Glimma AI

Privacy Policy

Version: 1.1

Review Date: 24 April 2026

Effective Date: 25 April 2026

Next Review Date: 25 April 2027

This Privacy Policy explains how Glimma AI Inc. and its subsidiaries, including Glimma AI AB, (“Glimma AI”, “we”, “our” or “us”) collect, use, disclose and protect personal data.

This Policy applies when you:

  • visit our website;
  • contact us or request a demo;
  • use the Glimma AI platform as a customer, user or team member;
  • participate in a research study, interview, usability test, prototype test or other study conducted through Glimma AI.

We care about privacy and aim to process personal data in a transparent, secure and responsible way.

1. Who we are

Glimma AI provides an AI-moderated research platform that helps companies conduct interviews, usability tests, prototype tests and other research activities.

Depending on the situation, Glimma AI may act either as a data controller/business or as a data processor/service provider.

When Glimma AI acts as a controller or business, we decide why and how personal data is processed. This applies, for example, when we process data about website visitors, sales contacts, customer account users, billing contacts, support requests and platform security.

When Glimma AI acts as a processor or service provider, we process personal data on behalf of our customer. This usually applies to research participant data collected in studies conducted by our customers through the Glimma AI platform. In those cases, the customer determines the purpose and lawful basis for the research study.

2. Personal data we collect

We collect different types of personal data depending on how you interact with us.

2.1 Information you provide to us

We may collect information that you provide directly to us, such as when you create an account, request a demo, fill out a form, communicate with us or participate in a research study.

This may include:

  • name;
  • email address;
  • phone number;
  • company name;
  • job title or role;
  • country or location;
  • account login information;
  • communication with us;
  • survey, interview or research responses;
  • any other information you choose to provide.

2.2 Information collected through research studies

When you participate in a research study conducted through Glimma AI, we may process information such as:

  • screening answers;
  • interview responses;
  • audio recordings;
  • video recordings, where video is enabled;
  • transcripts;
  • translated transcripts;
  • AI-generated summaries, themes and reports;
  • usability testing data, such as task completion, clicks, time to click, navigation behaviour and interaction with prototypes or websites;
  • demographic or background information, if requested by the customer conducting the study.

The exact data collected depends on the study design set by the customer.

2.3 Information collected automatically

When you use our website or platform, we may automatically collect technical and usage information, including:

  • IP address;
  • device type;
  • browser type;
  • operating system;
  • pages viewed;
  • links clicked;
  • access times;
  • log data;
  • app or platform usage data;
  • error reports and diagnostic information.

We use this information to provide, secure, monitor and improve our services.

3. Audio and video recordings

Glimma AI may process audio and, where enabled, video recordings of participants taking part in research interviews, usability tests or other studies through our platform.

Audio and video recordings are used only for purposes related to the research study, such as:

  • conducting the interview or test;
  • generating transcripts;
  • translating responses;
  • analysing research responses;
  • creating summaries, themes and research reports;
  • allowing the customer to review responses and research outputs.

We do not record audio or video in the background. Recordings are only made as part of the research session, and participants are informed before taking part.

Audio and video data will not be used for marketing or promotional purposes.

4. AI processing and analysis

Glimma AI uses AI to support research activities, including AI-moderated interviews, follow-up questions, transcription, translation, summarisation, theme generation and report creation.

Customer and participant data is processed only to provide the Glimma AI service and related research outputs.

We do not use customer or participant data to train AI models.

Glimma AI does not use facial recognition, biometric identification, biometric enrolment or identity matching as part of its service.

Where optional features for fraud prevention, duplicate detection, participant verification or platform integrity are enabled, these will be used only for the stated purpose, subject to appropriate safeguards and, where required, additional information to participants.

5. How we use personal data

We use personal data for the following purposes:

PurposeExamples of dataLegal basis / reason
To provide the Glimma AI platformName, email address, login activity, authentication data, platform activity, technical logs and error logsContract, legitimate interest or business purpose
To conduct research studies on behalf of customersResearch responses, audio, video, transcripts, usability dataDetermined by the customer when Glimma acts as processor/service provider
To communicate with customers and usersName, email, company, messagesContract, legitimate interest, business purpose or consent
To manage sales and demo requestsName, email, phone number, company, role, communication historyLegitimate interest, business purpose or steps before entering into a contract
To provide supportContact details, messages, technical informationContract, legitimate interest or business purpose
To improve and develop our servicesPlatform usage data, feedback, technical logsLegitimate interest or business purpose
To protect the security of our servicesIP address, logs, access data, security eventsLegitimate interest, legal obligation or business purpose
To comply with legal obligationsBilling data, accounting records, legal requestsLegal obligation
To send marketing communicationsName, email, company, phone number, preferencesConsent or legitimate interest, depending on the situation

Where we rely on legitimate interest, we assess that our interest does not override your rights and freedoms.

6. When our customer is responsible for the research study

In many cases, Glimma AI provides the platform to an enterprise customer who designs and conducts the research study.

