Glimpze Privacy Policy

Last Updated: June 9, 2026

1. Who We Are

Glimpze is operated by Glimpze ApS, CVR no. 46352092, Porcelaenshaven 26, 2000 Frederiksberg, Denmark ("Glimpze", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our website at glimpze.io, our dashboard application, our embeddable widget, our APIs, and related services (collectively, the "Service"). Please read it carefully.

If you have questions about this Policy or our data practices, contact us at support@glimpze.io.

2. Our Two Roles: Controller and Processor

Glimpze processes personal data in two distinct capacities, and it matters which one applies to you:

  • As a Controller — for the personal data of our own account holders and prospective customers, and for visitors to our marketing website (glimpze.io). This covers account, billing, support, and website-analytics data. For this data, we decide why and how it is processed, and this Privacy Policy governs it.
  • As a Processor — for the personal data of website visitors that flows through the Glimpze widget when our business customers deploy it on their own websites (for example, the names, emails, phone numbers, and chat messages that visitors submit). For this data, our business customer is the Controller: they decide what is collected and why. We process it only on their documented instructions, under our Terms of Service and our Data Processing Agreement (DPA).

If you are a website visitor who interacted with a chat or call widget powered by Glimpze on another company's website, that company — not Glimpze — is the Controller of your data. To exercise your rights, please contact that company directly. We will assist them in responding to your request (see Section 10).

3. Information We Collect as a Controller

When you create an account, use our dashboard, or visit glimpze.io, we may collect:

  • Account Information: your email address, name, and (unless you sign in with Google) a securely hashed password, along with workspace and profile details you provide.
  • Authentication Data: if you sign in with Google, we receive your email address and basic profile information from Google as permitted by your settings.
  • Billing Information: if you subscribe to a paid plan, our payment processor (Stripe) collects and processes your payment details. We receive your subscription status, plan, and limited confirmation details, and we do not store full payment card numbers.
  • Support Communications: if you contact us (for example, by email), we receive your message and anything you choose to include in it.
  • Website and Product Usage Data: when you visit glimpze.io or use the dashboard, we and our analytics provider (PostHog, hosted in the EU) collect usage data such as pages viewed, actions taken, approximate location, device and browser type, and similar log data, using cookies and similar technologies.

4. Information We Process as a Processor (Widget Visitor Data)

When our business customers deploy the Glimpze widget on their websites, we process the following categories of personal data on their behalf and on their instructions:

  • Identification and Contact Data: information a visitor chooses to provide, such as name, email address, phone number, and company name.
  • Communication Content: text-based chat transcripts, including messages exchanged with our AI assistant or with the customer's live representatives.
  • Technical and Geographic Data: browser type, operating system, device type, pages viewed, and an approximate geographic location (country) derived from the visitor's IP address.
  • Voice and Video Calls: calls are facilitated in real time through our infrastructure provider (Daily). Call audio and video are not recorded or stored by Glimpze.

A note on IP addresses: to determine a visitor's country, our server briefly sends the visitor's IP address to a geolocation provider (IPinfo) and retains only the resulting country code. We do not store the raw IP address in our database.

We do not control what information visitors choose to type into the widget. Our customers, as Controllers, are responsible for what they collect, and our Terms prohibit using the Service to collect special categories of data (such as health data, political opinions, or biometric data).

5. How We Use Information

We use personal data to:

  • provide, operate, secure, maintain, and improve the Service;
  • create and manage accounts, and process subscriptions and payments;
  • provide customer support and send service-related communications;
  • power AI features by passing relevant conversation content to our AI provider to generate responses, summaries, and routing (see Section 6);
  • understand product usage and improve our Service, using aggregated or de-identified analytics;
  • prevent fraud and abuse, enforce our Terms, and comply with legal obligations; and
  • send marketing communications where permitted, which you can opt out of at any time.

We do not sell personal data, and we do not use customer or visitor content to train our own or any third party's AI models.

6. AI Features and Sub-Processing

Our widget includes AI-assisted chat. To generate responses, the relevant conversation content is processed through our AI provider's API (OpenAI). OpenAI processes this data only to return a result to us and does not use it to train its models. Where this involves a transfer outside the EEA, it is protected by Standard Contractual Clauses (see Section 9). AI outputs may be imperfect and should be reviewed before being relied upon.

