Privacy policy
At Glean we’re committed to being transparent and responsible in our approach to handling your personal data. If you interact with our website (including contacting us), use our software products and services, engage with us on social media, or attend one of our events, then this page is for you. Here we explain how and why we use your personal data, and what your privacy rights are. We need to let you know up front that our website and software products and services aren't intended for children. We don't knowingly collect personal data relating to children under the age of 13.
Have feedback or questions about this Privacy Policy? Reach out to us at legal@glean.co.
Have feedback or questions about this Privacy Policy? Reach out to us at legal@glean.co.
Changes to this privacy policy
Although major changes are rare, we’ll update this Privacy Policy when we need to, so that it remains accurate and up-to-date. This could be when we release new product features or when legal requirements change.
We won’t ever make big changes without letting you know first and, when necessary, we’ll get your consent. If we have your contact information in our database, we’ll send you an email about upcoming changes. If you use our software products and services, we’ll also let you know in an in-app message. You can read about important changes we’ve made to this Privacy Policy here.
Who are Glean and what do you do?
We're glad you asked! At Glean, we create, develop and sell amazing audio note-taking software products and services to people and organisations around the world. You can learn more about what we do here.
Glean is our company trading name, we were previously called Sonocent. Our business is made up of two legal entities:
- Sonocent Ltd - the parent company and Head Office, based in Leeds, UK
- Sonocent LLC - the subsidiary company, based in Florida, US
You can find full contact information for our offices here.
So that you know, Sonocent Ltd is the Data Controller of your personal data. We might also need to share your personal data with Sonocent LLC, from time to ti
Glean and the UK General Data Protection Regulation (UK GDPR)
Because we're a UK Headquartered company with lots of UK customers and website visitors, Glean must follow the rules of the UK GDPR when it comes to handling personal data. The UK GDPR is one of the most comprehensive privacy regulations in the world currently. You can learn more about this on the UK Information Commissioner's Office (ICO) website, here. With that said, at Glean, we believe that everyone, no matter where they live, deserves to have their privacy protected to the same high standard. That's why we follow the key principles of the UK GDPR for all the personal data that we handle. So whether you're in London or Washington D.C., you can expect the same treatment from us.
What are the UK GDPR principles?
What is Personal Data?
What is Data Processing?
Data Controller and Data Processor
✅Glean has a Data Sharing Agreement in place with every Data Processor that we work with. You can learn more about Data Sharing Agreements on the ICO's website here.
For the purposes of this course and website, Glean is a Data Controller.
What are the UK GDPR principles?
- Personal data processing must be lawful, fair, and transparent
- Only process personal data for specific, legitimate purposes
- Don’t process more personal data than is necessary
- Keep personal data up-to-date where possible
- Don’t keep personal data for longer than is necessary
- Process personal data securely
- Be accountable
What is Personal Data?
Any information that can be used to identify you, whether directly or indirectly. Some examples include: name, email address, Internet Protocol (IP) address, telephone number.
What is Data Processing?
It means “doing something” with personal data. This can include:
- Collecting data
- Storing data
- Changing data
- Accessing data
- Viewing data
- Moving data from one place to another
- Organising data
- Categorising data
- Sharing data
- Disclosing data
- Restricting data
- Deleting data
Data Controller and Data Processor
A Data Controller makes decisions about how and why your personal data is processed. The Data Controller should always explain the purposes of processing personal data in a Privacy Policy- like this one!
A Data Processor processes personal data on the behalf of a Data Controller, which means that it must follow the instructions given to it by the Controller. These instructions a part of the contract between the Controller and the Processor, and are usually set out in a specific Data Sharing Agreement.
✅Glean has a Data Sharing Agreement in place with every Data Processor that we work with. You can learn more about Data Sharing Agreements on the ICO's website here.
For the purposes of this course and website, Glean is a Data Controller.
