Glass Marketing Co. ("Glass Marketing," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our marketing automation platform and related services (the "Service").
This Privacy Policy applies to information we collect from: (a) visitors to our website (glassmarketing.co); (b) clients who register for and use the Service; (c) authorized users of client accounts; and (d) individuals whose personal information is processed through the Service on behalf of our clients.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
1. Information We Collect
1.1 Information You Provide to Us
We collect information that you voluntarily provide, including:
- Account registration information: name, email address, company name, job title, phone number, and billing address.
- Payment information: credit card numbers, billing addresses, and other financial information necessary to process payments. Payment information is processed and stored by our third-party payment processor and is not stored on our servers.
- Client Content: brand assets, marketing materials, social media content, customer data, audience information, and other content you upload or provide to the Service.
- Communications: information you provide when you contact us for support, provide feedback, or participate in surveys.
- Third-Party Service credentials: OAuth tokens and access credentials for social media platforms and other services you connect to the platform. These are stored in encrypted form in our database.
- Brand and business information: brand guidelines, voice attributes, target audience descriptions, industry information, and business goals you provide during onboarding.
1.2 Information Collected Automatically
When you access or use the Service, we automatically collect:
- Usage data: features used, actions taken, content created, recommendations accepted or rejected, publishing activity, and performance metrics.
- Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
- Log data: access times, pages viewed, referring URLs, and other diagnostic data.
- Cookies and similar technologies: we use cookies, web beacons, and similar technologies to facilitate navigation, analyze usage, and personalize your experience. See Section 8 for our Cookie Policy.
- Analytics data: aggregated performance metrics, engagement rates, audience demographics (as provided by Third-Party Services), and content effectiveness data.
1.3 Information from Third-Party Services
When you connect Third-Party Services (such as X/Twitter, LinkedIn, Facebook, Instagram, or advertising platforms) to the Service, we may receive information from those services, including public profile information, page/account metadata, content engagement metrics, audience analytics, and posting history. The information we receive depends on the permissions you grant and the privacy settings of the Third-Party Service.
2. How We Use Your Information
We use the information we collect for the following purposes:
Providing and operating the Service: to create and manage your account, generate content, publish to connected platforms, provide analytics and recommendations, and deliver the features described in our Terms of Service.
Improving the Service: to analyze usage patterns, identify areas for improvement, develop new features, train and improve our machine learning models using aggregated and anonymized data, and optimize performance.
Learning and personalization: to personalize content recommendations, optimize publishing strategies, learn from content performance outcomes, and improve the effectiveness of our AI-driven features for your account and across our platform.
Communication: to send you account notifications, service updates, security alerts, technical notices, support messages, and administrative communications.
Billing and payments: to process payments, send invoices, and manage your subscription.
Security and fraud prevention: to detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
Legal compliance: to comply with applicable laws, regulations, legal processes, and governmental requests.
Marketing (with consent): to send promotional communications about our products and services. You may opt out at any time by following the unsubscribe instructions in any marketing email or by contacting us.
3. Data Processing Roles
3.1 When We Are the Data Controller
We act as the data controller for personal information we collect directly from you in connection with your use of the Service, including your account information, usage data, and communications with us.
3.2 When We Are the Data Processor
When our clients upload or provide personal information of their customers, audiences, or contacts through the Service, we act as a data processor on behalf of the client (the data controller). In such cases, we process personal information only in accordance with the client's instructions and applicable data processing agreements. If you are an individual whose personal information is processed through the Service on behalf of one of our clients, please direct any privacy inquiries or requests to the relevant client.
3.3 Data Processing Agreement
We offer a Data Processing Agreement (DPA) for clients who require one to comply with applicable data protection laws, including the GDPR. To request a DPA, please contact us at legal@glassmarketing.co.
4. How We Share Your Information
We may share your information in the following circumstances:
Service providers: we share information with third-party service providers who perform services on our behalf, including cloud hosting (Railway, Neon), AI model providers (OpenAI), email delivery (Resend), media generation (ElevenLabs, Runway), SMS services (Twilio), and payment processing. These providers are contractually obligated to use your information only to perform services for us and in accordance with this Privacy Policy.
Third-Party Services: when you connect Third-Party Services to the platform, we share information with those services as necessary to publish content, retrieve analytics, and perform the functions you have authorized. This sharing is governed by the Third-Party Service's own privacy policy.
