Privacy Policy

Effective Date: May 26, 2026
Last Updated: May 26, 2026

1. Introduction

Glyph ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

Email address (via Clerk authentication)
Name (optional)
Payment information (processed by Stripe, not stored by us)

2.2 Usage Data

We automatically collect:

Icon generation prompts (to improve our AI)
Generated icon images and prompts submitted to the Service may be retained indefinitely to improve our AI models and service quality. You may request deletion of your data by contacting us at support@useglyphapp.com.
Usage metrics (generation count, credit balance)
Device information (browser type, IP address, operating system)
Analytics data (via PostHog: page views, feature usage, funnels)

2.3 Cookies

We use cookies for:

Authentication (Clerk session cookies)
Analytics (PostHog tracking)
Preferences (theme, language)

You can disable cookies in your browser, but this may limit functionality.

3. How We Use Your Information

We use your information to:

Provide the Service (authenticate users, generate icons, process payments)
Improve the Service (analyze usage patterns, train AI models)
Train and improve our AI models (using anonymized prompts and generated icon data)
Communicate with you (service updates, marketing emails)
Prevent fraud (detect abuse, enforce usage limits)
Comply with legal obligations (respond to subpoenas, enforce Terms)

4. Legal Basis for Processing (GDPR)

For EU/UK users, we process your data based on:

Consent (when you sign up)
Contract performance (to provide the Service)
Legitimate interests (fraud prevention, service improvement)
Legal obligations (tax compliance, law enforcement requests)

5. Data Sharing and Disclosure

5.1 Service Providers

Clerk (authentication) - Clerk Privacy Policy
Stripe (payment processing) - Stripe Privacy Policy
Fal.ai (image generation) - Fal.ai Privacy Policy
Supabase (database) - Supabase Privacy Policy
PostHog (analytics) - PostHog Privacy Policy
Sentry (error tracking) - Sentry Privacy Policy
Vercel (hosting) - Vercel Privacy Policy

5.2 Legal Requirements

We may disclose your information if required by law or to:

Comply with legal processes (subpoenas, court orders)
Protect our rights and safety
Investigate fraud or abuse

5.3 Business Transfers

If Glyph is acquired or merged, your information may be transferred to the new owner.

6. Data Retention

We retain your information for:

Account data: Until you delete your account + 90 days (for backups)
Generated icons: 30 days after creation (then deleted)
Usage logs: 12 months
Payment records: 7 years (tax compliance)

7. Your Rights

7.1 Access and Portability

You can request a copy of your personal data in JSON format.

7.2 Correction

You can update your account information at any time.

7.3 Deletion

You can delete your account from Settings. We will delete your data within 30 days, except:

Payment records (required for tax compliance)
Anonymized analytics data

7.4 Opt-Out

You can opt out of:

Marketing emails:Click "Unsubscribe" in any email
Analytics tracking:Enable "Do Not Track" in your browser

7.5 GDPR Rights (EU/UK Users)

You have the right to:

Data portability: Export your data
Right to be forgotten: Request deletion
Restrict processing: Limit how we use your data
Object to processing: Opt out of marketing
Lodge a complaint: Contact your local data protection authority

To exercise these rights, email: support@useglyphapp.com

8. Data Security

We implement industry-standard security measures:

Encryption in transit: HTTPS/TLS 1.3
Encryption at rest: Supabase database encryption
Access controls: Role-based permissions, 2FA for team members
Regular audits: Annual security reviews

However, no system is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your data may be transferred to servers in the United States. By using the Service, you consent to this transfer.

For EU/UK users, we rely on:

Standard Contractual Clauses (with service providers)
Adequacy decisions (where applicable)

10. Children's Privacy

The Service is not intended for users under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately.

11. California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information we collect
Delete their personal information
Opt out of the sale of personal information (we do not sell data)

To exercise these rights, email: support@useglyphapp.com

We do not discriminate against users who exercise their privacy rights.

12. Do Not Track Signals

We currently do not respond to Do Not Track (DNT) browser signals. You can opt out of analytics via your account settings.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified via:

Email (to your registered address)
In-app notification
Updated "Last Modified" date

Continued use after changes constitutes acceptance.

14. Contact Us

For privacy questions or to exercise your rights:

Email: support@useglyphapp.com
Address: Glyph LLC, 221 West Lake Lansing Road, Suite 200, East Lansing, MI 48823

For EU/UK users, you can also contact your local data protection authority:

List of EU DPAs
UK ICO: https://ico.org.uk/make-a-complaint/

Last Updated: May 26, 2026