Privacy Policy

1. Introduction

Glint is operated by Vector9, based in Egypt and Canada. This privacy policy covers all data collected through glint.pics and related services.

By creating an account or using Glint, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

2. Information We Collect

2a. Account Information

When you sign up via Google, we receive:

• Your name (from your Google account)
• Your email address (from your Google account)
• Your profile photo (from your Google account)

We do not collect passwords. Google OAuth handles all authentication.

2b. Event Information

Information you provide when creating events:

• Event names and descriptions
• Event dates and locations
• Cover images you upload
• Custom QR code settings

2c. Upload Metadata

When guests upload files, we collect:

• File names, sizes, and types
• Guest names (if they choose to provide one)
• Guest messages (if enabled)
• Upload timestamps
• IP addresses (for rate limiting only, not stored long-term)

We do not store the actual photo or video files. They go directly to the host's Google Drive.

2d. Payment Information

Payment processing is handled entirely by Stripe.

• We store: Stripe customer ID, purchase records (date, plan, amount)
• We do not store: credit card numbers, bank details, or billing addresses

2e. Usage Data

• Pages visited, features used, time spent (anonymized and aggregated)
• Browser type, device type, operating system (anonymized and aggregated)

This data is used to improve the product, not to identify individual users.

3. How We Use Your Information

We use the information we collect to:

• Provide the service (upload files to your Google Drive, send emails, process payments)
• Send transactional emails (welcome, upload notifications, payment receipts)
• Improve the product (using aggregated, anonymized usage patterns)
• Prevent abuse (rate limiting, content moderation)

We do not:

• Sell your data to third parties
• Use your photos for any purpose (we don't even have access to them)
• Share your data with advertisers
• Use your data for AI training
• Profile you for marketing purposes

4. Google Drive Access

We request the drive.file scope only. This means:

• Glint can only access files that Glint itself created
• We cannot read, view, modify, or delete any other files in your Drive
• We cannot browse your Drive contents

We use this access to create folders for your events and upload guest photos and videos into them.

You can revoke access at any time from your Google Account permissions page or from your Glint account settings. If you revoke access, existing files remain in your Drive. We never delete files from your Drive.

5. Data Storage and Security

• Account data and event metadata: stored in Supabase (PostgreSQL on AWS, encrypted at rest)
• Google Drive refresh tokens: encrypted with AES-256-GCM before storage
• Cover images: stored in Supabase Storage (encrypted at rest)
• Photo and video files: stored in your Google Drive, not on our servers
• Data in transit: all connections use HTTPS (TLS 1.2+)
• API protection: all routes protected by authentication and rate limiting

We do not have access to view the actual photos guests upload. They go directly to your Google Drive.

6. Third-Party Services

We use the following third-party services to operate Glint:

We do not share your personal data with these services beyond what is necessary for them to perform their function.

7. Data Retention

• Account data: retained while your account is active
• Event data and upload metadata: retained while the event exists
• Files in Google Drive: your property. We never delete them. They persist even if you delete your Glint account.
• On account deletion: all account data, event data, and upload metadata are permanently deleted within 30 days. Files in your Drive remain.
• Stripe records: Stripe retains payment records per their own retention policy

8. Your Rights

You have the right to:

• Access your data: view your account info, events, and upload records in the dashboard
• Export your data: your files are already in your Google Drive. We can provide a data export of your account and event metadata on request.
• Delete your data: delete your account from the account settings page. This removes all Glint data. Files in your Drive remain.
• Revoke Google Drive access: from your account settings or from Google's permissions page
• Unsubscribe from non-essential emails: use the unsubscribe link in any batch email

To exercise any of these rights, email hello@glint.pics.

9. Cookies and Local Storage

• We use essential cookies for session management (Supabase auth session)
• We use localStorage for user preferences (language selection, selected event)
• We do not use tracking cookies, advertising cookies, or third-party analytics cookies

No cookie consent banner is required because we only use cookies that are strictly necessary for the service to function.

10. Children's Privacy

Glint is not intended for children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us at hello@glint.pics and we will delete it.

11. International Data Transfers

Glint's services are hosted globally (Vercel edge network, Supabase on AWS). Data may be processed in the United States, European Union, or other regions. By using Glint, you consent to your data being transferred to and processed in these regions.

12. Changes to This Policy

We will update this policy as needed. Significant changes will be communicated via email to all account holders. Continued use of Glint after changes constitutes acceptance. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy questions or data requests, email hello@glint.pics.

Glint is operated by Vector9.