Glide collects what’s needed to operate a regulated account and not more. This page documents what’s collected, what’s retained, how long, and how to exercise your rights over it.Documentation Index
Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
What we collect
| Category | Why we collect it | Retention default |
|---|---|---|
| KYC ID and selfie | Regulated identity verification | 7 years post-account-closure (regulatory minimum) |
| Sanctions screening logs | Demonstrate compliance to regulators | 7 years |
| Transaction history | Operate the account, file regulatory reports | 7 years |
| Card transaction detail | Card statements, dispute support | 7 years |
| Activity feed receipts | Audit log for the account | 1 year (default), opt-in 1–7 years |
| Sign-in and device metadata | Account security, fraud detection | 90 days for non-anomalous; longer if flagged |
| Support conversation history | Resolve cases, regulatory record-keeping | 5 years |
| Marketing-opt-in preferences | Email and product communication | Until you opt out + 6 months |
- Browsing history outside Glide. No tracking pixels for adtech, no cross-site behavior collection.
- Location data beyond what you provide for account opening. We don’t continuously track where your device is.
- Contact list, photo library, or other device data beyond what you upload (e.g., a profile photo).
- Biometric data after KYC. The selfie used for KYC matching is processed by the doc-check provider for that one match and discarded; it’s not retained for biometric login.
Where data lives
Data is stored in the jurisdiction matching your account region:- Canadian-residence accounts: Canada.
- UK-residence accounts: UK.
- EU-residence accounts: EU (specifically, an EU member state with adequate data-protection certification).
- Hong Kong / Singapore-residence accounts: in-region.
Your rights
Under GDPR (EU), UK GDPR (UK), PIPEDA (Canada), PDPO (HK), PDPA (SG), you have the right to:- Access — request a copy of all the data we hold on you.
- Correction — correct inaccurate data.
- Deletion — request deletion of data, subject to retention requirements that come from regulation.
- Portability — request your data in a portable format.
- Object — object to specific processing (e.g., marketing).
What deletion can and can’t do
You can delete:- Your activity feed beyond the regulatory minimum (after 7 years for transaction history; after 1 year for receipts in the default tier).
- Marketing preferences — immediate.
- Profile photo and non-required metadata — immediate.
- Closed-account data beyond the 7-year regulatory hold — deletion runs after the 7-year clock expires.
- Transaction history — required to be retained for regulatory reasons.
- KYC documents and sanctions screening logs — same.
- AML monitoring detail — same.
DSAR redaction in receipts
If you redact a field in your activity feed (e.g., a counterparty name in a transaction you’d rather not retain visible), the receipt row stays in the audit log but the field is nulled and the redacted-fields bitmap is set. The replay UI renders the redacted field with a[REDACTED] watermark.
This preserves audit-log tamper-evidence (we can’t make a row vanish) while honoring your deletion right (the actual data is gone).
Cookies and tracking
The Glide web dashboard uses:- Strictly necessary cookies — session management, sign-in state. Cannot be disabled.
- Analytics cookies — aggregate usage tracking. Off by default outside the EU; opt-in via the cookie banner.
- No advertising cookies. No third-party tracking pixels. No retargeting.