Privacy Policy

About this policy

Glossary.dev (“Glossary,” “we,” “our,” or “us”) is committed to protecting your privacy and handling personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you and the people in your household use our learning tutor app at app.glossary.dev and our iPad app.

Who we are

Glossary.dev is operated by Coovee Pty Ltd (ABN 25 686 831 327), based in Sydney, Australia. Our Privacy Officer is Glen Maisey.

Privacy Officer — Glen Maisey
Email — privacy@glossary.dev
Website — https://glossary.dev

What we collect

Information you provide

Account information. When you sign in with Google or with an email magic link, we receive your name, email address, and (from Google) your profile photo.
Learner profiles. The names and any preferences you set for the people in your household (for example a child’s first name and reading level). You choose what to enter.
Learning content. The terms each learner studies and everything attached to them: their confidence on each term and how it changes over time, quiz answers and the tutor’s judgement of them, their conversations with the tutor, a record of how the learner likes to learn, sources they save (such as articles, documents, and links), and materials the tutor generates such as diagrams, images, and audio.
Voice input. If a learner uses voice mode, their spoken audio is streamed to our AI provider in real time and a text transcript is saved to their learning record.
Communications. Feedback, support requests, and anything you send us directly.

Information collected automatically

Usage data. How you interact with the app, which features you use, and what you swipe through in the learning feed.
Technical and log data. IP address, browser and device type, operating system, access times, and actions taken in the app, used for security, debugging, and keeping the service running.

Unsolicited personal information

The tutor is open-ended, so a learner may type or say personal information we did not ask for (about themselves or someone else). When we become aware of unsolicited personal information that is not reasonably necessary for the service, we will delete or de-identify it as soon as practicable, unless we are required by law to keep it. If you included something you did not mean to, you can delete it in the app or contact us at privacy@glossary.dev.

Children and family use

Glossary is built to be used by children as well as adults — times tables and spelling for a seven-year-old, harder concepts for an adult, with one tutor that meets each learner where they are. Because of that, how we treat children’s information is central to this policy, not an afterthought.

A verifying adult is always in charge of the household. Only an adult (18 or over) can create a Glossary account. The account owner creates each learner profile, including profiles for children in their care, and in doing so consents on the child’s behalf to the collection and use of that child’s information as described here, including processing the child’s input by our AI providers.

Children do not hold their own login. Child profiles sit inside the adult’s household and are reached on a trusted device by tapping a name — there is no separate username or password issued to a child.
The household is the privacy boundary. Members of the same household can see each other’s learning records. This is by design so a parent can follow a child’s progress; it is not a security wall between family members.
Parents stay in control. The account owner can view, edit, export, and delete any learner profile and all of its data at any time from the app, or by contacting us.
We do not advertise to children and we do not use children’s learning content to build marketing profiles.

If you believe a child has been given access without a responsible adult’s involvement, contact us at privacy@glossary.dev and we will act promptly.

How we use it

To provide the service

Create and manage your account and household.
Run the tutor: answer questions, quiz the learner, judge their reasoning, plan their feed, and keep their learning record up to date.
Generate explanations, diagrams, images, and spoken audio on request.
Provide support and respond to your messages.

To improve and secure the service

Understand which features help learning and fix what doesn’t.
Diagnose errors and monitor quality and cost of AI usage.
Protect against fraud, abuse, and unauthorised access.

To communicate with you

We send service messages you cannot opt out of because they are required to run your account — sign-in links, security notices, and important changes to the service or this policy. We do not currently run a marketing email program; if we introduce one, it will be opt-in, will identify us clearly, and every message will let you unsubscribe.

Legal basis (Privacy Act 1988)

We collect and handle personal information to deliver the service you ask for (APP 3 and APP 6), disclose it across borders only with appropriate safeguards (APP 8), and obtain consent — including a parent’s consent for a child — where consent is the appropriate basis.

AI and automated processing

Glossary is an AI tutor, so using it necessarily sends learning content to AI providers. AI processing happens when a learner actively uses an AI feature (asking a question, taking a quiz, generating a picture, speaking in voice mode, or loading the feed).

Our AI providers

We currently use:

Google (Gemini, via Google Vertex AI) for the core tutoring features, including text and voice tutoring, quizzing, and generated visuals. The learner’s message or audio and the context the tutor needs from their learning record are sent to Google for that request.
xAI (Grok) for a background feature that searches publicly available sources to suggest new things to learn. It does not receive your private learning record.

To give learners the best result, we may add, change, or replace AI providers over time to use the model best suited to a given task. Any provider we use is required to protect your information, to use it only to return a result for your request, and not to use your private content to train its own models. We will keep this policy current with the providers we rely on, and we will tell you before making a change that materially affects how your information is handled.