In those situations, the customer is normally the data controller under GDPR and the business under applicable U.S. state privacy laws. This means the customer is responsible for:

  • deciding the purpose of the research study;
  • determining the lawful basis or legal reason for processing;
  • informing participants about the study;
  • deciding what personal data is collected;
  • deciding how long study data should be retained;
  • responding to participant privacy rights requests, where applicable.

Glimma AI processes the data on the customer's behalf and according to the customer's instructions, our agreement with the customer, any applicable data processing agreement, and applicable data protection law.

Where required, Glimma AI enters into a Data Processing Agreement or similar data protection terms with the customer. This agreement regulates how Glimma AI may process personal data on behalf of the customer, including instructions, confidentiality, security measures, subprocessors, international transfers, assistance with privacy rights requests, and deletion or return of personal data.

If you participated in a study and want to exercise your privacy rights, you may contact either the customer who invited you to the study or Glimma AI. If Glimma AI is acting as processor or service provider, we may need to forward your request to the relevant customer.

7. Sharing of personal data

We may disclose personal data in the following situations:

With our customers

If you participate in a research study, your responses, recordings, transcripts, translations, summaries and related research outputs may be shared with the customer responsible for the study.

With service providers and subprocessors

We use trusted service providers to help us operate, host, secure and improve our services. These may include providers for:

  • cloud hosting and infrastructure;
  • database hosting;
  • AI processing;
  • transcription and translation;
  • email delivery;
  • analytics;
  • security monitoring;
  • customer support;
  • payment and billing, where applicable.

These service providers may only process personal data according to our instructions and for the purposes described in this Policy or our agreements with customers.

With authorities or legal advisors

We may disclose personal data where required by law, legal process, court order or government authority, or where necessary to protect our legal rights.

In connection with business changes

We may disclose personal data in connection with a merger, acquisition, financing, restructuring or sale of all or part of our business, subject to appropriate confidentiality and data protection safeguards.

With your consent

We may disclose personal data where you have given us consent or asked us to do so.

8. Sale or sharing of personal data

Glimma AI does not sell personal data. Glimma AI does not share personal data for cross-context behavioural advertising as defined under California privacy law.

9. International transfers

Glimma AI operates internationally, including through Glimma AI Inc. in the United States and Glimma AI AB in Sweden.

We aim to store customer and research data in the EU/EEA where possible.

Some service providers may process personal data outside the EU/EEA, including in the United States. Where this happens, we use appropriate safeguards, such as the European Commission's Standard Contractual Clauses or other lawful transfer mechanisms under applicable data protection law.

The European Commission's modernised Standard Contractual Clauses are used for certain transfers of personal data from the EU/EEA to countries outside the EU/EEA.

10. Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected, unless a longer period is required by law, contract or legitimate business need.

Typical retention periods include:

Data typeRetention
Customer account dataRetained while the account is active and for a reasonable period after account closure
Sales and demo contact dataRetained while we have an active business relationship or for a reasonable period after last interaction
Support communicationRetained as needed to provide support, resolve issues and maintain business records
Research participant dataRetained according to the customer's instructions, study settings and applicable agreement
Audio and video recordingsDeleted within 6 months after the study is completed, unless the customer requests earlier deletion or a longer retention period is required by law or agreed in writing with a valid legal basis
Transcripts, translations and research outputsRetained according to the customer agreement or study settings
Security logsRetained for a limited period needed for security, troubleshooting and audit purposes
Billing and accounting dataRetained as required by applicable accounting and tax laws
BackupsDeleted or overwritten according to our backup retention routines

When personal data is no longer needed, we delete it, anonymise it or securely dispose of it.

11. Security

We use technical and organisational measures designed to protect personal data from unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

  • access controls;
  • role-based permissions;
  • encryption in transit;
  • encryption at rest where appropriate;
  • logging and monitoring;
  • secure development practices;
  • vendor review;
  • backup routines;
  • incident response procedures.

Access to personal data is limited to authorised personnel and service providers who need access to provide, maintain or support the service. No system is completely secure, but we take reasonable steps to protect personal data and continuously improve our security practices.

12. Cookies and website analytics

We may use cookies and similar technologies on our website and platform to:

  • operate the website and platform;
  • remember preferences;
  • understand website usage;
  • improve our services;
  • support security and performance;
  • measure marketing effectiveness, where applicable.

Where required by law, we ask for your consent before using non-essential cookies. You can manage cookie preferences through your browser settings or, where available, through our cookie banner.

13. Your privacy rights

Depending on where you are located and the type of processing involved, you may have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data;
  • object to certain processing;
  • request restriction of processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • object to direct marketing.

If you withdraw consent, this does not affect processing that took place before the withdrawal.

To exercise your rights, contact us at privacy@glimma.ai.

If your request relates to a research study where Glimma AI acts as processor or service provider, we may forward your request to the customer responsible for the study.

