Glass CRM

GDPR & Privacy Notice

Last updated: May 2026

1. Who We Are & Our Philosophy

TL;DR: We are fully based in the EU. We hold your data to make your app run smoothly, not to sell it to advertisers or brokers.

Glass CRM operates under European jurisdiction. We act as a Data Processor for the information you upload (such as meeting notes and audio recordings) and a Data Controller for your basic account information (like your name and billing email). Our business model is simple: you pay us for a software service. We do not sell, rent, or monetize your data to any third parties.

2. The Data We Collect & Why

TL;DR: We only collect basic profile info, payment details, and the actual notes you want our AI to classify for your pipeline.

We collect and process the following categories of personal data based on the legal ground of contractual necessity:

  • Account Data: Name, business email address, company name, and payment details (processed securely via our third-party payment gateway).
  • Customer Content: Text notes, typed summaries, or audio recordings that your sales reps upload or record within the app.
  • Integration Data: Authentication tokens required to securely pass your processed data into your designated CRM.

3. Where Your Data Lives (Data Localization)

TL;DR: Your data never leaves Europe. It stays protected by enterprise encryption on secure European servers.

All personal data and customer content processed by Glass CRM is hosted and stored on secure cloud servers physically located within the European Union (EU). We utilize enterprise-grade encryption both in transit (SSL/TLS) and at rest (AES-256).

4. The AI Processing Boundary (EU AI Act Compliance)

TL;DR: Locked-box processing. Your conversations are siloed and will never be used to train public or foundational models.

In strict compliance with the EU AI Act and safety standards:

  • Zero Public Training: Your text inputs, meeting summaries, and audio files are processed via secure, private enterprise APIs. Your data is isolated and is never used to train public or foundational third-party AI models.
  • No Automated Sole Decision-Making: Our AI provides data classification and coaching recommendations, but a human sales rep always reviews, edits, and approves the data before it is saved or pushed to a CRM.

5. Data Retention

TL;DR: Profile info stays active while you use the app. Temporary media files are scrubbed as soon as they are pushed cleanly to your database.

  • Account Data: Retained for the duration of your active subscription and deleted within 30 days of account termination, unless required otherwise by financial auditing laws.
  • Processed Notes & Audio: Raw files are temporarily held to ensure accurate processing and synchronization with your CRM. Once successfully processed and saved, raw temporary assets are systematically purged from our operational cache according to strict internal retention schedules.

6. Your GDPR Rights

TL;DR: You have complete control. Email us anytime to download your data profile, correct an issue, or delete everything.

Under the GDPR, you possess full rights regarding your personal data. You may exercise these at any time by contacting us:

  • Right to Access & Portability: You can request a copy of all data we store about you.
  • Right to Erasure ("Right to be Forgotten"): You can request that we permanently delete your account and associated personal data.
  • Right to Rectification: You can request that we correct any inaccurate personal information.

To exercise these rights, please drop us a quick note at [email protected].