Glass

Privacy Policy

How Glass collects, uses, stores, and shares personal data across Glass products and services.

Last updated: March 23, 2026

1. Introduction

This Privacy Policy explains how Glass collects, uses, stores, and shares personal data when you use:

  • the glassapp.dev website
  • Glass
  • GPUI
  • Glass Bot
  • related downloads, support channels, and product interfaces that link to this policy

For the purposes of applicable data protection law, the data controller is:

Hugo Boutaleb, entrepreneur individuel, doing business as Glass
Email: naaiyyyy@gmail.com
SIREN: 937523256
SIRET: 93752325600017

2. Summary

In short:

  • Glass collects the personal data needed to operate the website, respond to support requests, and run Glass Bot
  • Glass does not sell personal data
  • Glass does not currently send marketing emails
  • Glass uses Vercel hosting and Vercel Web Analytics for the website
  • Glass Bot uses account, billing, storage, and AI-related service providers
  • Glass currently relies in part on Zed-operated infrastructure for some optional account, hosted AI, and billing flows
  • you can request access, correction, deletion, or other privacy rights by emailing naaiyyyy@gmail.com with the subject line Privacy Request

3. Data We Collect

3.1 Data you provide directly

Glass may collect:

  • your name
  • your email address
  • the contents of support emails or messages
  • billing-related details you provide during support interactions
  • account details you provide when creating a Glass Bot account
  • prompts, messages, files, and other content you submit through Glass Bot
  • API provider connection details if you configure provider accounts in Glass Bot

3.2 Data collected automatically

When you use the website or a Glass-operated service, Glass may collect:

  • IP address
  • browser and device information
  • operating system information
  • page views and product usage events
  • basic technical logs
  • timestamps and request metadata
  • security and abuse-prevention signals

3.3 Payment information

Payments for paid services such as Glass Bot are processed by Stripe or related billing tooling. Glass does not intentionally store raw full payment card numbers on its own systems.

Glass may receive billing metadata such as:

  • payment status
  • subscription status
  • customer identifiers
  • invoice and checkout references
  • limited billing contact information

3.4 Authentication data

For Glass Bot, Glass currently uses third-party authentication components and providers. This may include profile information made available through your selected sign-in method, such as:

  • name
  • email address
  • profile image
  • provider account identifier

3.5 Product-specific notes

Glass

Glass is an open source product. Today, some optional account, hosted AI, collaboration, or billing-related flows visible inside Glass may still be operated through Zed infrastructure rather than solely by Glass.

If you use those flows, Zed or the relevant third-party provider may collect and process personal data under their own terms and privacy notices.

GPUI

GPUI is primarily distributed as open source code and documentation. In normal use of the repository and documentation, Glass generally collects only the website, repository, and support data described in this policy.

Glass Bot

Glass Bot may collect and store:

  • account information
  • chat titles and chat history
  • message content
  • token or usage information
  • billing state
  • encrypted API keys or provider credentials where you choose to connect them
  • support and troubleshooting information

4. How We Use Personal Data

Glass uses personal data to:

  • provide and maintain the website
  • authenticate users
  • operate Glass Bot accounts and subscriptions
  • process payments and reconcile billing events
  • provide support
  • secure systems and prevent abuse
  • debug issues and improve product reliability
  • operate infrastructure and monitor performance
  • comply with legal, accounting, tax, and regulatory obligations

Glass does not currently send newsletter or promotional marketing emails.

Glass does not sell personal data.

