It's Glassbox not Glassdoor 
And no they do not say that they get their hands on this data. Besides, they say that their tools provide the means for masking sensitive data (i.e. if used properly sensitive data would not be captured in a first place). this is what they said:
Glassbox and its customers are not interested in "spying" on consumers. Our goals are to improve online customer experiences and to protect consumers from a compliance perspective. Since its inception, Glassbox has helped organizations improve millions of customer experiences by providing tools that record and analyze user activity on web sites and apps. This information helps companies better understand how consumers are using their services, and where and why they are struggling.
We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded -- just as contact centers inform users that their calls are being recorded.
Furthermore: No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources.
Glassbox meets the highest security and data privacy standards and regulations (e.g. SOC2, GDPR), and all data captured via our solution is highly secured and encrypted.
We provide our customers with the ability to mask every piece of data entered by a consumer, restrict access to authorized users, and maintain a full audit log of every user accessing the system.
While the statement does not say explicitly that Glassbox does not get this data, it does not say that they do either. I do not see the reason for them to be getting this data. They provide the tools that companies (like Air Canada) could use to improve their apps. And they can do it in a careful manner without endangering user's sensitive data.
And no they do not say that they get their hands on this data. Besides, they say that their tools provide the means for masking sensitive data (i.e. if used properly sensitive data would not be captured in a first place). this is what they said:
Glassbox and its customers are not interested in "spying" on consumers. Our goals are to improve online customer experiences and to protect consumers from a compliance perspective. Since its inception, Glassbox has helped organizations improve millions of customer experiences by providing tools that record and analyze user activity on web sites and apps. This information helps companies better understand how consumers are using their services, and where and why they are struggling.
We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded -- just as contact centers inform users that their calls are being recorded.
Furthermore: No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources.
Glassbox meets the highest security and data privacy standards and regulations (e.g. SOC2, GDPR), and all data captured via our solution is highly secured and encrypted.
We provide our customers with the ability to mask every piece of data entered by a consumer, restrict access to authorized users, and maintain a full audit log of every user accessing the system.
While the statement does not say explicitly that Glassbox does not get this data, it does not say that they do either. I do not see the reason for them to be getting this data. They provide the tools that companies (like Air Canada) could use to improve their apps. And they can do it in a careful manner without endangering user's sensitive data.