Applies to all applications published under the glbxai.com domain. Operator: matthew.bunce@globant.com. Last updated 2026-05-05.
This policy covers the personal data processed by every application served under the glbxai.com domain (the "applications"). The current list of applications is published at https://legal.glbxai.com/. The applications are internal or restricted-access tools served behind Google Cloud Identity-Aware Proxy (IAP); they are not consumer services.
The applications are operated by the holder of the glbxai.com domain on behalf of the relevant business owner of each application. The same operator and the same data-handling practices described in this policy apply to every application. Where an individual application processes specific categories of data not covered by this umbrella policy, that application surfaces an additional notice at the point of use.
me-central2 (Dammam, Saudi Arabia) and are retained for 400 days, after which they are deleted automatically.me-central2 under retention rules specific to the application. Per-application retention is documented at https://legal.glbxai.com/. Unless an application explicitly states otherwise, you should not submit personal data, payment-card data, government-issued identifiers, health data, or other regulated personal information.global Vertex AI endpoint, which does not guarantee a single processing region. Google does not retain prompt or response content beyond the request lifecycle for the on-demand Gemini 2.5 traffic these applications use; abuse-monitoring logs and any cached data Google retains for service operation are stored in the same at-rest region as the underlying Google Cloud project (me-central2).We do not sell or rent personal data. We share data with two categories of recipients:
We do not transfer personal data outside this scope without a separate written agreement.
The data plane of every application — storage, secrets, container registry, application logs — is pinned to Google Cloud region me-central2 in Saudi Arabia. The applications run on Google's global load balancer and global IAP control plane. Where machine-learning analysis is used, the Vertex AI request is routed via Google's global endpoint, as described above.
If you have signed in to one of the applications and want a copy of the personal data we hold about your access, or you want it deleted, contact us at the address below. We will respond within 30 days.
All traffic is encrypted in transit with TLS 1.2+. All data at rest is encrypted with AES-256 (Google-managed keys). Access requires a Google identity that has been explicitly granted IAP access by an administrator. Administrative actions on the underlying Google Cloud resources are recorded by Google Cloud Audit Logs.
Questions, access requests, or concerns: matthew.bunce@globant.com.
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated to authorised users of the affected applications.