With your consent: we may share your information with third parties when you explicitly consent to such sharing.
Legal requirements: we may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
Business transfers: in the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
Aggregated and anonymized data: we may share aggregated and anonymized data that does not identify any individual for industry analysis, benchmarking, research, and marketing purposes.
5. Data Security
We implement and maintain reasonable administrative, technical, and physical security measures designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
- Encryption of data in transit using TLS 1.2 or higher.
- Encryption of sensitive data at rest, including OAuth tokens and API credentials.
- Access controls that limit access to personal information to authorized personnel on a need-to-know basis.
- Regular security assessments and vulnerability testing.
- Secure software development practices.
- Incident response procedures for promptly addressing security breaches.
- Secure credential storage with separation of operator-level and client-level credentials.
While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.
6. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account information: retained for the duration of your account and for up to twelve (12) months after account termination for legitimate business purposes.
- Client Content: retained for the duration of your account. Upon termination, Client Content is available for export for thirty (30) days, after which it is deleted within ninety (90) days.
- Usage data and analytics: retained in anonymized and aggregated form indefinitely for service improvement and machine learning training purposes.
- OAuth tokens and credentials: deleted immediately upon disconnection of the Third-Party Service or termination of the account.
- Payment records: retained as required by applicable tax and financial regulations.
- Log data: retained for up to twelve (12) months for security and diagnostic purposes.
7. Your Privacy Rights
7.1 General Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right of access: the right to request a copy of the personal information we hold about you.
- Right to rectification: the right to request correction of inaccurate or incomplete personal information.
- Right to erasure: the right to request deletion of your personal information, subject to certain exceptions.
- Right to restrict processing: the right to request that we limit how we use your personal information.
- Right to data portability: the right to receive your personal information in a structured, commonly used, machine-readable format.
- Right to object: the right to object to our processing of your personal information for certain purposes, including direct marketing.
- Right to withdraw consent: where we rely on consent as the legal basis for processing, the right to withdraw consent at any time.
- Right to non-discrimination: the right not to receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, please contact us at legal@glassmarketing.co. We will respond to your request within thirty (30) days, or such shorter period as required by applicable law. We may request verification of your identity before fulfilling your request.
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:
- The right to know what personal information we collect, use, disclose, and sell.
- The right to delete personal information we have collected from you.
- The right to correct inaccurate personal information.
- The right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
- The right to limit the use of sensitive personal information.
- The right to non-discrimination for exercising your rights.
In the preceding twelve (12) months, we have collected the categories of personal information described in Section 1 of this Privacy Policy. We collect this information for the business purposes described in Section 2. We do not sell personal information as defined by the CCPA/CPRA.
7.3 European Economic Area, United Kingdom, and Swiss Residents (GDPR/UK GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and/or UK GDPR. Our legal bases for processing your personal information include:
- Contract performance: processing necessary to perform our contract with you (providing the Service).
- Legitimate interests: processing necessary for our legitimate interests, including improving the Service, ensuring security, and marketing (where not overridden by your rights).
- Consent: processing based on your consent, which you may withdraw at any time.
- Legal obligation: processing necessary to comply with applicable laws.
For international data transfers outside the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the EU-US Data Privacy Framework where applicable, or other lawful transfer mechanisms. You may request a copy of the applicable transfer mechanism by contacting us at legal@glassmarketing.co.
You have the right to lodge a complaint with your local data protection authority if you believe we have violated applicable data protection laws.
8. Cookie Policy
We use the following types of cookies and similar technologies:
Strictly necessary cookies: essential for the Service to function, including authentication, security, and session management. These cookies cannot be disabled.
Performance and analytics cookies: help us understand how users interact with the Service, which features are used most, and where users encounter issues. We use this information to improve the Service.
Functional cookies: remember your preferences and settings to provide a personalized experience.
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use advertising or tracking cookies.
9. Children's Privacy
The Service is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us at legal@glassmarketing.co.
10. Third-Party Links and Services
The Service may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will notify you of material changes by posting a prominent notice on our website or sending an email to your registered email address at least thirty (30) days before the changes take effect. The "Effective Date" at the top of this Privacy Policy indicates when it was last updated. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Glass Marketing Co.
Email: legal@glassmarketing.co
Website: glassmarketing.co
For GDPR-related inquiries, you may also contact your local data protection authority.