glaamr

Privacy Policy

Last updated: 6 May 2026

We collect the smallest amount of data we can to make glaamr work. We don't sell it, share it with advertisers, or use it to train AI. If you're under 18, we collect even less. You can delete everything any time.

If you'd rather skip the details, that's the whole thing.

1. What we collect when you sign up

Your email address
A username (you choose it; it doesn't have to be your real name)
Your age, so we know which set of features to give you
A password — we never see it, it's encrypted before it reaches us

That's it for sign-up.

2. What we collect as you use glaamr

The photos you upload
The looks, products, notes and lookbooks you create
Who you follow and who follows you
Which looks you've faved or saved

We need all of this to make the app work — without your saved looks, there's nothing to save. We don't track what you do outside glaamr.

3. What we do NOT collect

Your location, not even rough
Your phone number
Your real name unless you tell us
Your contacts
Anything from other apps on your phone
Browsing history outside glaamr

4. What we do with what we collect

Make the app work for you
Show your looks to people who are allowed to see them — you decide that with each look's privacy settings
Email you important stuff like password resets or account changes
Keep the platform safe, e.g. checking uploaded photos meet our content rules

That's all. We don't run ad networks, we don't profile you, and we don't pass your data to advertisers.

5. Where your data lives

Your data is stored on secure servers run by Supabase, our hosting provider. They're SOC2 Type 2 compliant, with data encrypted at rest. Access is restricted to glaamr's tiny team and only for legitimate reasons (e.g., when you contact support and explicitly authorise us to look). We have automated, sample-only access policies in place — we cannot silently browse other users' content.

6. How your photos are protected

Photos are stored in a private file bucket. Direct URLs don't work — every time the app loads a photo, it generates a short-lived signed link that expires within an hour. Diary photos are protected by an additional layer: the storage system itself only allows the owner's account to access them.

7. Who can see your photos and looks

You decide. Each Look has three privacy levels:

Private — only you
Connections — only people you've accepted (followers and clients)
Public — anyone with the app, plus anyone you share a link with

Diaries are private by default and never appear in any public feed. To share a diary, you must explicitly unlock it and generate an unlisted link; you can revoke that link at any time.

If your account is set to private (default for under-18), nobody can see your looks unless you explicitly accept them as a connection.

8. Special rules for under-18 users

If you're under 18:

Your account is private by default and stays that way until you turn 18, with limited exceptions
You're not searchable or discoverable by other users
We don't show ads or use your data for advertising-related purposes, ever
We collect strictly the minimum needed to run your account
Affiliate shopping links are not shown to under-18 accounts
If you're under 13, we require verifiable parental consent before you can sign up

9. Your rights, no matter your age

You can:

Delete your account and all your data — Profile → Delete account. This is immediate and permanent.
Correct anything that's wrong (Profile → Edit)
Request a copy of your data — email us
Stop us from using your data in any specific way — just email us

We respond to data requests within 30 days. Most people get a response in 24–48 hours.

10. Cookies and tracking

We use a tiny number of cookies to keep you logged in and remember your preferences. We do not use:

Tracking pixels
Third-party advertising cookies
Cross-site trackers
Analytics that profile individual users

If we use any analytics at all, it's privacy-respecting tools that don't track individuals.

11. How long we keep things

Your account and all your data: while your account is active
After you delete: your account and rows are erased immediately. Photos in our file storage are deleted at the same time.
Backups: our hosting provider keeps automated backups for up to 7 days, after which deleted data is gone from backups too
Communications between you and our team: kept for 1 year then deleted

12. International data

Our servers may be in a different region from yours. We use standard contractual protections required by GDPR and other privacy laws.

13. Security

We use HTTPS in transit, encryption at rest, row-level security to keep accounts isolated, and short-lived signed links for photo access. Passwords are hashed using industry-standard methods — we never see them in plain text. No system is bulletproof, but we take this seriously. If we ever had a breach, we'd tell you within 72 hours and explain exactly what happened.

14. Changes to this policy

If we make significant changes, we'll tell you in the app and by email. For minor changes (typos, clearer wording) we'll just update the date at the top.

15. Contact us

For any privacy question, data request, or concern: privacy@glaamr.app

We read every message. We respond fast.