🔒 Glimpzo Privacy Policy

Made in India 🇮🇳

Privacy Policy

Last updated: October 20, 2025

🔒 Client-Side Encrypted ✅ GDPR Compliant 🚫 No Data Selling

👋 Overview

Welcome to Glimpzo! We're a Made in India social platform committed to protecting your privacy. This policy explains what we collect, why we collect it, and how we keep it secure.

Our core privacy principles

  • Your data belongs to you — we never sell personal information.
  • Security first — all messages are encrypted on your device before upload.
  • Minimal collection — only what is necessary for the experience.
  • Transparency — we communicate clearly about our practices.
  • Your control — delete or export your data anytime.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, phone number (optional), username, profile picture, bio
  • Content: Posts, photos, videos, comments, likes, messages (encrypted on-device), stories
  • Contacts: Contact list for friend suggestions (only with explicit permission, can be disabled)

1.2 Information We Collect Automatically

  • Device Information: Device model, OS version, app version, device identifiers, language preferences
  • Usage Data: App interactions, features used, crash reports (anonymized), performance metrics, login/logout timestamps
  • Network Information: IP address (for security), connection type, city/country level location

2. How We Use Your Information

  • Provide Core Services: Account management, social features, secure message delivery, content distribution
  • Send Notifications: Likes, comments, followers, message alerts, important updates
  • Security & Safety: Prevent spam/abuse, detect fraud, enforce community guidelines, protect minors
  • Improve Our Service: Analytics, bug fixes, new features, optimize performance
  • Personalization: Relevant content recommendations, friend suggestions, language preferences

3. How We Share Your Information

We DO NOT sell your data. We share information only in these limited cases:

3.1 With Other Users

  • Public posts are visible to all users
  • Profile information visible based on privacy settings
  • Messages visible only to recipients (encrypted)

3.2 With Service Providers

  • Firebase/Google Cloud: Hosting, database, authentication
  • Cloudflare R2: Media storage (images/videos)
  • Analytics Providers: Anonymized usage data only

3.3 For Legal Reasons

  • Compliance with laws and regulations
  • Response to valid legal requests
  • Child safety (CSAM reporting to NCMEC)
  • Enforce Terms of Service

4. Data Security

We implement industry-standard security measures:

  • End-to-End Encryption: Messages encrypted on-device using AES-256
  • HTTPS/TLS: All data in transit is encrypted
  • Firebase Security Rules: Database access controls
  • Regular Audits: Security reviews and vulnerability assessments
  • Secure Storage: Encrypted cloud storage for media

5. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update or correct your information
  • Deletion: Delete your account and data
  • Portability: Export your data in standard formats
  • Object: Opt out of certain data processing
  • Withdraw Consent: Revoke permissions (e.g., contacts access)

How to Exercise Your Rights:

  • In-app: Settings → Privacy & Security → Manage Data
  • Email: privacy@glimpzo.com
  • We respond within 30 days

6. Data Retention

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: Most data deleted within 90 days (some logs retained for legal/security purposes)
  • Messages: Encrypted messages stored until deletion or 1 year of inactivity
  • Backups: Deleted data removed from backups within 180 days

7. Children's Privacy

Minimum Age: 13 years (COPPA, GDPR-K, Indian IT Rules compliant)

  • Users under 13 are prohibited and accounts will be terminated
  • Users 13-17 have default private accounts
  • Parental consent required for certain features (under 18)
  • Restricted DM settings for minors
  • Additional protections outlined in Child Safety Standards

8. International Data Transfers

Glimpzo is based in India. Your data may be transferred to and processed in:

  • India (primary data center)
  • United States (Firebase/Google Cloud, Cloudflare)
  • European Union (backup servers)

We use Standard Contractual Clauses (SCCs) and ensure GDPR-adequate protections for EU users.

9. Cookies & Tracking

We use minimal cookies and tracking technologies:

  • Essential Cookies: Login sessions, security features (cannot be disabled)
  • Analytics Cookies: Anonymized usage data (can be disabled in settings)
  • No Third-Party Advertising: We don't use ad networks or tracking pixels

10. Third-Party Services

We integrate with these third-party services:

  • Firebase (Google): Authentication, database, hosting, analytics
  • Cloudflare R2: Media storage and CDN
  • Azure Content Safety: CSAM detection (metadata only, no content stored)

Each service has its own privacy policy. We select vendors committed to data protection.

11. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt out of sale (we don't sell data)
  • Right to non-discrimination for exercising rights

Contact: privacy@glimpzo.com with "CCPA Request" in subject

12. European Privacy Rights (GDPR)

If you're in the EU/EEA, you have these rights under GDPR:

  • Right to access, rectification, erasure ("right to be forgotten")
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge complaint with supervisory authority

Legal basis for processing: Contract performance, legitimate interests, consent (where required)

13. Indian Privacy Compliance

We comply with India's Information Technology Act, 2000 and Rules 2011:

  • Reasonable security practices (Rule 8)
  • Sensitive personal data protections
  • Data retention and deletion procedures
  • Grievance officer contact: legal@glimpzo.com

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be:

  • Posted in-app with notification
  • Updated on this website
  • Emailed to users for material changes
  • Effective 30 days after posting (unless immediate action required)

Continued use after changes constitutes acceptance.

15. Contact Us

Questions, concerns, or requests regarding privacy:

Email: privacy@glimpzo.com
Data Protection Officer: legal@glimpzo.com

Mailing Address:
S2Y GLOBAL PRIVATE LIMITED
Privacy Team
42-3/1-82 R.K. Puram, Kallepalli Vari Street
Gandhinagaram, Vijayawada
Krishna District, Andhra Pradesh – 520003
India

🔗 Related Documents