In this Privacy Policy, the following terms have the meanings set out below:

• “Services” means the Aglide platform, including our browser extension, desktop application, web dashboard, website (aglide.com), APIs, and all related software or features we offer.
• “Customer” means an organization (such as your employer) that has entered into an agreement with Aglide to use the Services.
• “End User” means an individual who accesses or uses the Services through a Customer, such as an employee or contractor of the Customer.
• “Personal Data” means any information that relates to an identified or identifiable individual, as defined by applicable privacy laws.
• “Controller” means the entity that determines the purposes and means of processing personal data.
• “Processor” means the entity that processes personal data on behalf of the Controller.
• “Cookies” means small text files placed on your device that help us track usage, preferences, or identify return users.

This policy applies to:

• Users of the Aglide Platform (including web dashboard, browser extension, and desktop app)
• Visitors to our websites, including www.aglide.com and any subdomains
• Anyone who contacts us, interacts with our team, attends events, or participates in our marketing initiatives

This Privacy Policy applies only to personal data Aglide collects and uses for its own purposes as a data controller, such as:

• Contact details of Customer administrators
• Support and communication records
• Usage information about how Customer accounts interact with our Services

1. Personal Data We Collect as a Controller

We collect and use limited personal data as a controller to operate and improve the Aglide Services, communicate with customer contacts, and support our customers. This includes:

• Contact Information: Names, business email addresses, phone numbers, job titles, and organization names of customer users.
• Account Information: Usernames, roles, preferences, and metadata such as organization settings and workspace configuration.
• Support & Communication Data: Information provided to us when a customer contact reaches out for support, including the content of messages and associated metadata.
• Product Usage & Technical Data: We collect telemetry about how customer users interact with the Aglide Dashboard and Aglide Desktop app. This includes: IP address and device/browser information; Feature usage and performance metrics; Diagnostic logs and error reports; Session replay recordings of user interactions in the Aglide Desktop App and Dashboard, collected using PostHog, to help us debug issues and improve usability.

We do not collect or record sensitive vault contents, credentials, or private encrypted data as part of these recordings.

2. Personal Data Processed on Behalf of Customers

When an organization uses Aglide, we process personal data of their end users on their behalf. This includes:

• Account Credentials: Encrypted usernames, passwords, MFA tokens.
• User Metadata: Login activity, device identifiers, vault access history, session timestamps, and role-based access information.
• Directory & Provisioning Data: Email addresses and account identifiers for end users provisioned through enterprise identity systems or integrations.
• Session Activity: Interactions with Aglide services, such as login events, browser extension activity, and desktop session events.

We do not access or decrypt secure content stored by end users. All sensitive data is end-to-end encrypted, and only the organization or its users have the ability to decrypt it.

How we collect information

We collect personal data through:

• Direct Input: When admin users configure their accounts, submit support tickets, or communicate with us.
• Automated Collection: Logs, session metadata, diagnostic reports, and analytics (e.g., PostHog) as part of the Services.
• Enterprise Integrations: Data provided by customers via identity providers, SCIM provisioning, or custom integrations

As a controller

When we act as a data controller, we use personal data to:

• Provide and operate the Aglide Services - including account creation, authentication, dashboard access, and service functionality.
• Respond to customer requests and provide support - using contact details and technical metadata to resolve issues and communicate effectively
• Maintain and improve the Services - we analyze technical logs, usage telemetry, and session recordings to fix bugs, enhance performance, and improve user experience
• Secure our systems and detect misuse - monitoring logs and metadata to detect abuse, prevent unauthorized access, and maintain platform integrity
• Comply with legal obligations - including audit and tax requirements
• Develop new features and system intelligence - Aglide may use aggregated, de-identified telemetry data to improve the functionality, performance, and intelligence of our systems. This includes using technical metadata (e.g., feature usage metrics, error logs, interaction patterns) to train machine learning models and optimize user experience. We do not use any personally identifiable information (PII), user credentials, vault content, or customer-specific data for these purposes. All training data used in machine learning is:
  
  • Aggregated across multiple customers
  • De-identified to prevent re-identification
  • Free from sensitive or secure content
• Aglide does not use end user data for AI or product development unless explicitly authorized by the Customer. We will always disclose and document such uses in advance as part of our contractual and compliance obligations.

As a processor

When we act as a data controller, we use personal data to:When we act as a processor on behalf of a Customer, we process end user data solely to:

• Store encrypted vaults and credentials (Aglide does not access or decrypt sensitive content.)
• Authenticate and authorize users (using credentials and session metadata to securely manage access.)
• Support organizational policies and workflows (based on provisioning data, admin-defined rules, and account configurations.)

Data we share as a controller:

We may share limited data collected in our role as a controller with:

• Service Providers & Subprocessors: We use trusted third-party vendors to help operate the Services (e.g., hosting, customer support, analytics, and email delivery). These providers only access data to perform specific functions on our behalf and are contractually obligated to protect it.
• Legal & Regulatory Authorities: We may disclose data when required by law, legal process, or to protect our rights, privacy, safety, or property.
• Corporate Transactions: In connection with a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction, subject to standard confidentiality arrangements.

