Glimp (“we”, “us”) helps people reconnect with someone they crossed paths with (“a missed moment”) by posting a Glimp, matching, and chatting. This policy explains what personal data we process and your rights under the GDPR.
1. Data we collect
Account: email address, first name, password (hashed), and your confirmation that you are 18+ (optionally date of birth).
Content you create: Glimps (place/time, description of the moment, “about you”, vibes, optional photo), responses, chat messages, and photos you upload.
Location: approximate/precise device location when you post a Glimp, browse the map, or use the “met in real life” proximity check — only with your permission.
Matches & activity: matches, XP/progress, and the reports and blocks you make.
Technical: device/app information and logs needed to run and secure the service.
2. Why we use it (and legal bases)
To provide the service (accounts, posting Glimps, matching, chat) — performance of a contract.
Location features (map, nearby, proximity) — your consent.
Safety & moderation (reviewing reports, blocking, removing content, banning) — legitimate interest in a safe community and legal obligation.
You can withdraw consent (e.g. location) at any time in your device settings.
3. Content about other people
A Glimp is about someone you saw. You must not post information that identifies a non-consenting third party (e.g. full name, a recognisable photo of another person, contact details). Where content concerns another person, our legal basis is our and users’ legitimate interest in reconnecting, balanced against that person’s rights. Anyone can request removal of content about them via support@glimp.online; we act on such requests promptly.
4. Who we share data with
Other users: your first name and the Glimp you post are visible to others (a Glimp is a public “board” post). Your match sees your chat and shared photos.
Our public website: active Glimps (place, time, the description and vibes — not your name) may also be shown publicly on glimp.online to showcase recent activity. Ask us to exclude yours at any time via the contact address below.
Processors: we use Supabase (database, authentication, storage) and Resend (transactional email) as data processors, under data-processing agreements. Data is stored in the European Union.
Legal: authorities where required by law, or to prevent harm.
We do not sell your personal data.
5. Location data
Location is used only for the features above. We store the coarse coordinates of a Glimp and a recent location for the proximity check. You can disable location in your device settings (some features will then not work).
6. Photos
Photos are stored in private storage and are only accessible to authenticated users via short-lived signed links. Do not upload photos of other people without their consent, or any explicit/illegal content.
7. Retention
Glimps: active for 72 hours (extendable), then expired.
Chat messages: disappear after 24 hours.
Account & profile: kept until you delete your account.
Reports / safety records: kept as long as needed for safety and legal purposes.
When you delete your account, your personal data is deleted or anonymised, except where we must retain limited records by law.
8. Your rights (GDPR)
You have the right to access, rectify, erase, restrict, port, and object, and to withdraw consent. You can delete your account and all data in the app (avatar → Delete account). To exercise other rights, contact support@glimp.online. You may also lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens.
9. Security
We use encryption in transit, row-level access controls, hashed passwords, and private photo storage. No system is perfectly secure; please use a strong password.
10. Age
Glimp is strictly for users 18 and older. We remove accounts we learn are under 18.
11. Changes
We may update this policy; we’ll notify you of material changes in the app.