What personal data does Glean collect and process?
| Personal Data collected | How and why would this be collected? | Lawful basis, including basis of legitimate interest |
| Information relating to cookies: User identifier (linked to your browsing session) Preferences (e.g. your language settings) Data about your browsing behaviour (e.g. which parts of our website you've clicked on or looked at |
We'll collect this data through our use of cookies and similar technologies. We need to collect this data so that we can deliver a website, marketing, and advertising experience that matches your chosen preferences. | Necessary to comply with a legal obligation (by law we need to let you know about our use of cookies and similar technologies). |
| First name and last name Email address Mobile telephone number (optional) College/University name (optional) |
1. If you contact us using our website contact forms, we’ll collect this data so that we can reply to your message appropriately. 2. Where we've collected your email address, we'll use it to let you know about important updates to this Privacy Notice. 3. We may also use your email address to send you marketing communications (by email) about our events, products, and services. 4. Where we've collected your mobile telephone number, we'll use it to send you marketing communications about our events, products, and services. |
1. You have given consent (you've contacted us and expect a reply). 2. Necessary to comply with a legal obligation (by law we need to let you know about legal changes to this Privacy Notice). 3. Necessary for our legitimate interests (to grow our business; to inform our marketing efforts). |
| Internet Protocol (IP) data: IP city IP country IP country code IP state/region time zone. |
We’ll collect this data automatically when you visit our website so that we understand where you’re visiting from, which pages you're visiting, and how many times you’re visiting them. This is part of our website analytics. | Necessary for our legitimate interests (we use analytics to measure the success of our website, to improve our website; to improve visitor experience; to inform our marketing efforts). |
| Geolocation (the specific geographic area from which your device is interacting with us) | We’ll collect this data automatically when you visit our website. This is so that we can localise your interaction with us. For example, we'll display our website pages in your preferred language and show you content, including pricing, appropriate to your location. | Necessary for our legitimate interests (to deliver a website experience appropriate to location; to help us improve our website; to grow and develop our business). |
| Technical data: Device type (e.g. desktop, mobile) Operating system type (e.g. Windows, iOS, Android) Browser type and version (e.g. Chrome, Edge) |
Where you contact us using the Contact Us form on our Help Center page or, the Need Help form on the Sign In page, we’ll collect this data automatically. Understanding what kind of device, operating system, and browser you’re using helps us to provide you with a better customer support experience. | Necessary for our legitimate interests (to help us to troubleshoot queries and issues effectively; to improve our customer support experience; to improve our products and services; to develop our business). |
| Glean website pages you have visited (the name of the page visited) | Where you contact us using the contact forms on our website, we’ll collect this data automatically. Understanding which pages you have visited helps us to provide you with a better customer support experience. | Necessary for our legitimate interests (to help us to troubleshoot queries and issues effectively; to improve our customer support experience; to improve our products and services; to develop our business). |
| Anything else you choose to share with us if you contact us through our website or on our social media platforms | We’ll collect this data so that we can respond to your query appropriately. | You have given consent (you've contacted us and expect a reply). |
Cookies and similar technologies
How we use cookies
We use cookies and similar technologies to help understand how you use our website and software, to remember your website / app preferences, for user authentication, to manage and track how effective our marketing efforts are, and to provide you with targeted advertising. We might also include tracking pixels, which are small graphic images, in our emails, to help us understand if our messages were opened and if any links were clicked. In some cases, as we mention below, third parties may also get the opportunity to set cookies and similar technologies.
Types of cookies we use
Performance, Analytics, Marketing
To help us understand how our website and software is being accessed, used, and how it's performing. We also use this data to maintain, operate, and continually improve our website.
Functional
These cookies let us operate our website and software in line with the choices you make. These cookies mean that when you continue to use or return to our website and software, we can provide you with an experience that matches your chosen preferences - such as remembering your login email address for a quicker login experience, and remembering any customisation you've made (e.g. that you turned on dark mode).
Third parties and Targeted Advertising
We allow trusted third parties to use cookies on or outside our website for the same purposes described in this section. We may also use service providers acting on our behalf to use cookies for the purposes described in this section, and to provide targeted advertising. This means cookies and related technologies are used to serve you targeted ads after you've visited or interacted with our website (for example, you might see an advert for Glean's software when you're using Facebook because you agreed to our use of marketing cookies).
We don't serve targeted social adverts to people under the age of 18. This means that when we set up a retargeting advertising campaign on the Facebook platform for example, we only send the advert to people over the age of 18. We use the age settings that Facebook (Meta) provides to achieve this.
Managing your cookie preferences
You can update your cookie preferences at any time by visiting https://courses.glean.co/cookies. On this page you'll see a full list of the cookies and related technologies that we use, who the provider is (where it's a third party provider), the purpose of using that specific cookie, when the cookie expires, and the type of cookie that it is e.g. HTTP cookie. This list is automatically refreshed on a monthly basis, so if we add a new type of cookie or remove a cookie, the list will update.
We need to let you know that if you refuse or disable certain types of cookies, some parts of the Glean website may become inaccessible or don't work properly.
