GDPR

GDPR and UK GDPR Notice

This notice supplements our Privacy Policy with the specific information required by the General Data Protection Regulation (EU GDPR) and the UK GDPR. It explains the categories of personal data we process, our lawful bases, and the rights you can exercise as a data subject.

Effective date: 15 May 2026 · Last updated: 15 May 2026

1. Scope

This notice applies whenever we process personal data about you in the course of providing glimpses, and you are located in the European Economic Area, the United Kingdom, or Switzerland. It also applies to people outside those regions whose personal data is processed in connection with goods or services we offer to people inside those regions.

2. Data controller

The data controller for the personal data covered by this notice is Anees, an independent software developer operating glimpses (referred to as "we" or "us"). We can be reached at support@getglimpses.com.

For your journal entries and photos stored inside your own Dropbox account, Dropbox is the data processor in respect of those files, on your direct instruction. We do not receive a copy of that content.

EU and UK representative We are below the threshold that requires the appointment of a formal Article 27 GDPR representative or a Data Protection Officer. You can reach us directly using the contact details above, and our response time is the same as for any data subject request.

3. Categories of personal data

We process the following limited categories of personal data:

Account identifiers: Dropbox account ID, display name, and OAuth refresh token, returned by Dropbox when you sign in.
Purchase records: Stripe transaction ID, billing country, and amount paid.
Support correspondence: the content of emails you send us and our replies.
Hosting access logs: short-lived technical logs from our hosting provider, including IP address, user agent, and timestamp.

We do not process special categories of data (Article 9 GDPR) on our servers. If you choose to write about, for example, your health or political opinions in your journal, that content stays inside your Dropbox, not on our infrastructure.

4. Lawful bases

Processing	Lawful basis
Authenticating you via Dropbox and running sync	Performance of a contract (Article 6(1)(b))
Processing a lifetime purchase through Stripe	Performance of a contract (Article 6(1)(b))
Keeping records of purchases for tax purposes	Legal obligation (Article 6(1)(c))
Replying to your support email	Performance of a contract (Article 6(1)(b)), or legitimate interests (Article 6(1)(f)) if you write to us before purchase
Keeping the website online and safe from abuse	Legitimate interests (Article 6(1)(f))

5. Your rights

Under the EU GDPR and the UK GDPR you have the following rights, which we honour for everyone regardless of where they live:

Right of access (Article 15): to confirm whether we hold personal data about you, and to receive a copy.
Right to rectification (Article 16): to have inaccurate data corrected.
Right to erasure (Article 17): to have personal data deleted, subject to limited exceptions such as retention for tax records.
Right to restriction (Article 18): to limit how we process your data while a question is being resolved.
Right to data portability (Article 20): to receive your data in a structured, commonly used, machine-readable format.
Right to object (Article 21): to processing based on our legitimate interests.
Right to withdraw consent (Article 7(3)): at any time, where consent was the basis.
Right not to be subject to automated decision-making (Article 22): see section 10 below.

6. How to exercise your rights

Email support@getglimpses.com with a short description of the right you wish to exercise. We may ask one or two questions to confirm your identity, since acting on a request from the wrong person would itself be a breach of your rights. We respond within thirty calendar days. If a request is complex, we may extend the response window by up to a further sixty days and tell you why.

Most requests are free of charge. We may charge a reasonable fee or refuse to act only if a request is manifestly unfounded or excessive, as permitted by Article 12(5) GDPR.

7. Processors and sub-processors

For a current list of our sub-processors and the data they receive, see section 5 of the Privacy Policy.

8. International data transfers

Where personal data is transferred outside the EEA or the UK to a country that the European Commission or the UK Information Commissioner's Office has not deemed to provide an adequate level of protection, the transfer relies on the EU Standard Contractual Clauses and, for transfers from the UK, the International Data Transfer Addendum issued by the ICO. Each of our sub-processors has those mechanisms in place. You can request a summary of these safeguards by writing to support@getglimpses.com.

9. Retention

We keep personal data only for as long as it is needed for the purpose it was collected for. Specific retention periods are set out in section 7 of the Privacy Policy.

10. Automated decisions and profiling

We do not make automated decisions that produce legal or similarly significant effects on you. We do not profile users for advertising or any other purpose.

11. Right to complain to a supervisory authority

If you believe we have not handled your personal data in line with the GDPR or the UK GDPR, you have the right to complain to the data protection authority in the country where you live, where you work, or where the issue occurred.

European Union: your national data protection authority. The European Data Protection Board maintains a contact list at edpb.europa.eu.
United Kingdom: the Information Commissioner's Office at ico.org.uk.
Switzerland: the Federal Data Protection and Information Commissioner at edoeb.admin.ch.

We hope you will write to us first so we can address your concern directly, but you are not required to do so.

12. Contact

For any GDPR or UK GDPR matter, write to support@getglimpses.com with "GDPR request" in the subject line so we can route it quickly.