Logging and safeguards

Requests to and responses from Google’s models are logged to our Google Cloud account so we can debug, measure quality, and control cost. These logs stay within Google Cloud and are not shared onward.
The tutor makes automated judgements about a learner’s understanding (for example raising or lowering a confidence rating after a quiz). These judgements only affect the learning experience; they are visible to the learner and can be corrected.
We do not use your private learning content to train third-party foundation models. AI providers process it to return a result for your request under their enterprise terms.

Within your household

Members of your household can see the learning records in that household, as described under “Children and family use.”

Service providers

We rely on trusted providers, each contractually bound to protect your information and use it only to provide their service to us:

Google Cloud Platform — application hosting and infrastructure (Sydney, Australia).
Supabase — authentication and the hosted database that stores learning records.
Google (Vertex AI) — AI processing for tutoring features.
xAI — AI processing for the Daily Curate source-discovery job only.
Resend — delivery of sign-in and account emails.
Google Drive — only if you choose to connect your own Drive storage (see below).
Telegram — a private operational alert to us when an account is created or signs in.

Legal requirements

We may disclose personal information when required by law or where we reasonably believe it is necessary to comply with a legal obligation or court order, to protect our rights, property, or safety, or to investigate fraud or a security incident.

We do not sell your personal information, and we do not use third-party advertising or analytics trackers.

Where your data lives

Your learning records are kept as plain, human-readable markdown — a deliberate design choice so your learning stays portable and isn’t locked into a format only we can read.

Hosted vault (default). Records are stored in our Supabase database and supporting Google Cloud storage. This is where your data lives unless you connect your own storage.
Connect your own storage (optional, rolling out). We are building options to keep your learning files in storage you control, such as Google Drive or, on iPad, Apple iCloud. If you turn one of these on, your files are additionally stored there under your account and that provider’s terms apply. Connecting Google Drive uses a permission limited to files the app creates.

External tools you connect

Glossary can let an external AI tool that you choose to connect access your learning record — for example a desktop or coding assistant. This only happens after you authorise it through a sign-in and consent step. Once authorised, that tool can read your learning record and record quiz results on your behalf. You are responsible for the tools you connect and for revoking access when you no longer want them to have it.

International data transfers

Our application and database are hosted in Australia (Google Cloud and Supabase, Sydney region). Some providers necessarily process data outside Australia:

Google (Vertex AI) and xAI may process AI requests outside Australia, including in the United States.
Resend processes account email outside Australia.

Where we disclose personal information overseas, we take reasonable steps (including contractual data-protection terms) to ensure it is handled consistently with APP 8 and the Australian Privacy Principles.

Data security

Encryption in transit (TLS) and at rest using our cloud providers’ standard encryption.
Authentication and access controls based on verified sign-in tokens, with household-level isolation between accounts.
Locked-down infrastructure — backend services are reachable only through our load balancer, not directly.
Monitoring and logging to detect and respond to issues.

No system is perfectly secure, and Glossary is an early-stage product (see “Beta status”). We work to protect your information but cannot guarantee absolute security.

Your rights and choices

Under the Australian Privacy Act you can:

Access the personal information we hold about you.
Correct information that is inaccurate or out of date — much of it you can edit directly in the app.
Export a learner’s data in a portable format.
Delete a learner profile, or your whole account, and the associated data.
Complain about how we have handled your information.

You can do most of this yourself in the app. For anything else, contact privacy@glossary.dev. We aim to acknowledge requests within 48 hours and to provide a substantive response within 30 days. We will not disadvantage you for exercising these rights.

Data retention

We keep personal information only as long as we need it:

Active accounts — while your account is active, so your learning record persists between sessions.
After deletion — when you delete a profile or account, we remove the associated data from active systems promptly.
Backups — residual copies in encrypted backups are cycled out on a rolling schedule.
Legal holds — we keep information longer only where the law requires it.

Data breach notification

If a data breach occurs that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme: we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, describing what happened, what information was involved, what we are doing about it, and what steps you can take to protect yourself.

Cookies and tracking

We use only the essential cookies and local storage needed to keep you signed in and to keep the app secure. We do not use advertising, analytics, or cross-site tracking cookies. Disabling essential cookies will prevent the app from working.

Beta status

Glossary is currently offered as a free, early-stage beta to a small group of users. Features, data handling, and this policy may change as the product develops. We will keep this page current and date every revision.

Changes to this policy

We may update this policy to reflect changes in our practices or the law. When we make a significant change we will update the “Last updated” date above and, for material changes, notify you in the app or by email. Continuing to use Glossary after a change takes effect means you accept the updated policy.

Contact and complaints

For any privacy question, access or deletion request, or complaint, contact our Privacy Officer:

Glen Maisey, Privacy Officer
privacy@glossary.dev

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner:

OAIC — enquiries@oaic.gov.au
Phone — 1300 363 992
Web — https://www.oaic.gov.au

This Privacy Policy is effective 15 June 2026.