Legal

Privacy Policy

Last updated: April 30, 2026

1. Who we are

Glide CoPilot (“Glide,” “we,” “us,” or “our”) is operated by Glide CoPilot, Inc., a Delaware corporation with a registered address at [street address, city, state, zip]. We provide an AI-powered digital presence platform that helps small business owners manage their unified inbox, social posting, reviews, bookings, and customer journeys from a single dashboard.

This policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and the rights you have over it. If you have questions, write to us at privacy@glidecopilot.com.

2. Information we collect

We collect three categories of information:

2.1 Information you give us

  • Account information — name, email, password (hashed), business name, phone number, time zone.
  • Billing information — handled by our payment processor (Stripe). We never see or store your card number directly.
  • Content you create in Glide — posts, replies, journeys, brand DNA briefs, uploaded images, customer notes.
  • Support correspondence — what you tell us when you ask for help.

2.2 Information from connected platforms

When you connect a third-party platform (Facebook, Instagram, Threads, WhatsApp, Google Business Profile, Gmail, Google Calendar, Twilio SMS, SendGrid, etc.), we receive data from that platform on your behalf using OAuth or API keys you provide. The exact fields depend on the platform; see Section 4: Meta data handling for the Meta-specific list.

2.3 Information we collect automatically

  • Usage data — pages visited, features used, click events, error reports, browser type, device type.
  • Log data — IP address, request timestamps, user agent.
  • Cookies — see Section 9.

3. How we use information

We use information to:

  • Provide, maintain, and improve the Glide CoPilot service.
  • Authenticate you, secure your account, and detect fraud.
  • Surface inbound messages, comments, and reviews from connected platforms in your unified Inbox.
  • Publish content to connected platforms only when you explicitly trigger publishing (e.g. by clicking “Publish” in Compose).
  • Generate AI-assisted drafts, summaries, brand briefs, and journey suggestions using your own content as input.
  • Send service emails (account confirmations, billing receipts, security notices).
  • Send product update emails — only if you opted in. You can unsubscribe at any time.
  • Respond to your support requests.
  • Comply with legal obligations and enforce our Terms.

We never sell your personal data. We neveruse the content of your customer messages, reviews, or social posts to train third-party AI models. Your business’s data is your business’s data.

4. Meta data handling

Glide CoPilot integrates with Meta’s family of products (Facebook, Instagram, Threads, WhatsApp Business) under permissions you explicitly grant during the “Connect Meta” flow. This section describes that handling specifically, in the form Meta’s App Review process expects.

4.1 What Meta data we collect

  • Pages — the IDs, names, profile pictures, and Page access tokens of Facebook Pages you choose to manage with Glide.
  • Page engagement — comments, reactions, and basic post insights on those Pages.
  • Page messages — Messenger conversations sent to or from those Pages.
  • Instagram Business accounts — IDs, usernames, profile pictures, and the Page access tokens used to publish on their behalf.
  • Instagram messages and comments — Direct Messages and post comments on connected accounts.
  • Instagram insights — reach, impressions, profile visits, engagement counts on posts you published through Glide.
  • Threads — your Threads user ID, username, profile picture, and the user access token used to publish on your behalf.
  • WhatsApp Business — phone number ID, business account ID, and inbound/outbound messages routed through your number.

4.2 How we use Meta data

  • To display inbound messages, comments, and reviews in your Glide Inbox.
  • To publish content to Meta surfaces at the moment you click Publish — never automatically without your action.
  • To show post-performance numbers in your Glide Analytics dashboard.
  • To subscribe to Meta’s real-time webhooks so new messages stream to your Inbox without polling.

4.3 How we store Meta data

  • All Meta access tokens (user, Page, IG, Threads) are encrypted at rest using AES-256-GCM with a key managed in our secrets vault. They are never logged in plaintext.
  • Message content and post content is stored in our primary database (Postgres on managed infrastructure) with encryption at rest provided by the host.
  • Profile pictures are referenced by URL and rendered directly from Meta’s CDN — we don’t mirror them.

4.4 How long we retain Meta data

  • Access tokens — until you disconnect Meta or until the token expires (~60 days for long-lived tokens, refreshed daily by our cron).
  • Message and comment history — 24 months from the date of receipt, then automatically purged. You can delete sooner via the Inbox.
  • Post insights — 12 months.
  • If you click Disconnect Meta in Settings → Integrations, all of the above is deleted within 24 hours and the underlying tokens are revoked with Meta.

