Glimpse Privacy Policy
DRAFT — REQUIRES LEGAL REVIEW BEFORE PUBLICATION. This document was drafted as a starting point for review by qualified counsel. Do not ship to production users without a lawyer's pass. Particular care needed on: jurisdiction-specific clauses (GDPR / UK GDPR / CCPA / Australian Privacy Principles), the data-transfer / processor list (Firebase, Google Places, Gemini, EAS), and the children's privacy / under-13 / under-16 language.
Effective date: DRAFT — replace on publication Operator: Glimpse (the "Service"), operated by Syncraflow / Takudzwa Makoni ("we", "us", "our"). Contact: privacy@glimpse.app
This Privacy Policy describes what personal information Glimpse collects, how we use it, who we share it with, and the choices you have. Words like "you", "your", and "user" mean the natural person using the Service.
1. What we collect
1.1 Account data
- Email address — required to create an account; used for sign-in, security notifications, and account-recovery emails.
- Username + display name — public identifiers you choose.
- Phone number — only when you choose phone sign-in; used as an authentication factor, not for marketing.
- Avatar / bio — optional self-supplied profile content.
- Firebase UID — an internal identifier assigned by Firebase Authentication. Never displayed.
1.2 Content you create
- Saved places, visits, items (dishes), notes, photos, collections, shares. This is the core data Glimpse exists to store and surface back to you.
- Provenance / sources — when you save a place, we ask "where did you hear about this?" so you can credit the friend, post, or list that recommended it.
1.3 Imported content
- URLs you submit (Instagram / TikTok / Maps links etc.) — we fetch the page metadata, send it to our AI extraction provider (Google Gemini) to identify places mentioned, then store the resulting structured data. The original URL and extraction result are kept so re-imports are deduplicated.
1.4 Device and usage data
- Device type, OS version, app version, locale, timezone.
- Approximate IP address — used for security (rate limiting, abuse detection, audit logging) and to derive coarse geolocation for content delivery.
- Crash reports via Firebase Crashlytics — stack traces, device state, recent user-actions trail. We do not include the content of your saves or notes.
- Product analytics via Firebase Analytics — page views, taps on key actions, feature usage counts. We do not collect the content of your notes or messages. You can disable analytics collection at any time in Settings → Privacy.
1.5 Optional location data
- If you grant location permission, your device location is used in-memory to centre the map around you and surface nearby saved places. We do not store a continuous location history. We store the postcode you optionally enter as your "home area" so the map can centre on a sensible region before you grant permission.
1.6 Push tokens
- When you accept push notifications, your device's FCM token is stored against your account so we can deliver share and planned-visit reminders. You can revoke push permission in OS settings; we delete the token on revocation.
1.7 Information from third parties
- Google Places — when you save a place, we look it up against Google Places to enrich the record with the canonical name, address, geocoordinates, photos, and rating. Google receives the search query.
- Mapbox (when configured) — alternative place lookup provider. Same flow as Google Places.
2. Why we collect it (lawful bases under GDPR / UK GDPR)
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Lawful basis |
|---|---|
| Providing the Service (storing your saves, displaying your map, delivering shares) | Contract — to perform the Terms of Service you agreed to |
| Authentication + account recovery | Contract + legitimate interest in account security |
| Abuse prevention, rate limiting, audit logging | Legitimate interest in keeping the Service secure |
| Product analytics + crash diagnostics | Consent (you can opt out in Settings) + legitimate interest in fixing bugs |
| Push notifications you opted into | Consent |
| Legal compliance (responding to lawful requests, DMCA) | Legal obligation |
For Australian users, the Australian Privacy Principles apply; this table maps roughly to APP 3 + APP 6 purposes. For California users, see Section 8 below on CCPA.
3. Who we share data with
Glimpse does not sell personal data. Period.
We do share data with the following categories of processors who help us operate the Service:
- Google Cloud / Firebase — hosting (Cloud Run), database (Cloud SQL for Postgres), authentication (Firebase Auth), file storage (Firebase Storage), analytics (Firebase Analytics), crash reporting (Crashlytics), push delivery (Firebase Cloud Messaging). Subject to Google's data-processing terms.
