Glaux

Privacy Policy

Effective Date: July 1, 2026

Glaux Labs LLC, a Maryland limited liability company (“Glaux Labs,” “Glaux,” “we,” “our,” or “us”), operates the Glaux application and related websites, software, and services (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the Service, and the rights and choices available to you.

Business Address: [Business Address Coming Soon]

By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

1. Information We Collect

1.1 Information You Provide to Us

  • Account information. When you create an account or sign in — via Sign in with Apple, Facebook Login, Google, email, or phone number (authenticated through Google Firebase Authentication) — we receive identifiers such as your name, email address, and a provider-assigned user identifier, as authorized by you and your chosen sign-in provider.
  • Profile information. Preferences and settings you configure within the Service.
  • User-generated content. Highlights, notes, journal entries, vocabulary saves, quiz responses, reading progress, and your Memory Deck.
  • Uploaded documents and files. Books, PDFs, articles, web links, and other materials you import into the Service.
  • AI interactions and prompts. The questions you ask, the chats you create, and the passages or document excerpts you submit to AI features.
  • Subscription and billing information. Purchases are processed by the Apple App Store or Google Play. We receive transaction and entitlement records (such as subscription status) but do not collect or store full payment card numbers.
  • Communications. Messages you send us through our contact or support channels, including your email address and message contents.

1.2 Information We Collect Automatically

  • Usage and feature analytics. Features used, reading-session activity, and interaction patterns.
  • Device and technical information. Device type, operating-system version, app version, language, and similar technical details.
  • Performance and crash diagnostics. Performance metrics and crash reports used to maintain stability and reliability.
  • Approximate location. A general region may be inferred from your IP address; we do not collect precise geolocation.
  • Cookies and similar technologies. On our websites, we may use cookies and similar technologies for essential functionality and analytics.

2. How We Use Information

We use information to:

  • Provide, operate, maintain, and improve the Service;
  • Generate AI-powered summaries, quizzes, insights, recommendations, chat responses, and related features;
  • Authenticate users and secure accounts;
  • Process and manage subscriptions and entitlements;
  • Analyze usage, feature engagement, and performance;
  • Communicate with you, including responding to support requests and sending service-related notices;
  • Detect, prevent, and address fraud, abuse, security incidents, and technical issues; and
  • Comply with legal obligations and enforce our agreements.

3. AI Features and Providers

Glaux uses OpenAI to power certain AI features. When you use features such as Ask Glaux, summaries, quizzes, insights, or chat, the relevant passage, document excerpt, or prompt you submit is transmitted to OpenAI to generate a response. OpenAI acts as a service provider to Glaux and processes submitted content on our behalf solely to generate responses and provide AI functionality.

3.1 AI Model Training

Glaux does not use your uploaded documents, notes, highlights, chats, summaries, or other personal content to train public, general-purpose foundation AI models. Information submitted to AI features may be processed by OpenAI solely for the purpose of generating responses and providing AI functionality, and not to train OpenAI’s general-purpose models.

4. Analytics

We use Firebase Analytics (a Google service) to understand how the Service is used and to keep it reliable, including:

  • Usage analytics;
  • Feature-usage measurement;
  • Performance monitoring; and
  • Crash diagnostics, where applicable.

5. How We Share Information

We do not sell your personal information. We share information only as described below:

  • Service providers. With vendors who process information on our behalf to operate the Service, under contractual confidentiality and data-protection obligations.
  • Legal and safety. When we believe disclosure is reasonably necessary to comply with law or legal process, enforce our terms, or protect the rights, property, or safety of users, the public, or Glaux.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this Privacy Policy.
  • With your direction or consent. When you ask us to share information or otherwise consent.

5.1 Third-Party Service Providers

Examples of providers we use include:

  • OpenAI — AI processing for generated responses and features;
  • Google Firebase — authentication, database, cloud storage, and analytics;
  • Apple App Store — app distribution and subscription processing;
  • Google Play — app distribution and subscription processing; and
  • Meta Platforms, Inc. (Facebook Login) — authentication, where you choose to sign in with Facebook.

We may engage additional service providers as the Service evolves; this Privacy Policy continues to govern information handled on our behalf.

6. Legal Bases for Processing (GDPR / UK GDPR)

Where the EU/UK General Data Protection Regulation applies, we process personal data on the following legal bases:

  • Performance of a contract — to provide the Service you request and administer your account and subscription;
  • Legitimate interests — to operate, secure, analyze, and improve the Service, balanced against your rights;
  • Consent — where we rely on consent (for example, certain optional features or communications), which you may withdraw at any time; and
  • Compliance with legal obligations — to meet our legal and regulatory requirements.

7. International Data Transfers

Glaux is operated from, and information is processed in, the United States, and may be processed in other countries where we or our service providers operate. Where required by law, we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses or other lawful transfer mechanisms.

8. Data Retention

  • Account data. Retained while your account remains active.
  • Deleted accounts. After deletion, certain information may be retained for a limited period as reasonably necessary for security, fraud prevention, legal compliance, dispute resolution, and backup recovery, after which it is deleted or de-identified.
  • Logs and analytics. Retained only as long as reasonably necessary for the purposes described in this Policy.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your information;
  • Port your information (receive it in a portable format);
  • Restrict certain processing;
  • Object to certain processing; and
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@glaux.app. We will respond within the timeframes required by applicable law. You may also delete your account and associated data by contacting us; we process deletion requests within a reasonable period.

EEA/UK residents have the right to lodge a complaint with their local data-protection supervisory authority.

California residents have rights under the CCPA/CPRA, including the rights to know, access, correct, and delete personal information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.

10. Security

We use industry-standard safeguards designed to protect your information, including:

  • Encryption in transit;
  • Access controls limiting who can access information;
  • Monitoring and logging; and
  • Other technical and organizational measures appropriate to the risk.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children’s Privacy

The Service is not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. Where a higher minimum age applies in your jurisdiction (for example, certain countries in the European Economic Area), you must meet that applicable age requirement to use the Service. If we learn that we have collected personal information from a child below the applicable age without appropriate consent, we will take steps to delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” above and, where appropriate, provide additional notice. Your continued use of the Service after an update takes effect constitutes acceptance of the revised Privacy Policy.

13. Contact Us

For privacy questions or to exercise your rights, contact:

Glaux Labs LLC
Email: privacy@glaux.app
Business Address: [Business Address Coming Soon]