Privacy Policy

Last updated: March 13, 2026

Table of Contents

1. What data we collect

We collect information to provide better services to our users. The data we collect includes:

  • Account Information: Name, email address, and authentication credentials.
  • User Content: Your journal entries, tasks, habits, and configuration settings.
  • Usage Data: How you interact with the service, feature usage, and device diagnostic information.

2. How we use it

We use your personal data strictly to provide, maintain, and improve Glimrly. This includes:

  • Syncing your tasks and journal entries across your devices.
  • Sending you essential notifications (like password resets or subscription receipts).
  • Analyzing aggregated platform usage to improve UI/UX and fix bugs.

We do not use your private journal entries or personal data for advertising or AI training without explicit consent.

3. Cookies and tracking

Glimrly utilizes cookies purely for essential site functionality, such as keeping you logged in (authentication cookies) and saving your local app preferences (dark/light mode). We do not use tracking cookies for third-party advertising or retargeting purposes.

4. Third-party sharing

We do not sell your personal data. We only share information with critical service providers required to operate Glimrly (such as secure cloud hosting providers, payment processors like Stripe). All third-party subprocessors are vetted for strict GDPR and CCPA compliance.

5. Data storage & security

Guest Users (Free Accounts): We utilize a privacy-first local approach. All of your data—including your tasks, habits, and journal entries—is stored strictly locally within your own browser. We have zero access to this local data; it stays entirely with you.

Cloud Users (Authenticated Accounts): For users who create an account to sync their data, we securely store your information with our cloud infrastructure partner, Supabase. We utilize strict Row-Level Security (RLS) on all databases, ensuring that your data is encrypted, completely isolated, and that only you have the permissions to view or access your private things.

We retain your cloud information only for as long as your account is active. If you choose to delete your account, your data is completely and permanently wiped from our primary production databases within 30 days.

6. Your rights

Depending on your location (e.g., under standard GDPR or CCPA regulations), you have the right to:

  • Request a portable copy of out your data (Data Portability).
  • Request corrections to any inaccurate information.
  • Request the immediate deletion of your personal data.
  • Opt-out of non-essential communications.

7. Data requests and Contact

To exercise your data rights or to request a full export of your personal journal entries and data, please reach out to us. We fulfill all verified data requests within 30 days.
[email protected]

8. Policy update process

We may update our Privacy Policy periodically. We will notify you of any major material changes by posting the new Privacy Policy on this page and sending an email to all active account holders before the changes become effective.