Skip to content
Glimpses logoGet the app

Glimpses Privacy Policy

Last Updated: 18 September 2025

Creatoors Tech Private Limited ("we", "us", "our") operates Glimpses, a social media platform headquartered in Maharashtra, India. This Privacy Policy explains what data we collect, why we collect it, how we use and share it, the choices you have, and how to contact us. It is designed to comply with India’s Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 and rules thereunder, and to prepare us for compliance in other regions where we may operate.

TL;DR
We collect only what we need to run Glimpses, keep people safe, and improve the product. You can control your Privacy Settings through the app.

1) Scope

  • Services covered: Glimpses mobile apps, websites, APIs, notifications, developer tools, and features that link to this Policy (collectively, the "Services").
  • Third-party links: Our Services may link to third-party sites/apps. Their privacy practices are governed by their own policies.

2) Definitions

  • Personal data / personal information means any data about an identifiable person.
  • Sensitive categories include financial information (incl. payment instrument details), health data, biometric identifiers, precise location, government ID, and information revealing sexual orientation, racial/ethnic origin, religious or political beliefs, or trade union membership.
  • Processing means any operation on personal data (collection, storage, use, sharing, deletion, etc.).
  • Child means a person under 18 years of age (India).
  • Controller means the entity that decides why and how data is processed (that’s us for the Services).

3) What we collect

We collect data in three ways: you provide it, it happens automatically, or we receive it from others.

A. Data you provide

  • Account & profile: name/username, email/phone, password or SSO token, profile photo, date of birth, pronouns, bio, verification artifacts (e.g., ID snapshot), and settings.
  • Content & activity: posts, photos, videos (including short videos), audio, comments, captions, hashtags, likes, bookmarks, reports, messages (strong encryption offered), and interactions with features (e.g., camera tools, editing settings).
  • Contacts (optional): if you sync contacts or invite friends, we may process names, phone numbers, emails in hashed form to help you find people. You can stop syncing and delete synced contacts anytime in Settings.
  • Payment & commerce: transaction history, order details, billing/shipping info (processed via PCI-DSS compliant partners), refunds, and tax-related details.
  • Creator/Business tools: payout details, KYC/KYB data, brand partnership info.

B. Data collected automatically

  • Device & app data: device model/OS, app version, language, crash reports, performance and diagnostics, battery & signal strength, app foreground/background state, and identifiers (IDFA/AAID, device ID, installation ID).
  • Log & usage data: pages/screens viewed, taps, scrolling, session timestamps, referral/UTM data, actions (post, like, share), and features used (e.g., camera, editing).
  • Network & cookies/SDKs: IP address, coarse geolocation from IP, cookie IDs, SDK signals (analytics, crash, A/B testing, push notifications), and similar technologies.
  • Location (optional): precise location if you enable device-level permission; otherwise we use coarse location (e.g., city/state) from IP or network.
  • Inferences: interests or affinities (e.g., tech, travel) inferred from your activity for feed ranking and recommendations.

C. Data from others

  • Other users: mentions/tags, messages, reports/appeals, and your data in others’ address books.
  • Partners & vendors: measurement/attribution data, anti-abuse signals (e.g., spam lists, compromised credentials), ad conversion data (aggregated), and app store signals.
  • Public sources: publicly available profiles or posts when necessary for safety/integrity (e.g., impersonation).

Your choices: You can choose not to provide optional data (e.g., contacts, precise location). Some features may not work without certain data (e.g., age required to determine protections).

4) Why we use your data (purposes)

We process personal data strictly for the following purposes:

  1. Provide the Services: create/maintain your account, deliver feeds, posts, messages, search, recommendations, and social features; enable creators, business tools, and accessibility features.
  2. Safety, security & integrity: detect and prevent spam, fraud, malware, illegal content, exploitation, and violations of our Terms & Community Guidelines; protect our users and platform; investigate abuse; and enforce limits (e.g., rate-limiting).
  3. Legal compliance: comply with applicable laws, lawful requests, and regulatory obligations (including CERT-In incident reporting and IT Rules takedowns).
  4. Personalization (non-ad): tailor feed ranking, discovery, and product experiences to what you follow and engage with.
  5. Advertising & measurement: show ads, measure reach/conversions, control ad frequency, and prevent invalid traffic.
  6. Product research & improvement: diagnostics, analytics, A/B tests, surveys, and de-identified or aggregated analysis to improve features and performance.
  7. Communications: send essential service emails, security alerts, transactional messages, and—with your consent or as permitted—marketing communications you can opt out of.

Where required by law, we use automated systems (and sometimes human review) for moderation and ranking; you can appeal most decisions in-app.

5) Legal bases we rely on (region-specific)

  • India (DPDP Act): Your consent for specified purposes; and certain legitimate uses permitted by law (e.g., compliance with orders, employment, prevention/detection/investigation of offenses, or for the performance of a legal obligation).
  • EEA/UK (GDPR): consent; performance of a contract; legitimate interests (e.g., product safety and fraud prevention); compliance with legal obligations; and, when applicable, vital interests or tasks carried out in the public interest.
  • US: we honor rights under CPRA (see Region-Specific Supplements).

