Glean

56/100

Partial disclosure · high confidence

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

A strong website and business-operations privacy policy that explicitly excludes the AI product itself, so it stays silent on training, output ownership, and AI-log retention.

What the policy says

Scope excludes the product

The policy states it "does not apply to your use of our products and services (collectively, 'Solutions')," so it never addresses whether copilot inputs train models or who owns outputs. Those indicators are silent rather than adverse, which is why no dealbreaker applies.

Full data-subject rights

Section 10 grants access ("Right to Know"), deletion ("Right to Delete"), correction ("Right to Correct"), portability, and objection across GDPR, CCPA/CPRA, and LGPD, all exercisable via privacy@glean.com, with a 30-day response commitment.

Does not sell, named transfer safeguards

It states "Glean does not sell, and has not sold in the preceding 12 months, Personal Information" and relies on "Standard Contractual Clauses approved by the European Commission" plus EU-U.S. Data Privacy Framework certification. Both clauses appear verbatim in the snapshot.

Retention stays vague, no breach clause

Retention is described only as "as long as necessary to fulfill the legitimate business purposes," with no day-count or deletion-completion timeline. Section 6 lists generic physical, administrative, and technical safeguards but includes no breach-notification timeframe.

Score by area

Training-data use0 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inSilent

Names a way to opt out of or into trainingSilent

Says whether training use differs by plan or tierSilent

Lets the user keep ownership of generated outputsSilent

Data-subject rights5 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataDisclosed

Offers data portability in a usable formatDisclosed

Grants a right to correct your dataDisclosed

Grants a way to object to or opt out of processingDisclosed

Retention and deletion0 of 4 disclosed

States a retention period for your dataDisclosed

States a deletion timeline after closure or requestDisclosed

Sets a shorter retention for AI conversation logsSilent

Commits to collecting only the data it needsDisclosed

Third-party sharing4 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementSilent

Does not sell or share data for advertising, or offers opt-outDisclosed

Names a safeguard for international data transfersDisclosed

States a standard for government and law-enforcement accessDisclosed

Transparency3 of 4 disclosed

Discloses that you are interacting with AISilent

Marks AI-generated or synthetic outputNot applicable

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesDisclosed

Is versioned and dated, with change noticeDisclosed

Sensitive data and children0 of 2 disclosed

Discloses automated decisions and a human-review pathNot applicable

Limits the use of special-category dataSilent

Governs biometric data specificallyNot applicable

States protections for children's dataDisclosed

Security and accountability1 of 3 disclosed

Describes its security safeguardsDisclosed

Commits to breach notificationSilent

Names a certification or a privacy contactDisclosed

DisclosedPartialSilentAdverseNot applicable

Details

Category: Enterprise copilot
Modalities: text
Processes biometrics: No
Policy last updated: 2026-04-01
Region scored: Global / US-default
Assessed: 2026-06-20

Read Glean's privacy policy

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.