Privacy Policy

1. Introduction

Glimpse Inc. ("we," "our," or "us") operates the Glimpse service, an AI-powered video generation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using our service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our service.

Contact Information: If you have questions about this Privacy Policy, please contact us at support@example.com.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our service:

• Account Information: Email address (for delivery notifications and account management)
• Content: Photos you upload for video generation, recipient names, sender names, and personalization messages
• Payment Information: Processed securely through Stripe. We do not store full credit card numbers on our servers.
• Project Data: Template selections, scene approvals, music preferences, and other project-related information

2.2 Automatically Collected Information

We automatically collect certain information when you use our service:

• Usage Data: Analytics events including page views, template selections, funnel progression, and feature usage
• Technical Data: IP address, browser type, device information, operating system, and referring URLs
• Error Data: Error logs and crash reports (if Sentry is enabled) to help us improve service reliability

2.3 Generated Content

We generate and temporarily store AI-created content including:

• AI-generated likeness images
• Scene images and video clips
• Final assembled videos

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To generate, process, and deliver your personalized videos
• Communication: To send you email notifications about your project status, video completion, and service updates
• Payment Processing: To process payments and manage billing through Stripe
• Service Improvement: To analyze usage patterns, improve our AI models, and enhance service quality
• Support: To respond to your inquiries, provide customer support, and resolve technical issues
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the rights of others
• Security: To detect, prevent, and address fraud, security threats, and unauthorized access

4. Third-Party Services and Data Sharing

We use trusted third-party service providers to operate our service. These providers have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose:

4.1 Service Providers

• Supabase: Database and file storage. Your photos, videos, and project data are stored on Supabase's secure infrastructure with encryption at rest.
• Stripe: Payment processing. Payment information is handled directly by Stripe in accordance with PCI DSS standards. We do not store full credit card numbers.
• Resend: Email delivery service for transactional emails (payment confirmations, video ready notifications).
• Google Gemini: AI image generation service. Your photos and project details are sent to Google Gemini to generate scene images and likenesses.
• Sentry (Optional): Error tracking and monitoring service. Only enabled if configured, collects error logs and crash reports.

4.2 Data Sharing Limitations

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect our rights, property, or safety, or that of our users
• In connection with a business transfer (merger, acquisition, or sale of assets)
• With service providers who assist in operating our service (as described above)

5. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted at rest using Supabase's encryption infrastructure and in transit using TLS/SSL
• Access Controls: Row-level security policies restrict access to your data to authorized users only
• Secure Storage: Files are stored in secure, access-controlled storage buckets
• Payment Security: Payment processing complies with PCI DSS standards through Stripe

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your information only for as long as necessary to provide our service and comply with legal obligations:

• Source Photos: Deleted after final video is rendered or 7 days after upload, whichever comes first
• Generated Videos: Available for download for 30 days, then automatically deleted
• Project Metadata: Retained for billing, support, and legal compliance purposes. May be retained longer if required by law or for dispute resolution
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for service improvement purposes
• Payment Records: Retained as required by law and payment processor requirements (typically 7 years for tax and accounting purposes)

You may request deletion of your personal data at any time by contacting us at support@example.com. We will honor deletion requests subject to legal retention requirements.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing of your information for certain purposes

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

7.3 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access, rectification, erasure, and restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@example.com with your request. We will respond within 30 days (or as required by applicable law).

We may require verification of your identity before processing certain requests to protect your privacy and security.

8. Cookies and Tracking Technologies

We use minimal tracking technologies to provide and improve our service:

• Essential Cookies: Required for service functionality, such as session management and authentication
• Analytics: Internal analytics tracking to understand usage patterns and improve service quality (stored in our database, not third-party cookies)
• Error Tracking: If Sentry is enabled, error tracking cookies may be used to identify and resolve technical issues

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our service.

9. Children's Privacy

Our service is not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you believe we have collected information from a child under 13, please contact us immediately at support@example.com and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

By using our service, you consent to the transfer of your information to the United States and other countries where our service providers operate. We take appropriate safeguards to ensure your information receives adequate protection in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to registered users (for material changes)
• Displaying a prominent notice on our website

Your continued use of our service after any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may discontinue use of our service and request deletion of your data.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: