Privacy coverage for the public site, analytics, lead capture, onboarding, and workspace routing.

What the public domain processes

• Anonymous marketing attribution and first-party analytics signals such as landing path, referrer, approved campaign parameters, and public-page performance events.
• Contact-sales and request-demo submissions, follow-up preferences, and anti-abuse signals used to protect public forms.
• Workspace discovery identifiers such as workspace slug input or approved work email domains.
• Registration and provisioning details needed to create a tenant and its initial administrative account.
• Security verification and abuse-prevention signals required to protect discovery and login entry flows.
• Public-safe operational telemetry used to present status information without exposing private tenant content.

Why the data is used

Data collected on the public domain is used to measure which public pages and channels lead to meaningful product activity, route users into the correct tenant sign-in experience, provision new tenant environments, protect public entry and lead-capture routes, and keep a credible operational trust surface available for customers and evaluators.

Marketing analytics, attribution, and lead capture

GlossaryQ uses privacy-forward first-party analytics and attribution on approved public pages and may load approved conversion-measurement tags where configured so the platform can connect visits, demo engagement, registration progress, and lead-capture outcomes without indexing or copying tenant-owned business data. Campaign parameters, referrer context, anonymous marketing identifiers, and durable conversion events are stored centrally as platform-owned marketing data.

Lead-capture requests are processed through central marketing workflows. Public forms may use throttling, honeypot checks, minimum-submit-time checks, and reCAPTCHA Enterprise verification where configured to reduce abuse. Free-text lead notes are kept out of client-side analytics payloads.

How tenant data remains separated

Tenant users, tenant-local configuration, and tenant content are managed inside tenant boundaries rather than being duplicated into the public entry experience. The public domain stores only the shared platform information needed for routing, provisioning, billing coordination, and platform administration.

Cookies and browser state

The platform may store limited browser state such as a return-workspace shortcut, an anonymous marketing identifier, and attribution context under the platform-owned domain so returning users can be routed back to an active tenant safely and public conversions can be attributed without relying on invasive third-party trackers. Security, session, and anti-forgery controls may also use cookies where required for normal application behavior.

Public pages also expose a compact cookie settings control so visitors can choose Accept all, Decline, or Necessary only without disrupting access to the page itself. Necessary cookies remain available for security, routing, and sign-in continuity even when optional analytics cookies are turned off.

Retention and follow-through

Anonymous attribution profiles are retained for up to 180 days. Durable marketing conversion events are retained for up to 365 days. Central marketing lead records and their follow-up activity are retained for up to 365 days, after which stale records are removed through controlled retention workflows unless an approved operational or legal exception applies.

Operational and legal follow-through

Public-site privacy handling works alongside the service terms, security posture, and status communication model. Customers evaluating the platform should review those pages together to understand the full public trust surface and the specific behavior of public measurement and lead capture.