or equivalent provider transfer mechanisms.

Retention

Account and workspace data is kept while your account is active, then deleted or anonymised within a reasonable period after closure unless we need it for legal, billing, tax, security, dispute, or backup reasons.
Billing and tax records may be kept for up to 6 years or longer where law requires.
Support requests and notification logs are generally kept for up to 3 years unless needed longer for disputes, security, or legal reasons.
Security logs and error records are kept for as long as needed to protect and operate the service.
Backups may retain deleted data for a limited period before automatic rotation.

Your Rights

Depending on where you live and the lawful basis used, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to withdraw consent where processing is based on consent.

To make a privacy request, contact support@glideforge.co.uk. We may need to verify your identity before acting on the request.

If you are in the UK, you can complain to the Information Commissioner's Office. If you are in the EEA or another region, you may have the right to complain to your local supervisory authority.

US Privacy Notice

GlideForge does not claim that every US state privacy law applies to the platform. Even so, US users may contact us to request access, correction, deletion, or information about personal data.

We do not knowingly collect personal data from children under 13 and GlideForge is not directed to minors.

Personal Data We Collect

Account data: name, email address, password/authentication metadata, account status, and workspace membership.
Workspace data: customer workspace names, story descriptions, acceptance criteria, notes, references, generated plans, implementation steps, test steps, and documents.
Billing data: Stripe customer IDs, subscription status, invoice/payment metadata, package and credit information. Stripe processes full payment details.
Support and email data: support requests, notification delivery records, replies, and message metadata.
Usage and security data: IP address, device/browser metadata, server logs, audit events, AI run records, token usage, credit usage, and error reports.
Cookie data: necessary authentication/session cookies, theme preference, and active workspace preference.

How We Use Personal Data

Purpose	Typical lawful basis
Create accounts, authenticate users, and provide the app.	Contract and legitimate interests.
Store workspaces, stories, notes, references, generated outputs, and exports.	Contract and legitimate interests.
Run AI actions through OpenAI and record AI usage.	Contract and legitimate interests.
Process payments, subscriptions, invoices, tax/payment records, and fraud checks.	Contract, legal obligation, and legitimate interests.
Send transactional emails about account, billing, support, credits, and security.	Contract, legal obligation, and legitimate interests.
Protect the service, investigate abuse, debug errors, and enforce terms.	Legitimate interests and legal obligation.
Respond to legal, privacy, support, and security requests.	Legal obligation, contract, and legitimate interests.

AI Processing

GlideForge does not use AI to make solely automated decisions with legal or similarly significant effects about users.

Sharing and Subprocessors

We share personal data with service providers only where needed to operate GlideForge, process payments, deliver email, host the app, secure the service, provide AI features, or comply with law.

Subprocessors include Supabase, Vercel, Stripe, Resend, and OpenAI. See the Subprocessors page for details.

We do not sell personal information and do not share personal information for cross-context behavioural advertising.

Retention

Account and workspace data is kept while your account is active, then deleted or anonymised within a reasonable period after closure unless we need it for legal, billing, tax, security, dispute, or backup reasons.
Billing and tax records may be kept for up to 6 years or longer where law requires.
Support requests and notification logs are generally kept for up to 3 years unless needed longer for disputes, security, or legal reasons.
Security logs and error records are kept for as long as needed to protect and operate the service.
Backups may retain deleted data for a limited period before automatic rotation.

Your Rights

To make a privacy request, contact support@glideforge.co.uk. We may need to verify your identity before acting on the request.

If you are in the UK, you can complain to the Information Commissioner's Office. If you are in the EEA or another region, you may have the right to complain to your local supervisory authority.