- Google Generative AI (Gemini) — when you import a URL or paste text, the content is sent to Gemini to extract place mentions. Gemini is configured under our paid API key (not the free consumer surface), which means Google does not use your content to train models. The extracted result is stored on our database; the input is not retained by Google past the request lifecycle, per Google's stated terms for paid API use.
- Google Places API — receives search queries (place names, partial addresses) to return canonical place records.
- Mapbox (when enabled) — alternative place lookup provider.
- EAS (Expo Application Services) — mobile build delivery + over-the-air updates. EAS sees app metadata, not your account content.
- Apple App Store / Google Play — when you make a purchase through their stores, they handle billing per their own policies. We receive only the subscription state, not your payment details.
We share data with other users of the Service when you direct us to: shares, public link views, follower visibility on your profile. We never share private content with other users without your action.
We may share data with law enforcement or other parties when legally compelled (subpoena, court order, lawful regulatory request). We will challenge overly broad requests and will notify you unless prohibited by law.
We may share aggregated, de-identified data (e.g. "X% of users in Adelaide save Italian restaurants") in research or marketing contexts. This is data from which you cannot be identified.
4. International transfers
Our infrastructure runs in Google Cloud regions which include the United States. If you are located outside the US, your data will be transferred to and processed in the US. We rely on:
- Google's Standard Contractual Clauses for EU / UK transfers.
- Australian Privacy Principles Cross-Border Disclosure for Australian users (APP 8): Google has equivalent privacy protections to APPs.
5. Retention
- Account data is retained while your account is active.
- Audit log entries are retained for 90 days then pruned.
- Backups (Cloud SQL automated backups) are retained for 7 days.
- Account deletion is immediate and cascades through every owned row (saves, visits, items, collections, shares, follows, activities, exports). Backups age out within 7 days.
- Sources (your recommendation attributions to friends) are cross-user data — if you delete your account, your name is removed from sources attributed to you, but the source record itself stays on the friend who saved the place.
6. Your rights
Depending on your location you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (right to erasure). The in-app Settings → Danger Zone → Delete account is the fastest way.
- Export your data (right to portability). Settings → Data & Privacy → Export My Data produces a Markdown bundle. Larger or alternative format requests: privacy@glimpse.app.
- Object to certain processing (e.g. analytics — toggle off in Settings → Privacy → Share usage data).
- Withdraw consent for any consent-based processing at any time, without affecting the lawfulness of past processing.
- Lodge a complaint with your supervisory authority. Australian users: oaic.gov.au. UK users: ico.org.uk. EU users: see your national DPA.
We respond to verifiable requests within 30 days.
7. Children
Glimpse is not intended for children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children below these ages. If you believe a child has provided us with personal data, contact privacy@glimpse.app and we will delete it.
8. California residents (CCPA / CPRA)
Glimpse does not sell or share (as those terms are defined under CCPA / CPRA) personal data. California residents have the same access / deletion / correction rights described in Section 6, plus the right not to be discriminated against for exercising them.
To request information about the categories of personal data we collected in the prior 12 months and the categories of recipients, email privacy@glimpse.app.
9. Security
We use industry-standard security: HTTPS / TLS for all network traffic; encrypted-at-rest storage in Google Cloud; Helmet HTTP headers; rate limiting; input sanitisation; Trivy container scans on every deploy; weekly Dependabot updates; SSRF protections on URL imports; structured authorization on every endpoint; shared-secret cron auth; audit logging on sensitive actions.
No system is ever 100% secure. If you become aware of a vulnerability, please report it to security@glimpse.app.
10. Changes
We may update this Policy. Material changes will be announced in-app and by email to the address on file at least 14 days before they take effect. The "Effective date" at the top is the canonical version marker.
11. Contact
- Privacy questions: privacy@glimpse.app
- Account deletion: Settings → Danger Zone → Delete account
- Data export: Settings → Data & Privacy → Export My Data
- DMCA / copyright: see the separate DMCA Policy