Types of cookies we use
Performance, Analytics, Marketing
To help us understand how our website and software is being accessed, used, and how it's performing. We also use this data to maintain, operate, and continually improve our website.
Functional
These cookies let us operate our website and software in line with the choices you make. These cookies mean that when you continue to use or return to our website and software, we can provide you with an experience that matches your chosen preferences - such as remembering your login email address for a quicker login experience, and remembering any customisation you've made (e.g. that you turned on dark mode).
Third parties and Targeted Advertising
We allow trusted third parties to use cookies on or outside our website for the same purposes described in this section. We may also use service providers acting on our behalf to use cookies for the purposes described in this section, and to provide targeted advertising. This means cookies and related technologies are used to serve you targeted ads after you've visited or interacted with our website (for example, you might see an advert for Glean's software when you're using Facebook because you agreed to our use of marketing cookies).
We don't serve targeted social adverts to people under the age of 18. This means that when we set up a retargeting advertising campaign on the Facebook platform for example, we only send the advert to people over the age of 18. We use the age settings that Facebook (Meta) provides to achieve this.
Managing your cookie preferences
You can update your cookie preferences at any time by visiting https://courses.glean.co/cookies. On this page you'll see a full list of the cookies and related technologies that we use, who the provider is (where it's a third party provider), the purpose of using that specific cookie, when the cookie expires, and the type of cookie that it is e.g. HTTP cookie. This list is automatically refreshed on a monthly basis, so if we add a new type of cookie or remove a cookie, the list will update.
We need to let you know that if you refuse or disable certain types of cookies, some parts of the Glean website may become inaccessible or don't work properly.
Sensitive personal data collection (Special Category Data)
Depending on how you interact with us, there may be times where you provide us with more sensitive personal data (also called special category data). You can learn more about special category data on the ICO's website here. Examples of situations where we may collect this kind of data include; when you provide us with feedback or complete one of our surveys.
The UK GDPR requires us to have an article 6 lawful basis for processing your special category data (these are described in the tables above) and one of the conditions set out in article 9. Where Glean knows that an interaction between us will result in the sharing of special category data, the article 9 condition that we rely on is: explicit consent. This means that we'll always ask for your consent to process your special category personal data when we make a survey or feedback form available to you.
You can withdraw your consent at any time, by contacting legal@glean.co.
The UK GDPR requires us to have an article 6 lawful basis for processing your special category data (these are described in the tables above) and one of the conditions set out in article 9. Where Glean knows that an interaction between us will result in the sharing of special category data, the article 9 condition that we rely on is: explicit consent. This means that we'll always ask for your consent to process your special category personal data when we make a survey or feedback form available to you.
You can withdraw your consent at any time, by contacting legal@glean.co.
Opting out of marketing communications
You can ask us to stop sending you marketing emails at any time by following the unsubscribe link at the bottom of our email or by contacting us. This means that we'll stop using your personal data for marketing purposes.
However, we may still need to process your personal data for other purposes, for example, to provide you with our software, or to send you emails about important updates to our terms and conditions.
However, we may still need to process your personal data for other purposes, for example, to provide you with our software, or to send you emails about important updates to our terms and conditions.
Change of purpose
We'll only use your personal data for the purposes we collected it for in the first place. In rare cases, we might use it for another reason that's consistent with the original purpose. If we need to use your personal data for an unrelated purpose, we'll contact you first and explain the reason why and the legal basis which allows us to do this. There are specific circumstances where we may process your personal data without your knowledge or consent where we have to, or, where it's allowed by law. For example, in a situation where we'd need to cooperate with law enforcement.
Does Glean share personal data?
We'll start by saying that at Glean, we truly respect your privacy and would never sell or rent your personal data. There are instances when we'll need to share your personal data with other parties (and then only the minimum amount necessary to do what we need to do). We'll describe these here:
- Sharing within our own business, which means our UK parent company and US subsidiary company. This sharing will be for the purposes set out in this Privacy Notice relating to our role as Data Controller, or, to provide a service as a Data Processor (for example, our US company may handle the payment procedure for a US-based individual).
- Sharing with third-party service providers that process personal data on our behalf (our Data Processors). We use carefully-chosen third party providers for their expertise in particular areas, such as: processing payments, hosting services (cloud storage), customer relationship management, assisting with user feedback, product transcription services, and others. You can request an up-to-date list of all our Third Party Data Processors at this web page: https://glean.co/third-party-data-processors.