7. Legal Bases for Processing (EEA/UK Users)

Where we act as a Controller and you are in the European Economic Area (EEA) or the UK, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you have signed up for;
  • Legitimate interests — for securing and improving the Service, analytics, and fraud prevention, where not overridden by your rights;
  • Consent — for marketing communications and non-essential cookies; and
  • Legal obligation — where the law requires it.

Where we act as a Processor, our customer (the Controller) is responsible for establishing the legal basis for the processing.

8. Sharing and Sub-Processors

We do not sell personal data. We share personal data only with the service providers ("sub-processors") that help us run the Service, and as otherwise described below.

Sub-processors for widget visitor data (where we act as Processor):

  • Supabase — cloud database and hosting, in Frankfurt, Germany (EU).
  • OpenAI — AI processing via API (United States); no data used for training.
  • Daily — real-time voice and video infrastructure (United States); calls are not recorded.
  • IPinfo — IP-to-country geolocation (United States).

Providers we use to run our own business (where we act as Controller):

  • Stripe — payment processing (United States);
  • Resend — transactional email delivery, such as invitations and notifications (United States);
  • PostHog — product and website analytics (EU region); and
  • Vercel — hosting and content delivery for our marketing website (glimpze.io).

Optional integrations you enable: if a customer connects a third-party tool such as HubSpot, Slack, or Google Calendar, relevant data (which may include visitor names, emails, and transcripts) is shared with that tool at the customer's direction. In that case the customer controls the destination service and is responsible for its configuration and for the data once it arrives there.

We may also disclose personal data to comply with law, to protect our rights and the safety of others, and in connection with a merger, acquisition, or sale of assets. An up-to-date list of the sub-processors used for widget visitor data is maintained in our DPA, which we make available to customers.

9. International Data Transfers

Our primary data storage is in the European Union (Supabase, Frankfurt), and our analytics provider is hosted in the EU. Some of our sub-processors are located in the United States (OpenAI, Daily, IPinfo, Stripe, Resend). Where personal data is transferred outside the EEA, we rely on appropriate safeguards — principally the European Commission's Standard Contractual Clauses (SCCs) — to ensure your data remains protected.

10. Your Data Protection Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority.

How to exercise your rights depends on which data is involved:

  • If you are a Glimpze account holder (or a visitor to glimpze.io), contact us at support@glimpze.io and we will handle your request directly.
  • If you are a website visitor who used a Glimpze-powered widget on another company's website, that company is the Controller of your data. Please direct your request to that company. If you contact us, we will promptly notify them and assist them in fulfilling your request, including by deleting the relevant data on their instruction.

You may complain to your local data protection authority. Glimpze's lead supervisory authority is the Danish Data Protection Agency (Datatilsynet), www.datatilsynet.dk.

11. Data Retention

We retain account and billing data for as long as your account is active and as needed to comply with our legal obligations. Widget visitor data that we process on behalf of a customer is retained for the duration of that customer's agreement with us; following termination, we delete it within 10 business days, except where we are required to retain limited records by law. Call audio and video are not recorded and exist only transiently for the duration of the call.

12. Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls and row-level security on our database, least-privilege access for our team, and reliance on the security infrastructure of our EU cloud provider (Supabase). No system can be guaranteed perfectly secure, but we work to protect your data and to continually improve our security posture.

13. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service and to understand usage. These include:

  • Essential cookies for authentication and core functionality;
  • a visitor identifier stored by the widget so that conversations can be maintained across page loads; and
  • analytics cookies (PostHog) on our website.

Our customers can integrate a consent management platform (such as Cookiebot) so that the widget's tracking respects each visitor's cookie choices. You can also control cookies through your browser settings; disabling some cookies may affect functionality.

14. Children's Privacy

The Service is intended for business use and is not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will indicate changes by updating the "Last Updated" date above and, where appropriate, by providing additional notice. We encourage you to review this Policy periodically.

16. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

Glimpze ApS
CVR no. 46352092
Porcelaenshaven 26
2000 Frederiksberg
Denmark
Email: support@glimpze.io