6) Children and teens

  • Age gates: You must be at least 13 years old to use Glimpses. In India, a child is under 18. We require/recommend parental supervision for users under 18.
  • Parents/guardians: You can request deletion of a child’s account/data by contacting support@glimpses.app.

7) Sharing & disclosure

We do not sell personal data. We share data as follows:

  • Service providers / processors: cloud hosting, analytics, security, content delivery, payments, communications, identity verification, and customer support—under contracts that limit use to our instructions.
  • Partners & integrations (opt-in): when you connect third-party apps (e.g., single sign-on, share extensions, ad measurement), we share what’s necessary and show you the permissions.
  • Other users & the public: what you post to public areas of Glimpses is visible to others; you can choose private options where available.
  • Legal & safety: we may access, preserve, or disclose data when we reasonably believe it is necessary to comply with law, protect anyone’s safety, prevent fraud or abuse, or protect our rights.
  • Corporate transactions: in a merger, acquisition, or asset sale, your data may transfer subject to this Policy and any successor’s equivalent protections.

8) International transfers

We may process and store data in India (most preferred always) or other countries. Under India’s DPDP Act, cross-border transfers are generally allowed except to countries that may be restricted by government notification. Where required (e.g., under GDPR), we use transfer safeguards such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

9) Data retention

  • We keep data only as long as necessary for the purposes described, for the duration of your account, or as required by law (e.g., tax, fraud prevention, legal holds).
  • If you delete content or your account, we delete or de-identify associated data unless we must retain it for legal reasons (e.g., to respond to lawful requests, dispute resolution, or fraud prevention).
  • Security and system logs may be retained for at least 180 days in India to comply with cybersecurity guidance and incident response requirements.

10) Security

We use administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, access controls, rate limiting, abuse detection, logging and monitoring, and regular testing. No system is 100% secure; we encourage strong passwords, 2FA, and caution with links and unknown messages.

11) Your privacy controls

Everyone:

  • Manage your privacy settings in Settings → Privacy.
  • Manage ad preferences and tracking choices in Settings → Advertisements.

India-specific (DPDP Act): right to access, correction, updating, erasure (subject to legal exceptions), grievance redressal, and to nominate another person to exercise your rights in the event of death or incapacity.

EEA/UK (GDPR): rights to access, rectification, erasure, restriction, portability, and objection; and to lodge a complaint with your local data protection authority.

California (CPRA): rights to know, delete, correct, opt out of sale/sharing, and limit use of sensitive personal information; non-discrimination for exercising rights.

12) Automated decision-making & profiling

We use ranking and recommendation systems to order content based on your interactions with people, accounts and content on Glimpses, we do this to make your experience better and more personalized.

13) Cookies, SDKs & similar technologies

We use cookies, local storage, and SDKs for authentication, security, preferences, analytics, A/B testing, and ad measurement. Some third parties set cookies/SDKs when you view content or interact with partners.

14) Ads & measurement

  • Personalized ads and third‑party measurement apply to all users.
  • We restrict advertisers from uploading sensitive attributes and require contracts prohibiting misuse of user data.

15) Communications & marketing

  • Service communications: account, security, transactional, and legal notices. You cannot opt out of essential messages.
  • Marketing: emails, push, in-app messages—only with consent where required. You can opt out in Settings (to be available soon) or via unsubscribe links.

16) Grievances, appeals & lawful requests

  • Grievance redressal: Contact at support@glimpses.app. We aim to acknowledge complaints promptly and resolve them within legally prescribed timelines.
  • Govt/court orders: We comply with valid legal orders, including content removal and user data requests, and try to notify affected users (not guaranteed) where legally permitted.
  • Appeals: If you are dissatisfied with our decision on certain complaints, you may appeal to the Government’s Grievance Appellate Committee (GAC) where applicable.
  • CERT-In incidents: We maintain logs and report qualifying cybersecurity incidents to CERT‑In within required timelines.

17) Developer platform & third‑party tools

If you use Glimpses APIs, developer tools, or social plugins:

  • You must comply with our Developer Terms and only collect/use data as permitted.
  • We may receive analytics/measurement events from your integration.
  • You must provide clear notices and obtain end‑user permissions/consents required by law.

18) AI features & model training

We use automated systems (and moderated human review) to keep Glimpses safe and to power features like content recommendations, integrity checks, and translations. We may use your public posts, short videos and other generated content and interactions to improve our models (excluding chats & messages and except where prohibited by law). We always process data for safety/integrity and do not use sensitive personal information for such purposes.

19) Data retention details

  • Account data: retained while your account is active; deleted or de‑identified within 30 days after deletion, unless legal holds apply.
  • Content (posts/media): retained until you delete it or your account; backups may persist for 90 days.
  • Logs & security data: retained for at least 180 days or longer if needed for investigations or legal compliance.
  • Payments/tax records: retained as required by law (8 years).
  • Reports/appeals: retained for 18 months to support trust & safety operations.

Government/Court orders may apply over and above our data retention policies, in which case we may hold the data longer. Government authorities may also access your data as permitted by law.

20) Changes to this Policy

We’ll update this Policy when necessary. For material changes, we will notify you and give you time to review before they take effect. The “Last updated” date always reflects the latest version.

Linked policies