Privacy Policy

Account Information. When you register for a Glasshouse account, we collect your name, email address, job title, company name, and billing information. If you sign up using a single sign-on provider, we receive your name and email address from that provider.

Usage Data. We automatically collect information about how you use the Service, including the features you access (such as graph explorer, entity resolution, risk scoring, and bulk import), search queries you perform, data sources you query (Companies House, Land Registry, FCA Register, PSC Register), timestamps, and the results you view or export.

Technical Data. We collect your IP address, browser type and version, operating system, device identifiers, referring URL, pages visited, and time spent on pages. This data is collected through server logs and cookies (see our Cookie Policy).

Customer-Uploaded Data. When you use features such as CSV import, bulk import, or API-based data submission, you may upload personal data relating to individuals who are the subject of your investigations. You are the data controller for this data, and we process it on your behalf in accordance with our Data Processing Agreement.

Communications. If you contact us by email, through our website, or via customer support channels, we collect the content of your communications, along with any metadata such as timestamps and sender information.

Public Register Data. The Service aggregates and processes data from publicly available registers, including Companies House filings, HM Land Registry CCOD and OCOD datasets, PSC (Persons with Significant Control) registers, FCA authorisation records, and OFSI sanctions lists. While this data is sourced from public records, it may constitute personal data under Data Protection Laws.

Providing the Service. We use your account information and usage data to operate, maintain, and provide the features and functionality of the Service, including entity search, graph analysis, entity resolution, risk scoring, sanctions screening, and investigation management.

Account Management. We use your personal data to create and manage your account, process payments, send invoices, and communicate with you about your subscription and usage.

Service Improvement. We analyse usage patterns and technical data to improve the Service, develop new features, fix bugs, and optimise performance. This includes analysing how users interact with data source integrations, search interfaces, and graph visualisations.

Security and Fraud Prevention. We use your data to detect, prevent, and address technical issues, security threats, fraud, and abuse of the Service. This includes monitoring for unauthorised access to sensitive corporate intelligence data.

Communications. We may send you service-related communications such as account notifications, security alerts, and technical updates. With your consent, we may also send you marketing communications about new features, product updates, and industry insights. You can opt out of marketing communications at any time.

Legal Compliance. We process personal data as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including responding to lawful requests from law enforcement or regulatory authorities.

Performance of a Contract. Processing is necessary for the performance of the contract between you and Glasshouse (our Terms of Service), including providing the Service, managing your account, and processing payments.

Legitimate Interests. Processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include improving and securing the Service, conducting analytics, preventing fraud, and marketing our products to existing customers. We conduct balancing tests to ensure our legitimate interests do not adversely affect your rights.

Consent. Where we rely on your consent to process personal data (such as for marketing communications or non-essential cookies), you may withdraw your consent at any time by contacting us at privacy@glasshouse.sh or using the relevant opt-out mechanism. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Legal Obligation. Processing is necessary to comply with a legal obligation to which Glasshouse is subject, such as tax reporting requirements, responding to regulatory enquiries, or preserving records as required by law.

Public Interest. In certain circumstances, the processing of public register data (such as Companies House filings and PSC register data) is carried out in the public interest or under official authority, as these datasets are published for purposes of transparency and public accountability.

Service Providers. We share personal data with trusted third-party service providers who perform services on our behalf, such as cloud hosting, payment processing, email delivery, customer support, and analytics. These providers are contractually obligated to process personal data only on our instructions and in accordance with Data Protection Laws.

Legal Requirements. We may disclose personal data if required to do so by law, regulation, or legal process, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or property, prevent fraud, or ensure the safety of our users or the public.

Business Transfers. In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your personal data.

With Your Consent. We may share your personal data with third parties where you have given us your explicit consent to do so.

Glasshouse is based in the United Kingdom. Your personal data may be transferred to, stored, and processed in countries outside the United Kingdom where our service providers or Sub-processors are located.

Where we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place as required by Data Protection Laws. These safeguards may include transferring data to countries that have received an adequacy determination from the UK Secretary of State, entering into the UK International Data Transfer Agreement, or implementing other approved transfer mechanisms.

You may request a copy of the safeguards we have put in place for international data transfers by contacting us at privacy@glasshouse.sh.

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Account Data. We retain your account information for the duration of your account and for up to 12 months after account closure, unless longer retention is required by law or for the establishment, exercise, or defence of legal claims.

Usage and Technical Data. Usage logs and technical data are retained for up to 24 months for analytics and service improvement purposes. Audit logs related to investigations and data access within the platform may be retained for longer periods to meet regulatory compliance requirements.

Customer-Uploaded Data. Data uploaded by customers through CSV import, bulk import, or API submission is retained for the duration of the customer's subscription and deleted within 90 days of account termination, unless otherwise agreed in the Data Processing Agreement.

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention policies and applicable Data Protection Laws.

Right of Access. You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification. You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure. You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected or you withdraw your consent.

Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.

Right to Object. You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis, or where we process your data for direct marketing purposes.

Rights Related to Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such processing is authorised by law or based on your explicit consent.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that data as soon as practicable.

If you are a parent or guardian and believe that your child has provided personal data to Glasshouse, please contact us at privacy@glasshouse.sh so that we can take appropriate action.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include encryption of data in transit and at rest, role-based access controls, comprehensive audit logging, and regular security testing.

While we take reasonable precautions to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data, but we are committed to maintaining industry-standard security practices and continuously improving our security posture.

For more information about our security measures, please visit the Security section of our website or contact us at security@glasshouse.sh.