Data we share as a processor:

When processing end user data on behalf of our Customers, we only share data:

• With the Customer organisation that controls the data
• With subprocessors who help us deliver the Services
• As directed by the Customer
• As required by applicable law, subject to appropriate legal safeguards.

Types of tracking technologies we use:

• Essential Cookies: These are required for our Services to function properly, such as enabling secure login and session management.
• Functional Cookies: These help remember your preferences and settings (e.g. language, UI state).
• Analytics Cookies: We use tools like PostHog to collect aggregated, pseudonymized usage analytics. This includes data such as feature interactions, session duration, and error reports. We do not capture sensitive content (e.g., vault contents or credentials).
• Performance & Debugging Tools: Diagnostic logs and session replay data help us troubleshoot issues and improve user experience. Replays are collected only within the Aglide Dashboard and Desktop app and never include encrypted or sensitive fields.

How we use these technologies:

We use these tools to:

• Improve platform performance and usability
• Detect bugs or issues through session recording and logs
• Analyze how customers interact with features (e.g., which settings are frequently used)
• Monitor system health and load
• Ensure secure authentication and fraud prevention

Your choices and controls:

You can control the use of cookies and analytics via:

• Browser Settings: Most browsers allow you to refuse cookies or alert you when they're being used. Disabling cookies may affect certain features of the Aglide Dashboard or Desktop app.
• Opt-Out Options: You can opt out of cookies directly on the Aglide Website, Aglide Web Dashboard, and the Aglide Desktop App through the cookie preferences settings available in each platform.

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law.

• Controller Data: We retain contact and account information for as long as the Customer maintains an active account, plus a reasonable period thereafter for legal or business purposes. Analytics and usage data may be retained longer in an aggregated, de-identified format.
• Processor Data: We retain end user data according to our Customer's instructions and data retention policies. Following termination of a Customer's subscription, we will delete or return all Customer Data as specified in our agreement with the Customer.

Depending on your location, you may have certain rights regarding your personal data, including:

• Access: Request information about what personal data we process about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request that we delete your personal data in certain circumstances.
• Restriction: Request that we limit how we use your data.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to our processing of your data based on legitimate interests.

If your are an end user of an Aglide customer:

If you use Aglide through your employer or another organization, your account and related data are controlled by that organization.

• In this case, Aglide acts as a processor, and cannot fulfill data rights requests directly.
• Please direct any questions or requests (including data access, correction, or deletion) to your organization's administrator. We will cooperate with our Customer to support the exercise of your rights, where applicable.

Additional information for specific regions:

• European Economic Area / United Kingdom / Switzerland:
  
  • If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with your local data protection authority.
• California Residents (CCPA / CPRA):
  
  • Aglide does not sell or share your personal information for cross-context behavioral advertising. If you are a business contact, you may exercise your rights under California law by contacting us at privacy@aglide.com.
  • We will not discriminate against you for exercising any of your privacy rights.
• How to exercise your rights:
  
  • You may exercise your rights under applicable privacy laws (such as the CCPA, CPRA, CPA, VCDPA, etc.) by emailing us at privacy@aglide.com.
  • If you submit a request, we may need to verify your identity to protect your privacy and security. Depending on the nature of your request, this may include confirming your email address or other identifying information.
• Appealing a denied request (Colorada, Virginia, and similar laws):
  
  • If we deny your request to access, delete, or otherwise exercise your privacy rights, you may have the right to appeal our decision.
  • To submit an appeal, please reply to our original response or send an email to privacy@aglide.com with the subject line “Privacy Request Appeal.” We will review your request and provide a response within the timeframe required by applicable law.
    

Key practices include:

• End-to-end encryption of sensitive content, including user credentials and vault data
• Zero-trust architecture ensuring Aglide cannot access decrypted customer content
• Access control, logging, monitoring, and regular vulnerability assessments
• Secure software development lifecycle (including MFA, peer review, and code audits)

For more details, please refer to our Security Policy and Security Page.

Whenever we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission or UK authorities
• Data Processing Agreements with our subprocessors
• Logical and physical data segregation practices
• Encryption of personal data both in transit and at rest

By using the Services or interacting with us, you acknowledge that your personal data may be transferred and processed in jurisdictions outside of your own.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal obligations. When we do, we will update the "Effective Date" at the top of this page.

We encourage you to review this Privacy Policy periodically. Continued use of the Services after an update constitutes your agreement to the revised policy.

If you have questions or concerns about this Privacy Policy, or if you would like to exercise your rights, please contact us:

• Mailing Address:
  Aglide Inc.
  1111B S Governors Ave #6311
  Dover, DE 19904

If we cannot resolve your issue, you may also have the right to contact your local data protection authority.

Aglide is provided to you by an organization (such as your employer) that is a Customer of Aglide. That organization is the controller of your personal data. Aglide processes your data on their behalf, in accordance with their instructions.

Your organisation may:

• Access and monitor your use of Aglide
• View or export data stored in your organization's vaults
• Disable or delete your account
• Configure how your data is collected or retained

If you have questions about how your personal data is used, or if you wish to exercise your data rights, please contact your organization's administrator. Aglide cannot respond directly to requests regarding end-user data unless instructed by the Customer.