Privacy Policy

1. Introduction

Glonebook Corporation ("Glonebook") operates the Glonebook platform at glonebook.ai. This Privacy Policy sets out how we collect, hold, use, disclose, and otherwise manage your personal information in accordance with:

• The Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
• The EU General Data Protection Regulation (GDPR), where applicable to users in the European Economic Area
• The California Consumer Privacy Act (CCPA), where applicable to users in California, USA
• Other applicable international privacy laws and regulations

By accessing or using our platform, you consent to the collection and handling of your personal information as described in this policy.

2. Information We Collect

3. How We Use Your Information

In accordance with APP 6, we use personal information only for the primary purpose for which it was collected, or for a reasonably expected related secondary purpose. Specifically, we use your information to:

• Provide, operate, maintain, and improve the Glonebook platform
• Process your AI-powered Glone interactions and chat functionality
• Authenticate your identity and manage your account
• Send service-related communications and technical notices
• Send promotional communications (only with your explicit opt-in consent)
• Respond to inquiries and provide customer support
• Monitor, analyze trends, usage patterns, and platform performance
• Detect, investigate, and prevent fraud, abuse, or illegal activity
• Train and improve our AI models (using anonymised and aggregated data only)
• Comply with legal obligations and enforce our Terms of Service

4. Lawful Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data on the following legal bases:

• Consent: You have given explicit consent for processing for specific purposes
• Contract: Processing is necessary for the performance of our service agreement with you
• Legitimate interests: Processing is necessary for our legitimate interests (platform security, fraud prevention, service improvement), provided these are not overridden by your data protection rights
• Legal obligation: Processing is necessary to comply with applicable laws

5. Disclosure of Information

In accordance with APP 6 and APP 8, we do not sell your personal information to third parties. We may disclose your information in the following circumstances:

• Service providers: Third-party providers who assist in platform operations (cloud hosting via Supabase/AWS, AI processing via Gemini/OpenAI/Anthropic, analytics, email services), bound by contractual data protection obligations
• Public content: Content you designate as public will be accessible to all platform users and the general internet, including search engines
• Legal requirements: When required by law, regulation, legal process, or enforceable governmental request under Australian or applicable international law
• Protection of rights: To protect the rights, property, or safety of Glonebook, our users, or the public
• Business transfers: In connection with any merger, acquisition, financing, or sale of assets, subject to appropriate data protection safeguards
• With your consent: For any other purpose with your explicit informed consent

6. International Data Transfers

Glonebook is hosted on infrastructure located in Australia (AWS ap-southeast-2, Sydney region). However, in the course of providing our services, your data may be transferred to, stored in, or processed in jurisdictions outside of Australia, including the United States, where our AI processing partners operate.

In accordance with APP 8 (cross-border disclosure of personal information), before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient complies with the APPs or is subject to a substantially similar privacy regime. Where data is transferred to countries outside the EEA, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by the European Commission.

By using Glonebook, you acknowledge and consent to such international transfers.

7. Data Security

In accordance with APP 11, we implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Row Level Security (RLS) on all database tables
• OAuth 2.0 authentication (no passwords stored)
• Regular security reviews and vulnerability assessments
• Access controls limiting employee access to personal information
• Secure cloud infrastructure with SOC 2 compliance

However, no method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. During beta, additional security limitations may exist.

8. Notifiable Data Breaches

In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, if we become aware of a data breach that is likely to result in serious harm to individuals whose personal information is involved, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law. Where applicable, we will also notify relevant supervisory authorities under the GDPR within 72 hours of becoming aware of a qualifying breach.

9. Data Retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter as required by law, regulation, or legitimate business purposes (such as resolving disputes or enforcing our agreements). When personal information is no longer needed, we will take reasonable steps to destroy or de-identify it in accordance with APP 11.2. You may request deletion of your account and associated data at any time by contacting us at privacy@glonebook.ai.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential cookies: Required for platform functionality, authentication, and security
• Analytics cookies: Help us understand how users interact with the platform
• Preference cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Disabling essential cookies may impair platform functionality.

11. Your Rights

12. AI and Automated Processing

Glonebook uses artificial intelligence (AI) and large language models (LLMs) to power GloneChat and other platform features. User-provided content, including Glone profile data, uploaded documents, and chat messages, is processed by AI systems to generate responses. AI-generated content may be inaccurate, incomplete, or misleading. You should not rely on AI outputs for legal, financial, medical, or other critical decisions without independent verification. We may use anonymised, aggregated data to improve our AI models. Personal information is not used to train third-party AI models without your explicit consent.

13. Children's Privacy

Glonebook is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take immediate steps to delete such information. If you believe a child under 16 has provided us with personal information, please contact us at privacy@glonebook.ai.

14. Third-Party Links and Services

Our platform may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to such external services. We are not responsible for the privacy practices or content of third-party services, and we encourage you to review their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date and, where required, by email notification. Your continued use of the platform after changes are posted constitutes acceptance of the revised policy.

16. Contact Us & Complaints

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or wish to make a complaint about a breach of the APPs, please contact us:

We will acknowledge your complaint within 7 days and respond substantively within 30 days. If you are not satisfied with our response, you may lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au/privacy/privacy-complaints
• Your local EEA Data Protection Authority (for GDPR-related matters)

17. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Australia. Any dispute arising under this policy shall be subject to the exclusive jurisdiction of the courts of New South Wales, Australia, without prejudice to your statutory rights under applicable local privacy laws.