Back to Home

Privacy Policy

Effective Date: August 20, 2025

Glinto (“we,” “our,” “us”), operated by XSTIR L.L.C., is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal and business data.

1. Information We Collect

  • Uploaded Data: Invoices, receipts, and financial documents you upload to Glinto.

  • Account Information: Name, email, phone number, business details.

  • Integration Data: Information from connected accounting systems (e.g., QuickBooks).

  • Usage Data: Technical data such as IP addresses, browser type, and access logs.

2. How We Use Your Data

We use your data to:

  • Process, categorize, and extract information from invoices.

  • Provide integrations with accounting systems.

  • Improve our services through analytics.

  • Communicate with you regarding your account or updates.

3. Use of AI Services

  • We use third-party AI providers, including OpenAI, to process invoice text and extract structured data.

  • OpenAI acts as a data processor on our behalf. We have signed a Data Processing Agreement (DPA) with OpenAI, including Standard Contractual Clauses, ensuring GDPR compliance.

  • Data sent to OpenAI is:

    • Not used for model training

    • Retained only as long as necessary to generate the requested output

    • Processed only under Glinto’s instructions

4. Subprocessors

We share data only with trusted providers who act as subprocessors on our behalf. They process data under strict contractual obligations.

Our subprocessors include:

  • OpenAI, L.L.C. – AI-based invoice data extraction (United States)

  • DigitalOcean, LLC (AMS3 region – Amsterdam, Netherlands) – Cloud hosting and storage

For a complete and updated list, see our Subprocessors Page.

5. Data Sharing

We do not sell your data. We only share it with:

  • Service providers acting on our behalf (see subprocessors)

  • Regulatory authorities when required by law

6. Data Retention

  • Documents and invoice data are retained only as long as necessary to provide the service or as required by law.

  • You may request deletion of your data at any time.

7. Security

We use encryption and industry-standard measures to protect your data.

8. International Data Transfers

Data may be processed outside your country. Where required, we use EU Standard Contractual Clauses and other safeguards.

9. Your Rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have rights to:

  • Access, correct, or delete your data

  • Restrict or object to processing

  • Request data portability

You can exercise these rights by contacting us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to users.

11. Contact

If you have questions about this Privacy Policy, please contact us:

XSTIR L.L.C.
Kulla e Zotnis, 40
Prishtinë, Kosovo
Phone: +383 45 645 305
Email: info@glinto.io