Privacy Policy

Last updated: May 26, 2026

Who we are

Glauda (“we”, “us”) is operated by AFFARI IN RETE S.r.l., a company registered in Italy with registered office at Via Antonio Rosmini 45, 91022 Castelvetrano (TP), Italy (VAT, P.IVA: IT02864800814). We are the data controller for the personal data described in this policy. You can reach us at support@glauda.com.

What we collect

• Email address: used to sign you in via magic link and to contact you about your account.
• Conversation transcripts: text of what you said (transcribed by our AI provider) and what the bot said back. We store these so you can review your past sessions in your account.
• Session metadata: language, level, scenario, duration, timestamps. Used for usage tracking and product analytics.
• Payment data: handled entirely by Stripe. We store only your Stripe customer and subscription IDs, never your card details.
• One authentication cookie set by our auth provider (Supabase) so you stay signed in. Strictly necessary for the service to work. No advertising or marketing cookies.
• Cookieless analytics via Vercel Analytics: anonymized, aggregated page-view counts and basic browser type. Not tied to any user identifier, no cross-session tracking. See our Cookie Policy for the full list and our analytics provider's privacy notes.
• Marketing cookies (with your consent): if you choose to allow marketing cookies, we set Meta's _fbp and _fbc cookies and forward page-view and conversion events (signup, free trial start) to Meta. This lets us measure which ads bring in real users so we can stop wasting money on the ones that do not. We set these only after you click Accept all or enable Marketing in Customize. See the Cookie Policy for the full list, duration, and how to withdraw consent.
• Your cookie consent choice: stored in a first-party cookie (glauda_consent_v1) for 6 months so we do not ask you again on every visit. If you are signed in, your choice may also be saved on your account so it follows you across devices.

What we do not store

Your audio is not retained. The microphone stream goes directly from your browser to OpenAI's Realtime API over an encrypted WebRTC connection. We only ever see the resulting text transcript.

Third parties we share data with

• Supabase: managed Postgres and auth provider. Hosts our database in the EU (eu-west-1).
• OpenAI: provides the speech-to-speech model powering conversations. Subject to OpenAI's data usage policies; conversation content is not used to train their models for API customers per their data policy.
• Stripe: payment processing. Stores card details and billing information.
• Vercel: hosts the application.
• Meta (Facebook / Instagram): processes advertising and conversion events only with your consent via the Marketing cookie category. We share the page URL, standard browser information (IP, user agent), and, after you sign up, a hashed (one-way) version of your email for ad attribution. Meta is a US processor; the transfer is covered by the EU-US Data Privacy Framework. You can withdraw at any time from Cookie preferences.

We never sell your data to advertisers or data brokers. We share data with the providers above only to the extent necessary to operate the service.

Lawful basis

We rely on the following lawful bases under GDPR Article 6:

• Contract (Art. 6(1)(b)): for everything strictly necessary to provide the service you signed up for. Account, sign-in, conversations, billing.
• Legitimate interest (Art. 6(1)(f)): for cookieless aggregated analytics (Vercel) and for security and error monitoring. We have weighed this against your privacy interests and the impact is minimal because no personal identifiers are involved.
• Consent (Art. 6(1)(a)): for marketing cookies (Meta pixel) and any other non-essential tracking. You can withdraw consent at any time from Cookie preferences; withdrawal does not affect the lawfulness of processing before withdrawal.

Your rights

You can export or delete your data at any time from your account page. If you delete your account, all your transcripts and metadata are permanently removed within 30 days; your Stripe subscription is canceled immediately.

If you're in the EU/UK, you have additional rights under GDPR (access, rectification, restriction, portability, objection). Email support@glauda.com to exercise them.

Retention

Your data stays as long as your account exists. After deletion, our automated processes purge it within 30 days. Backup snapshots are retained by Supabase for up to 7 days; we cannot manually purge those, but they expire automatically.

Changes

We'll update this page when material things change and email you if those changes meaningfully affect what we do with your data.

Contact

Questions, complaints, takedowns: support@glauda.com.