Legal

Privacy Policy

Last Updated: March 2026

Introduction

Glide Entry ("we", "us", or "our") is a company that provides event check-in services using facial recognition technology. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, and your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA).

This policy applies to all personal information collected through our website (glidentry.com), mobile applications, and related services.

Privacy Officer

Glide Entry has designated a Privacy Officer who is accountable for our compliance with PIPEDA and the handling of all personal information under our control, including biometric information.

You may contact our Privacy Officer with any questions, concerns, access requests, or complaints regarding your personal information or our privacy practices:

If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.

Information We Collect

We collect the following types of personal information:

  • Account Information: Name, email address, and authentication credentials when you create an account.
  • Biometric Data: Facial embeddings (mathematical representations of facial features) created when you enroll in facial recognition check-in. Transient facial images captured during check-in are processed in real time and are not stored beyond the verification transaction.
  • Event Data: Event registrations, attendance records, and check-in timestamps.
  • Usage Data: Device information, browser type, IP address, and interaction data collected through standard web technologies.
  • Support Communications: Messages and correspondence when you contact us for support.

How We Use Your Information

We use your personal information for the following purposes:

  • To verify your identity at event check-in using facial recognition
  • To manage event registrations and attendance records
  • To share your name, email, and check-in status with event organizers (see Data Sharing with Event Organizers below)
  • To communicate with you about your account and events
  • To maintain and improve the security and performance of our services
  • To comply with legal obligations, including PIPEDA and breach reporting requirements

Biometric Data

Biometric data is classified as sensitive personal information under PIPEDA. We collect and process biometric data only with your express, informed consent, which is obtained separately from your agreement to our general terms of service.

What We Collect

When you enroll in facial recognition check-in, your photo is processed to create a facial embedding — a mathematical representation of your facial features. The original photo is not retained after processing.

How It Is Protected

  • Encrypted in transit and at rest
  • Access is rate-limited and restricted to authorized systems for the stated purpose
  • Never sold to any party
  • Not shared with event organizers — only your check-in status is shared

Residual Risk

Unlike passwords, biometric data cannot be changed if compromised. We implement strict access controls, encryption, and monitoring to mitigate this risk.

Data Sharing with Event Organizers

When you register for an event through Glide Entry, we share certain personal information with the event organizer (the organization or individual hosting the event):

Information shared: Your name (as provided during registration), your email address, and your check-in status (whether you have arrived at the event).

What is NOT shared: We do not share your biometric data, facial embeddings, authentication credentials, or any personal information beyond your name, email, and check-in status with event organizers.

By registering for an event, you consent to the disclosure of your name, email address, and check-in status to the hosting event organizer for event management purposes. Event organizers who receive your personal information through Glide Entry are required under our terms of service to use that information solely for managing the specific event.

Cross-Border Transfers of Personal Information

Glide Entry is a Canadian company. Your personal information may be transferred to, stored, and processed in the United States by the following service providers:

Amazon Web Services (AWS) — United States

Stores and processes data including biometric templates, account information, and event records.

Clerk — United States

Provides authentication services. Processes your email address, name, and authentication credentials.

Cloudflare — United States / Global Network

Provides security and network infrastructure services. May process your IP address and connection metadata.

Vercel — United States

Hosts our web application. May process your IP address, browser information, and usage data through server logs.

Formspree — United States

Processes contact form submissions on our website. May process your name, email address, and the content of messages you submit through our contact form.

Grafana Labs — United States

Provides application monitoring and observability services (logs, metrics, traces). May process your IP address, device information, and usage identifiers associated with your account.

Google Play Store — United States

Distributes our Android mobile application. May process device information, crash reports, and app usage data.

Apple App Store — United States

Distributes our iOS mobile application. May process device information, crash reports, and app usage data.

Anthropic — United States

Provides AI-assisted tools used for operational debugging and incident investigation. May process your name, email address, user identifiers, and event activity metadata found in application logs.

Zoho — Canada (primary)

Provides email communication services. Data is primarily stored in Canada, with access from other countries for technical support purposes.

Important notice regarding foreign laws. When your personal information is transferred to the United States, it is subject to US law. Your information may be accessible to United States courts, law enforcement agencies, and national security authorities (including under the USA PATRIOT Act, the CLOUD Act, and other applicable US legislation).

Safeguards. We require appropriate contractual safeguards from our service providers to protect your information to a standard comparable to PIPEDA. Our service providers employ encryption in transit and at rest, access controls, and regular security auditing. Glide Entry remains responsible for the protection of your personal information regardless of where it is processed.

