Privacy
Privacy Policy
glimpses is built so your journal stays yours. We do not host a copy of your entries on our servers, we do not run analytics or trackers, and we do not sell or share your personal data. This policy explains exactly what we do collect, why, and how to exercise your rights.
1. Who we are
glimpses is operated by Anees, an independent software developer (referred to in this policy as "we", "us", or "our"). For the purposes of EU and UK data protection law, we are the data controller for the limited personal data we collect directly, as described below.
Trading name: Anees
Product: glimpses (getglimpses.com)
Contact: support@getglimpses.com
2. What we collect
Account identifiers (via Dropbox sign in)
When you sign in, Dropbox returns a limited set of account details to glimpses: your Dropbox account ID, display name, and an OAuth refresh token. We use this only to authorise glimpses to read and write the journal folder inside your Dropbox on your behalf. We do not request or receive your Dropbox password.
Purchase information
When you buy a lifetime licence, payment is processed by Stripe. We receive a transaction confirmation, your purchase reference, and the country of your billing address (so we can show the correct price and tax). We do not receive your card number, CVC, or full billing details. Those go directly to Stripe.
Support correspondence
If you email us at support@getglimpses.com, we keep your message and our reply so we can help you. We treat support email as confidential.
Technical logs (website only)
Like any website, our hosting provider produces short-lived access logs (IP address, user agent, requested URL, timestamp) to keep the site running and protect against abuse. We do not run Google Analytics, Plausible, PostHog, Mixpanel, Segment, or any equivalent product analytics. We do not place advertising cookies. We do not fingerprint visitors.
What we do not collect
- Your journal text or photos. These stay in your Dropbox and in a local cache on your device.
- Telemetry, usage events, or behavioural analytics. We do not record clicks, page views, scroll depth, or session replays.
- Location data from your device. The app does not request location permission. Any location associated with a photo comes from the photo's own EXIF metadata, which you control by editing or stripping the photo before adding it.
- Crash reports or error telemetry. We do not bundle Sentry, Bugsnag, Crashlytics, or any equivalent SDK.
3. Why we collect it
- To provide the service. Your Dropbox identifier and refresh token are required for sync to work at all.
- To process payments. Stripe needs minimum transaction data to settle the purchase and apply the correct tax.
- To answer support questions. Your support email is kept until your issue is resolved.
- To keep the website running. Short-lived hosting logs let us debug outages and block abuse.
4. Legal bases for processing
If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data protection law, the legal bases we rely on are:
- Performance of a contract: to deliver glimpses to you, run sign-in, sync to your Dropbox, and process your lifetime purchase.
- Legitimate interests: to keep the service secure and the website online (limited to short-lived hosting logs).
- Compliance with a legal obligation: to keep purchase records for the period required by tax law.
- Consent: for any future optional feature where we ask you to opt in. We do not currently rely on consent for any processing.
5. Who we share data with
We do not sell your personal data and we do not share it for marketing. We rely on a small number of service providers ("sub-processors") to run the service. Each is listed below with what they process and why.
| Provider | Purpose | Data they receive |
|---|---|---|
| Dropbox, Inc. | Sync storage for your journal (via OAuth in your own Dropbox) | Your Dropbox account ID, display name, and the journal folder contents you save |
| Stripe, Inc. | Payment processing for the lifetime licence | Card details, billing country, transaction amount |
| Cloudflare, Inc. | Hosts the glimpses web app and marketing site through Cloudflare Pages | Short-lived hosting access logs (IP, user agent, URL) |
| Google LLC (Fonts) | Serves web fonts on the marketing site | Browser request metadata (IP, user agent) when fonts load |
We will update this list, with reasonable notice, if we add or change a sub-processor.
6. International transfers
Our sub-processors are headquartered in the United States. When personal data transfers from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, those transfers rely on the Standard Contractual Clauses (and, for transfers from the UK, the International Data Transfer Addendum) which each provider has in place. Public references:
7. How long we keep data
- Account identifiers: until you sign out or revoke our Dropbox access. After revocation, your refresh token is unusable and our sync stops.
- Purchase records: kept for the period required by applicable tax law (typically six to ten years), then deleted.
- Support emails: kept while the conversation is active and for up to twelve months after, so we can recognise repeat issues.
- Website hosting logs: held by our host for a short window (commonly thirty days), then rotated out.
- Your journal content: we never hold a copy. Your content stays as long as you keep it in your own Dropbox.
8. Your rights
Depending on where you live, you have some or all of these rights. We honour them for everyone, regardless of jurisdiction:
- Access: ask what personal data we hold about you.
- Correction: ask us to fix anything inaccurate.
- Deletion: ask us to erase what we hold (your Dropbox content is yours to delete directly).
- Restriction: ask us to pause processing while a question is resolved.
- Portability: receive a machine-readable copy of what we hold.
- Objection: object to processing that relies on legitimate interests.
- Withdraw consent: where consent was the basis, withdraw it at any time.
To exercise any right, email support@getglimpses.com. We will respond within thirty days. There is no charge for a reasonable request. If you are in the EEA or UK and we cannot resolve a concern, you may lodge a complaint with your local data protection authority. See our GDPR notice for more detail.
9. Cookies and similar technologies
The glimpses website does not set advertising or analytics cookies. The web app uses your browser's local storage, IndexedDB, and a service worker to keep your journal cached so it works offline. This is functional storage, not tracking. Clearing site data in your browser removes the local cache.
10. Security
We rely on a short list of practical safeguards rather than vague promises:
- All traffic to glimpses uses TLS 1.2 or higher.
- Your Dropbox refresh token is stored only on your device, and can be encrypted at rest with a PIN if you enable the App Lock setting.
- We do not maintain any glimpses-controlled server that holds your journal, which means there is no glimpses database to breach.
If you suspect a vulnerability, please write to support@getglimpses.com. We respond to security reports first.
11. Children
glimpses is not intended for children under sixteen, and is not directed at children under thirteen. We do not knowingly collect personal data from anyone in those age groups. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Changes to this policy
If we make a material change, we will update the "Last updated" date at the top and, where the change is significant, we will publish a short note on the website and contact users who have purchased a lifetime licence. Continued use of glimpses after a change means you accept the revised policy.
13. Contact us
For any privacy question, including subject access requests, write to support@getglimpses.com. We aim to reply within five business days.