Where European data protection law applies, Glass relies on one or more of the following legal bases:

  • contract: to provide requested services, accounts, subscriptions, and support
  • legitimate interests: to secure services, detect abuse, operate the website, improve products, and understand usage trends
  • legal obligation: to retain records, respond to lawful requests, and meet tax or accounting obligations
  • consent: where consent is required by law for a specific processing activity

6. Sharing of Personal Data

Glass may share personal data with service providers and processors that help operate the services, including categories such as:

  • hosting and deployment providers
  • analytics providers
  • authentication providers
  • payment processors
  • database and application infrastructure providers
  • AI or model providers where you actively use AI features
  • email providers or support tooling if introduced later
  • legal, accounting, or security advisers where necessary

Based on the current setup, these providers may include:

  • Vercel for website hosting and web analytics
  • Stripe for billing and payment processing
  • Convex or equivalent application infrastructure for Glass Bot backend and storage
  • Google where used as a sign-in provider
  • model or API providers you choose to use through Glass Bot or related AI functionality

Glass may also disclose personal data:

  • if required by law, court order, or valid governmental request
  • to protect rights, security, systems, users, or the public
  • in connection with a business reorganization, transfer, or sale, if one occurs

7. Analytics and Cookies

The website uses:

  • essential technical functionality
  • Vercel Web Analytics or equivalent website analytics, as currently configured by Glass
  • limited preference storage where necessary for site or interface behavior

See the Cookie Policy for more detail.

8. Data Retention

Glass keeps personal data only as long as reasonably necessary for the purposes described above.

In general:

  • support messages may be retained for as long as needed to handle the issue and maintain support history
  • website analytics and technical logs may be retained for operational, security, and product-analysis purposes
  • Glass Bot account information may be retained while your account remains active and for a reasonable period afterward
  • Glass Bot chat content and related metadata may be retained until deleted by you, until account closure, or until no longer needed for service operation, subject to backup and legal retention constraints
  • encrypted provider credentials may be retained until you disconnect the provider or delete your account
  • billing and accounting records may be retained for the period required by applicable law, which may extend for several years

If you request deletion, Glass will delete or anonymize relevant personal data within a reasonable period unless continued retention is required by law, necessary for security, needed to establish or defend legal claims, or technically unavoidable in backup systems for a limited period.

9. International Transfers

Glass and its service providers may process personal data outside your country of residence, including outside the EEA or UK.

Where required, Glass relies on appropriate transfer mechanisms and contractual safeguards offered by its service providers.

10. Security

Glass uses reasonable technical and organizational measures designed to protect personal data.

However, no method of storage, transmission, or processing is completely secure. Glass cannot guarantee absolute security.

11. Your Rights

Depending on your location, you may have rights to:

  • access your personal data
  • correct inaccurate personal data
  • request deletion
  • request restriction of processing
  • object to certain processing
  • request portability where applicable
  • withdraw consent where processing is based on consent
  • lodge a complaint with a supervisory authority

If you are in France, you may also lodge a complaint with the CNIL.

To exercise your rights, email naaiyyyy@gmail.com with the subject line Privacy Request and enough information for Glass to identify your account or records.

Glass may ask for reasonable proof of identity before acting on a request.

12. Children

The website and services are not intended for individuals under 18 years old. Glass does not knowingly target or knowingly collect personal data from individuals under 18.

13. Third-Party Services

The services may link to or depend on third-party products and services. Their privacy practices are governed by their own terms and notices, not this policy.

This is especially important for current Glass flows that still rely in part on Zed-operated infrastructure and for any third-party AI or authentication provider used through Glass Bot.

14. Changes to This Policy

Glass may update this Privacy Policy from time to time. The updated version becomes effective when posted on the website unless otherwise stated.

15. Contact

For privacy questions or requests, contact:

naaiyyyy@gmail.com

Terms of Service

Terms governing the use of Glass websites, products, and services.

Cookie Policy

Information about cookies and similar technologies used by the Glass website.

On this page

1. Introduction2. Summary3. Data We Collect3.1 Data you provide directly3.2 Data collected automatically3.3 Payment information3.4 Authentication data3.5 Product-specific notesGlassGPUIGlass Bot4. How We Use Personal Data5. Legal Bases for Processing6. Sharing of Personal Data7. Analytics and Cookies8. Data Retention9. International Transfers10. Security11. Your Rights12. Children13. Third-Party Services14. Changes to This Policy15. Contact