4.5 Data deletion endpoint

Per Meta’s Platform Terms, Glide exposes a Data Deletion Callback at https://glidecopilot.com/api/integrations/meta/disconnect. Meta calls this endpoint when a user removes Glide from their Meta account; we respond by revoking tokens and deleting all associated records within 24 hours. You can also trigger the same deletion from inside Glide’s Settings → Integrations page.

For step-by-step instructions on deleting your data — single integration, full account, or via Meta — see the Data Deletion page.

4.6 Data sharing and Meta

We do not sell, license, or share Meta data with third parties for advertising, retargeting, or model training. Meta data is processed only by Glide’s own infrastructure and the subprocessors listed in Section 6, each under contractual confidentiality and security obligations.

5. Other connected integrations

The same general principles apply to data from non-Meta integrations: we collect only what we need to deliver the connected feature, we encrypt credentials at rest, and we delete on disconnect.

  • Google Business Profile — business profile info, reviews, posts; used for review management and local-pack visibility.
  • Gmail / Google Calendar — inbound emails (for unified Inbox), calendar events (for booking management).
  • Twilio — SMS message content sent and received via your Twilio number.
  • SendGrid — email content sent through your verified sender domain.
  • Stripe — billing tokens, invoice history. Card numbers are never received by Glide.

6. Who we share information with

We share information only with subprocessors that operate under written agreements requiring them to protect your data:

  • Cloud hosting — Vercel and AWS (compute, storage, edge network).
  • Database — managed Postgres provider (encryption at rest, automated backups).
  • Payments — Stripe (PCI-DSS compliant card processor).
  • Email delivery — SendGrid (transactional email).
  • Error monitoring — Sentry (with PII scrubbing enabled).
  • Analytics — privacy-respecting product analytics with no third-party cookie tracking.
  • AI model providers — for features that require LLM inference. Prompts are sent on a zero-retention basis where the provider supports it; otherwise the provider’s standard retention applies and the data is not used to train their models.

We may also disclose information when required by law, to protect Glide’s rights, or in connection with a corporate transaction (with notice to you).

7. Data retention

We keep your data only as long as we need it for the purposes described in this policy:

  • Active account data — for as long as your account is active.
  • Closed account data — deleted within 30 days of account closure, except where we are required to retain it (e.g. tax records — typically 7 years).
  • Backups — purged on a rolling 90-day cycle.
  • Meta-specific retention — see Section 4.4.

8. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to fix inaccurate data.
  • Deletion — ask us to delete your data (subject to legal retention obligations).
  • Portability — receive your data in a machine-readable format.
  • Restriction / objection — limit how we process your data, or object to certain processing.
  • Withdraw consent — disconnect any integration or unsubscribe from marketing email at any time.
  • Lodge a complaint — with your local data protection authority.

To exercise any of these rights, email privacy@glidecopilot.com. We respond within 30 days.

California residents (CCPA/CPRA)additionally have the right to know what categories of personal information are collected, sold, or disclosed; to opt out of sale (we don’t sell); and to non-discrimination. Send your request to the address above.

9. Cookies and similar technologies

We use a minimal set of cookies — strictly necessary cookies for authentication and session management, and one preference cookie to remember your dashboard view choices. We do not use third-party advertising cookies, retargeting pixels, or cross-site trackers.

You can disable cookies in your browser, but core features (login, Inbox) will not function.

10. Security

We protect your data with:

  • TLS 1.2+ for all data in transit.
  • AES-256-GCM encryption at rest for all integration access tokens.
  • Database encryption at rest provided by our managed Postgres host.
  • Principle-of-least-privilege access controls; engineering access requires SSO + 2FA + audit logging.
  • Annual penetration tests by a third-party security firm.
  • Automated dependency scanning and patching.

No system is 100% secure. If we ever discover a security incident affecting your data, we will notify you and the relevant authorities within the timeframes required by law (typically 72 hours under GDPR).

11. International transfers

Glide is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US (and any region where our subprocessors operate). Where required, we use Standard Contractual Clauses or equivalent safeguards for transfers from the EEA, UK, and Switzerland.

12. Children

Glide is a B2B service for business owners. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through an in-app notice at least 30 days before the change takes effect. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact us

Privacy questions: privacy@glidecopilot.com
Data deletion requests: privacy@glidecopilot.com or through Settings → Integrations → Disconnect.
Mailing address: Glide CoPilot, Inc., [street address, city, state, zip]