- Sharing in the event of a merger, sale, acquisition, or reorganisation of all or parts of our business, data covered by this Privacy Notice may be transferred in connection with that business event.
- Sharing in the event we need to respond to a legal request for your information. We'll only ever share your data with law enforcement or other government bodies where it's required to comply with a warrant, court order, subpoena, or other lawful government requests. We'll contact if this has taken place.
- In rare cases, sharing data is necessary to investigate or take action relating to illegal activities, or, where people, our property, or the systems we use to provide our software and services to you have been harmed.
International data transfers
As a software company that provides services globally, we may transfer, store and process your personal data with third-party service providers based outside of the country in which you're based. Laws in those countries might be different from the laws of the country where you live. Where we transfer, store and process your personal data outside of the UK or EEA, we'll make sure that the appropriate safeguard is in place to protect your personal data. These safeguards include:
Please reach out to us if you'd like further information on the specific mechanism used by us when transferring your personal data outside of the UK or EEA.
- Where appropriate, we'll work with third party providers that are UK or EEA based, or, which are deemed to provide an adequate level of protection for personal data by the European Commission and UK Information Commissioner's Office (ICO).
- Where we need to work with providers based outside of the UK, EEA or other approved adequacy country, we'll make sure that we have a Data Processing Agreement in place with the third party provider. The Data Processing Agreement will also need to include the appropriate data transfer mechanism, like the Standard Contractual Clauses (SCCs).
Please reach out to us if you'd like further information on the specific mechanism used by us when transferring your personal data outside of the UK or EEA.
Data security
Glean is committed to safeguarding the confidentiality, integrity and availability of your personal data. This is why we have put in place physical, administrative, contractual, and technical measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed when it shouldn't be. We limit access to your personal data to those employees, agents, contractors and other approved third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We've also put in place procedures to deal with any suspected personal data breach or security incident that may compromise the safety of your personal data, and we'll notify you and any applicable regulatory body of a breach where we're legally required to do so.
We do need to let you know that unfortunately, the transfer of personal data through the internet carries its own risks and we can't guarantee the security of your data transmitted through the internet - if you do this, it's at your own risk.
Our website, software and services may provide links to websites and services provided by third parties. Any information you provide on apps, third-party websites or services is provided directly to the operators of those websites or services, and is subject to their policies governing privacy and security, even if accessed via our website or in connection with our services.
To learn more about our robust approach to data security, please read our handy Data Security web page.
We've also put in place procedures to deal with any suspected personal data breach or security incident that may compromise the safety of your personal data, and we'll notify you and any applicable regulatory body of a breach where we're legally required to do so.
We do need to let you know that unfortunately, the transfer of personal data through the internet carries its own risks and we can't guarantee the security of your data transmitted through the internet - if you do this, it's at your own risk.
Our website, software and services may provide links to websites and services provided by third parties. Any information you provide on apps, third-party websites or services is provided directly to the operators of those websites or services, and is subject to their policies governing privacy and security, even if accessed via our website or in connection with our services.
To learn more about our robust approach to data security, please read our handy Data Security web page.
How long Glean keeps personal data for
We'll only keep your personal data for as long as we need to, to fulfil the purposes we collected it for. This includes for the purposes of meeting any legal, accounting, or reporting requirements.
To help us to decide the appropriate retention period for personal data, we consider:
In some circumstances we may completely anonymise your personal data (so that it can no longer be linked to you) for research or statistical purposes, or to help us to keep improving our software products and services. In these cases, we may use this data indefinitely without having to keep communicating with you about it.
Details of our retention periods for your personal data are available in our retention policy, which you can request by reaching out to us. For information about the offboarding and deletion process that your Glean user account goes through when your Glean subscription ends, or your access expires, visit here.
To help us to decide the appropriate retention period for personal data, we consider:
- the quantity, nature, and sensitivity of the personal data
- the potential risk of harm from unauthorised use or sharing of your personal data
- the purposes for which we process your personal data and whether we can achieve those purposes through other means
- any applicable legal requirements
In some circumstances we may completely anonymise your personal data (so that it can no longer be linked to you) for research or statistical purposes, or to help us to keep improving our software products and services. In these cases, we may use this data indefinitely without having to keep communicating with you about it.
Details of our retention periods for your personal data are available in our retention policy, which you can request by reaching out to us. For information about the offboarding and deletion process that your Glean user account goes through when your Glean subscription ends, or your access expires, visit here.
