Effective Date: July 3, 2026
This Privacy Policy describes how Glyphh AI LLC (“Company”, “we”, “us”) collects, uses, and protects your information when you use Glyphh (the “Service”), including the desktop application, the hosted platform, and the Glyphh relay that connects your own AI tools to your workspace.
Account Information: When you register or subscribe, we collect your email address, name, organization name (if provided), and an encrypted (hashed) password. Payment information is processed by Stripe; we do not store your full payment card details.
Billing and Usage Metadata: When the Service performs a billable operation for you — driving your workspace, controlling windows, or executing a tool or integration call — we record metadata about that operation so we can meter credits, show your usage, and prevent abuse: the operation performed, the app or tool involved, whether it ran on your machine or through an integration, its measured duration, the credits charged, a request identifier, status, and a timestamp. This metadata does not include the content of your AI prompts or the models' responses.
Usage Data: We may collect anonymized, aggregated product analytics (e.g., feature usage, error reports) to improve the Service.
Device Information: For activation and validation, we may generate a machine fingerprint (a one-way hash of hardware identifiers). This hash cannot be used to identify your specific hardware.
Your AI runs under your own account. Glyphh does not resell, proxy, or run AI models. You connect AI clients you already license (for example, Claude, ChatGPT, or Gemini) to the Service, and all model inference happens between you and that provider under your own account and its privacy policy. Your prompts and the models' responses are not routed through us for the purpose of inference, and we do not retain or store them.
What the relay carries. When a connected AI client asks the Service to perform an action — open an app, arrange your windows, run a skill, or call a connected service — that request and its result pass through the relay so we can deliver it to your workspace. We process this transiently to route the request and screen it for abuse (an injection firewall), and we retain only the usage metadata described in Section 1, not the content of the underlying work. You may also run the Service's local server mode, in which these requests never leave your machine.
Provider API keys. Where a feature calls a model directly, you may supply your own provider API key. If you store a key with us, it is encrypted at rest and used only to make requests you initiate to that provider; we never use it for our own purposes and never expose it back to any connected client.
Your workspace library — apps, layouts, skills, and preferences — is stored in your organization's account so it can sync across your machines; sign in anywhere and it travels with you. Provider API keys you choose to store are encrypted at rest. Connections to third-party services are held by our integration partner (see Section 6) so your AI can act on them; you can disconnect any service at any time.
We use an integration partner (Pipedream) to connect third-party applications so your AI tools can act on them; connecting an app authorizes that partner to hold the resulting access on your behalf, subject to its privacy policy. We use Stripe for payment processing; Stripe's handling of your payment information is governed by Stripe's Privacy Policy. AI model providers you connect process your prompts under their own privacy policies, not ours.
We implement industry-standard security measures, including encryption in transit (TLS) and at rest. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
We retain account, billing, and usage-metadata records for the duration of your account plus a reasonable period thereafter, and as required by law (for example, payment records). We do not retain the content of relayed requests beyond what is necessary to route them to your workspace. You may request deletion of your account data at any time by contacting us.
Depending on your jurisdiction, you may have the right to:
To exercise these rights, contact us at support@glyphh.ai.
The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.
If you are accessing the Service from outside the United States, your information may be transferred to and processed in the United States and in the locations where our providers operate. By using the Service, you consent to such transfer.
We may update this Privacy Policy from time to time. We will notify you of material changes through the application or via email. Continued use of the Service after changes constitutes acceptance.
For privacy-related questions or requests, contact us at support@glyphh.ai.