How Long We Keep Your Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Biometric Data (Facial Embeddings): Retained for the duration of your active enrollment with each organization. Deleted promptly when you withdraw consent through the app or by email request. Transient facial images captured during check-in are processed in real time and are not stored.
  • Account Information (name, email, authentication data): Retained for the duration of your account. Deleted within a reasonable period following account deletion.
  • Event Attendance Records: Retained for the duration of your account. Deleted when you delete your account.
  • Application Logs (non-biometric usage data): Retained for a limited period, then deleted or anonymized.
  • Support Communications: Retained for a reasonable period from the date of resolution.
  • Breach Records: Retained for a minimum of 24 months as required under PIPEDA s.10.3(1).

When personal information is no longer required, it is securely destroyed using methods appropriate to its sensitivity.

Your Right to Access and Correct Your Personal Information

Under PIPEDA, you have the right to:

  • Request confirmation of whether we hold personal information about you
  • Access your personal information, including biometric enrollment data
  • Receive an explanation of how your information has been used and to whom it has been disclosed
  • Request correction of inaccurate or incomplete personal information
  • Withdraw your consent to our collection, use, or disclosure of your personal information
  • Request deletion of your data (see Account Deletion)

How to Make a Request

Submit your access or correction request to our Privacy Officer at privacy@glidentry.com. To protect your privacy, we may ask you to verify your identity before processing your request.

Response Timeline

We will respond within 30 calendar days of receipt. If we require additional time, we will notify you within the initial 30-day period, explain the reason for the delay, and advise you of your right to complain to the Privacy Commissioner. Any extension will not exceed an additional 30 days.

Cost

We provide access to your personal information at no cost. In exceptional circumstances where costs may be incurred (e.g., extensive format conversion), we will inform you of the approximate cost in advance and you may withdraw your request.

If We Refuse Your Request

If we cannot provide access to some or all of your personal information, we will inform you in writing of the reasons for the refusal, as permitted under Section 9 of PIPEDA, and advise you of your right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or 1-800-282-1376.

Automated Decision-Making and Facial Recognition

How Our System Works

Glide Entry uses automated facial recognition technology to verify your identity at event check-in. The system captures a live image of your face and compares it against the biometric template you provided during enrollment. The system automatically generates a match or no-match determination used to authorize event entry.

Information Used

The automated decision is based solely on the comparison between your live facial image and your stored biometric template. No other personal characteristics (such as race, gender, age, or ethnicity) are used as factors in the matching decision.

Accuracy and Limitations

No biometric system is 100% accurate. False rejections and false acceptances can occur. We regularly test and monitor our system's performance to minimize errors and ensure it does not produce biased outcomes across demographic groups.

Your Right to Human Review

If the automated system cannot verify your identity or produces an incorrect result, you have the right to request human review. On-site event staff can manually verify your identity using alternative means (such as QR code check-in) and override the automated decision. You will not be denied event entry solely on the basis of an automated determination without the availability of human review.

Your Right to an Explanation

You may request an explanation of how a specific automated decision was made by contacting our Privacy Officer. We will provide information about the personal information used, the general logic of the system, and the principal factors that led to the result. If you believe a decision was incorrect, you may contest it and we will involve human decision-makers in the review.

Data Security

We implement industry-standard security measures including encryption in transit and at rest, access controls, and regular security audits to protect your data. Biometric processing uses service providers that maintain industry-standard security certifications. Access to personal information is restricted to authorized personnel on a need-to-know basis.

Breach of Security Safeguards

In the event of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will:

  • Notify you as soon as feasible with a description of the circumstances, the personal information involved, steps we have taken to reduce risk, and steps you can take to protect yourself
  • Report the breach to the Office of the Privacy Commissioner of Canada as required under PIPEDA s.10.1
  • Notify any third-party organization that may be able to reduce the risk of harm

We treat any breach involving biometric information as presumptively meeting the threshold for mandatory reporting and notification, given the high sensitivity of such data. We maintain records of all breaches for a minimum of 24 months as required by the Breach of Security Safeguards Regulations (SOR/2018-64).

If you believe your personal information has been compromised, contact our Privacy Officer immediately at privacy@glidentry.com.

Age Requirement

Glide Entry's services are intended solely for individuals 18 years of age or older. We do not knowingly collect biometric information or other personal data from individuals under 18. If we become aware that we have collected personal information from an individual under 18, we will promptly delete all associated data and terminate the account.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Where changes materially affect how we handle biometric data, we will seek renewed consent before applying the changes to your information.