14. Additional notice for U.S. residents

This section applies to residents of the United States where applicable U.S. state privacy laws give individuals additional rights.

Depending on your state of residence, you may have the right to:

  • know what personal information we collect, use, disclose or share;
  • access personal information we hold about you;
  • request correction of inaccurate personal information;
  • request deletion of personal information;
  • receive a copy of your personal information in a portable format;
  • opt out of the sale of personal information;
  • opt out of sharing personal information for cross-context behavioural advertising;
  • opt out of certain targeted advertising, where applicable;
  • limit certain uses of sensitive personal information, where applicable;
  • appeal a decision we make about a privacy request, where applicable;
  • not be discriminated against for exercising your privacy rights.

Glimma AI does not sell personal information and does not share personal information for cross-context behavioural advertising.

To submit a U.S. privacy request, contact us at privacy@glimma.ai.

We may need to verify your identity before responding to your request. You may also be able to use an authorised agent to submit a request on your behalf, where permitted by applicable law.

If we deny your request, you may have the right to appeal our decision by contacting us again at privacy@glimma.ai with the subject line “Privacy Appeal.”

California law gives consumers rights such as the right to know, delete, correct, opt out of sale/share, limit certain uses of sensitive personal information and non-discrimination for exercising privacy rights.

15. Categories of personal information for U.S. privacy purposes

For U.S. privacy law purposes, we may collect the following categories of personal information:

CategoryExamples
IdentifiersName, email address, phone number, IP address, account identifiers
Customer records informationCompany, role, billing or business contact details
Commercial informationSubscription, account, billing or customer relationship information
Internet or network activityDevice information, browser information, pages viewed, links clicked, platform usage, logs
Audio, electronic or visual informationAudio recordings, video recordings, interview responses
Professional or employment-related informationCompany name, job title, professional role
Inferences or derived dataAI-generated themes, summaries, research insights or analytical outputs
Sensitive personal information, where applicableInformation that may be included in research responses, depending on the study design

We collect and disclose these categories for the purposes described in this Policy, including providing the platform, conducting research studies on behalf of customers, improving services, maintaining security, providing support and complying with legal obligations.

16. Sensitive personal data

Glimma AI does not require participants to provide sensitive personal data as part of its standard service.

However, some research studies may involve questions or responses that include sensitive information, such as health information, political opinions, religious beliefs, ethnicity, sexual orientation or other special category or sensitive personal data.

Where this occurs, the customer responsible for the study is responsible for ensuring that there is a valid lawful basis or legal reason and that participants receive appropriate information before taking part.

Participants may decline to answer questions or withdraw from a study in accordance with the information provided for that study and applicable law.

We do not use sensitive personal information for purposes other than providing and securing the service, complying with law, or as otherwise disclosed to you.

17. Biometric information

Glimma AI does not use facial recognition, biometric identification, biometric enrolment or identity matching as part of its research service.

Audio and video recordings may be processed to conduct research interviews, generate transcripts, analyse responses and create research outputs. These recordings are not used to identify participants unless a specific optional verification or fraud-prevention feature is enabled and appropriate notice, safeguards and legal basis are in place.

The U.S. Federal Trade Commission has highlighted that companies should avoid misleading claims and implement reasonable privacy and security measures when using biometric information technologies.

18. Children's data

Glimma AI is not intended for use by children without appropriate consent or authorisation.

We do not knowingly collect personal data from children where parental, guardian or other legally required consent is needed, unless such consent has been obtained by the customer responsible for the study.

For users or participants in the United States, we do not knowingly collect personal information online from children under 13 unless verifiable parental consent or another legally valid basis has been obtained, where required. COPPA applies to operators of websites or online services directed to children under 13, and to operators that have actual knowledge that they collect personal information from children under 13.

If we become aware that personal data from a child has been collected without appropriate consent, we will take steps to delete or restrict the data as required by applicable law.

19. Marketing communications

We may send marketing communications to business contacts, customers and prospective customers where permitted by law.

You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us at privacy@glimma.ai.

We will still be able to send service-related messages, such as security notices, account updates and important information about the platform.

20. Complaints

If you have questions or concerns about how we process personal data, please contact us first at privacy@glimma.ai.

You may also have the right to lodge a complaint with a data protection or privacy authority.

If you are in Sweden, you can contact the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten, at imy@imy.se.

If you are in the United States, you may be able to contact your state attorney general or applicable state privacy regulator.

21. Changes to this Policy

We may update this Privacy Policy from time to time.

The latest version will always be available on our website. If we make material changes that affect your rights or how we process personal data, we will take reasonable steps to inform you, such as by email, platform notification or website notice.

22. Contact

For questions about this Privacy Policy or how we process personal data, please contact:

Glimma AI
Email: privacy@glimma.ai

For privacy-related questions, you may also contact our privacy contact:

Jazgul Ismailova
CEO, Glimma AI
Email: jazgul@glimma.ai