This Privacy Policy explains what personal data Glim ("Glim", the "Service", "we", "us") collects when you use the Service, how we use it, who we share it with, and the choices available to you.
1. What we collect
Information you provide
- Account data: email address, password (stored only as an Argon2id hash), and — if you sign in via Google, Discord, Telegram, or X — the minimum profile fields the provider returns (account id, display name, verified email).
- Inputs & Outputs: images or other media you upload, prompts you supply, and the generations produced in response.
- Payment metadata: order id, pack purchased, amount, currency, payment channel (Creem, Telegram Stars, or NOWPayments), and transaction status. We never store your credit card number, expiry, or CVC — those are handled by the payment processor.
- Support communications: email threads and any information you include when contacting us.
Information collected automatically
- Usage metadata: which templates you use, how many credits you spend, generation timestamps, approximate device / browser info from request headers, and IP addresses (used for rate limiting, abuse detection, and geographic service availability).
- Moderation records: for every upload and every generated output, our automated content-safety filter stores a moderation event (verdict, policy, detection labels, confidence) for auditing purposes.
- Session cookies: a single first-party cookie that keeps you signed in. We do not use advertising, analytics, or third-party tracking cookies.
2. How we use your data
- Deliver and operate the Service (authentication, generations, credit accounting, moderation);
- Send transactional email — verification codes, invoices, account notices — via our email vendor;
- Detect, prevent, and investigate abuse, fraud, and violations of our Terms;
- Improve and troubleshoot the Service (aggregated, not at the individual level);
- Comply with legal obligations and respond to lawful requests.
We do not sell your personal data. We do not use your Inputs or Outputs to train generative AI models that go beyond your own account's personalization.
3. Who processes your data on our behalf
We rely on a small set of well-known sub-processors:
- Neon (US) — managed PostgreSQL hosting for account and generation metadata.
- Cloudflare R2 — object storage for your uploaded Inputs and generated Outputs. Served via Cloudflare's global edge.
- Creem — Merchant of Record for card / Apple Pay / Google Pay payments. Creem also handles local tax collection and remittance.
- Telegram — when you choose Telegram Stars as your payment method.
- NOWPayments — when you choose cryptocurrency as your payment method.
- Resend — transactional email delivery (verification codes and similar service emails).
- Google / Discord / X / Telegram (OAuth) — only when you use the corresponding sign-in option.
Each sub-processor receives only the data necessary to perform its function, under contractual confidentiality and data-protection commitments.
4. International transfers
The Service is operated from infrastructure located in the United States and the European Union. If you are accessing Glim from a different region, your data will be transferred to and processed in those locations.
5. Retention
We retain account and generation data for as long as your account is active. After account deletion, personal data is removed within 90 days, except (a) records we are legally required to retain (e.g. financial records for tax purposes — typically 7 years), and (b) anonymized or aggregated data that can no longer be linked to you.
6. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Delete your account and associated personal data (subject to Section 5);
- Export your data in a portable format;
- Object to or restrict certain processing;
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, email support@335578.xyz from the email address on your account.
7. Security
Data is encrypted in transit (HTTPS) and at rest at our sub-processors. Passwords are stored as Argon2id hashes; payment card numbers never touch our servers. Administrative access to production data is role-restricted and audit-logged.
8. Children
Glim is not intended for children under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us so we can delete it.
9. Changes
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date above and, where appropriate, announced by email or in-product notice.
10. Contact
Privacy questions or requests: email support@335578.xyz.