Glimpzo License Compliance Guide
Last updated: 16 November 2025
Disclaimer: This guide is informational and does not constitute legal advice. S2Y GLOBAL PRIVATE LIMITED strongly recommends obtaining legal review before app release to ensure compliance across jurisdictions.
Glimpzo is owned and operated by S2Y GLOBAL PRIVATE LIMITED.
CIN: U01199AP2025PTC121286
PAN: ABRCS3515R
TAN: VPNS31921B
Registered Office:
42-3/1-82 R.K. Puram,
Kallepalli Vari Street,
Gandhinagaram, Vijayawada,
Krishna District, Andhra Pradesh – 520003, India
1. Compliance Principles
- Track every third-party dependency: Flutter packages, Firebase SDKs, icons, fonts, scripts, build tools.
- Record licence details, attribution obligations, and approval status.
- Identify & avoid high-risk licences (GPL, AGPL, SSPL) unless explicitly approved by legal.
- Maintain provenance for all assets (icons, images, thumbnails, audio, video, fonts).
- Include required licence notices in-app, on the website, or bundled documentation.
- Review licences again before each major public release.
2. Inventory & Tracking (BOM)
Create an SPDX-style bill of materials (BOM) at docs/licenses/bom.csv that includes:
- Package / Asset name
- Version number
- Source (Pub.dev / npm / Google Fonts / GitHub / custom vendor)
- Licence identifier (MIT, BSD-3-Clause, Apache-2.0, OFL, etc.)
- Required obligations (copyright, attribution, NOTICE placement, modifications disclosure)
- Approval status + reviewer initials and date
- Risk category (Low / Medium / High)
3. Flutter & Dart Dependencies
| Category | Example Packages | Licence | Obligations |
|---|---|---|---|
| Core Framework | flutter, dart |
BSD-style | Include Flutter licence in acknowledgements |
| State Management | flutter_bloc, equatable |
BSD-3-Clause | Preserve original licence text |
| Code Generation | freezed, json_serializable |
BSD/MIT | Retain notices and avoid misrepresenting modifications |
| Firebase SDKs | firebase_core, firebase_auth, cloud_firestore, firebase_storage, firebase_messaging, firebase_analytics, firebase_crashlytics |
Apache-2.0 | Include Apache licence text + state whether code was modified (usually no) |
| Storage / Cache | hive, path_provider |
Apache-2.0 / BSD | Include their NOTICE files if applicable |
| UI Assets | google_fonts, icon packs |
SIL OFL / custom | Attribute font creators; check icon usage rights carefully |
This table must be updated whenever new packages are added.
4. Native Mobile & Build Tooling
- Android Gradle: Export all transitive dependencies + licences from
./gradlew app:dependencies. - CocoaPods (iOS): Export
Pods-licenses.txtand include required texts. - Bundled Scripts: Ensure any included binaries or scripts have redistribution rights.
5. Asset Licensing Checklist
- Icons & Logos: Use original work or commercially licensed packs only.
- Fonts: Document all font licences (especially OFL) and include attribution in-app.
- Stock Media: Store all receipts and proof of licence.
- User Content: Terms of Service must secure rights while retaining user ownership.
6. Open Source Contributions
- Maintain a
CONTRIBUTING.mdthat requires contributors to submit only original or properly licensed work. - Optional: Require a Contributor License Agreement (CLA) to secure ownership/usage rights.
7. Attribution Implementation
- Add a “Licences” screen inside the app using Flutter’s
showLicensePagefunction. - Include a
docs/legal/THIRD_PARTY_NOTICES.mdfile with full required texts. - Add a link in Settings → Legal pointing to this guide and notices.
8. Compliance Workflow
- Dependency Scan: Run
flutter pub deps+ Gradle audit + CocoaPods licence export. - Legal Review: Every new dependency must be approved.
- Risk Classification: Flag GPL, AGPL, SSPL, proprietary or unknown licences.
- BOM Update: Record new packages, versions, licences, approvals.
- Pre-Release Verification: Ensure acknowledgements, NOTICE files, and in-app displays are complete.
- Quarterly Archival: Save BOM snapshots and compliance reports in internal repo.
9. Enforcement & Escalation
- Non-compliant or high-risk packages must be removed or replaced immediately.
- GPL/AGPL/SSPL packages must be escalated to legal before usage.
- Maintain compliance logs for at least 3 years (evidence of due diligence).
10. Contact
Email all licensing-related matters to: legal@glimpzo.com
Subject format: “License Review – [Package Name]”