Your privacy rights
You have the following rights in relation to your personal data that we hold:
No fee is usually required - in most cases you won't have to pay a fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we might refuse to carry out your request in these circumstances.
- Access. You have the right to access the personal data we hold about you, and to receive an explanation of how we use it and who we share it with.
- Correction. You have the right to correct any personal data we hold about you that is inaccurate or incomplete.
- Erasure. You have the right to request for your personal data to be erased or deleted (also known as the Right to be Forgotten).
- Object to processing. You have the right to object to our processing of your personal data where we're relying on a legitimate interest or if we're processing your personal data for direct marketing purposes.
- Restrict processing. You have a right in certain circumstances to stop us from processing your personal data other than for storage purposes.
- Portability. You have the right to receive (in a structured, commonly used and machine-readable format) personal data that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer this personal data to a third party.
- Withdraw consent. You have the right to withdraw any consent you previously gave us. We'll update your preferences for future, and this won't affect the lawfulness of processing before you gave consent.
No fee is usually required - in most cases you won't have to pay a fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we might refuse to carry out your request in these circumstances.
What we might need from you - We'll usually need to request specific information from you to help us confirm your identity and make sure you have the right to make the request in the first place. This is a security measure to make sure that personal data is not shared with someone who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help speed up our response.
Time limit to respond - We'll aim to respond to all legitimate requests within one calendar month. Occasionally, it may take us longer than a month if your request is particularly complex or you've made several requests. In this case, we'll let you know and keep you updated.
To exercise your rights, or for more information about your rights, please reach out to us at legal@glean.co.
Time limit to respond - We'll aim to respond to all legitimate requests within one calendar month. Occasionally, it may take us longer than a month if your request is particularly complex or you've made several requests. In this case, we'll let you know and keep you updated.
To exercise your rights, or for more information about your rights, please reach out to us at legal@glean.co.
Additional information for California residents
This section applies only to California consumers. For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act (“CCPA”). It describes how we collect, use, and share California consumers' Personal Information in our role as a business.
How We Collect, Use, and Disclose your Personal Information
We have collected the following statutory categories of Personal Information in the past twelve (12) months:
The business and commercial purposes for collecting this information from you are described in this Privacy Policy. The categories of third parties that we "disclose" this information for a business purpose are described in the “Does Glean share personal data?” section of this Privacy Policy.
💡Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. This means that our use of third-party online advertising services, which are described in the "Cookies and similar technologies" section of this Privacy Policy, may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” or "sharing" under the CCPA.
The period of time for which we keep personal information is described in the “How long does Glean keep personal data for” section of this Privacy Policy.
How We Collect, Use, and Disclose your Personal Information
We have collected the following statutory categories of Personal Information in the past twelve (12) months:
- Identifiers, such as name, e-mail address, user ID, and phone number. We collect this information directly from you.
- Commercial information, such as subscription records. We collect this information directly from you.
- Geolocation data, such as IP address. We collect this information from your device.
- Financial information, such as Payment Information or financial account numbers in the process of providing you with a subscription. We collect this information from you.
- Professional data, such as your job title and company.
- Other Personal Data, in instances when you interact with us online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing our software products and services to you.
- Inferences drawn from any of the above categories, alone or in combination.
The business and commercial purposes for collecting this information from you are described in this Privacy Policy. The categories of third parties that we "disclose" this information for a business purpose are described in the “Does Glean share personal data?” section of this Privacy Policy.
💡Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. This means that our use of third-party online advertising services, which are described in the "Cookies and similar technologies" section of this Privacy Policy, may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” or "sharing" under the CCPA.
The period of time for which we keep personal information is described in the “How long does Glean keep personal data for” section of this Privacy Policy.
Contact and complaints
To talk to us about this Privacy Notice or to make a complaint, please first contact us at legal@glean.co and we'll do our very best to deal with your query as soon as possible.
If you're based in the UK, you may also make a complaint to the UK’s ICO (on +44 303 123 1113 or via https://ico.org.uk/make-a-complaint/), or to the supervisory authority where you're located.
If you're based in the UK, you may also make a complaint to the UK’s ICO (on +44 303 123 1113 or via https://ico.org.uk/make-a-complaint/), or to the supervisory authority where you're located.
Genio is a trading name of Sonocent, LLC. Sonocent, LLC is registered in Florida, USA and is a subsidiary of Sonocent Ltd (UK)