Privacy Policy

Last updated: February 20, 2026

The short version: MyGlimpse is a zero-knowledge app. Your secrets are encrypted on your device and never leave it. We don't collect, store, transmit, or have access to any of your data. We can't read your secrets even if we wanted to.

1. Who We Are

MyGlimpse ("we", "our", "us") is a mobile application developed and operated by MyGlimpse. This Privacy Policy explains how the MyGlimpse app (available on iOS and Android) handles your information.

2. Zero-Knowledge Architecture

MyGlimpse is built on a zero-knowledge architecture. This means:

All data you enter into the app is encrypted locally on your device before it is stored.
The encryption key is generated and stored in your device's secure keychain (iOS Keychain or Android Keystore) and never leaves your device.
We do not operate servers that store, process, or have access to your secrets.
We cannot decrypt, view, or recover your data under any circumstances.

3. Data We Collect

We do not collect any personal data. Specifically:

No account required. You do not need to create an account, provide an email address, or sign in to use MyGlimpse.
No analytics or tracking. We do not use any analytics SDKs, tracking pixels, or third-party analytics services.
No advertising. We do not display ads or use advertising SDKs.
No telemetry. The app does not send usage data, crash reports, or diagnostics to us or any third party.
No network requests. The core app functions entirely offline. No internet connection is required to store, view, or manage your secrets.

4. Data Stored on Your Device

MyGlimpse stores the following data exclusively on your device:

Your secrets (labels, values, categories) — encrypted using XChaCha20-Poly1305 with Argon2id key derivation, stored in a local SQLCipher database.
App preferences (theme, sort order) — stored in local app storage.

This data is never transmitted to any server. If you delete the app, all data is permanently removed from your device.

5. Biometric Data

MyGlimpse uses your device's biometric authentication (Face ID, Touch ID, fingerprint, or pattern lock) to control access to the app. We do not collect, store, or process biometric data. All biometric authentication is handled entirely by the operating system (iOS or Android). MyGlimpse only receives a success or failure response from the OS — never the biometric data itself.

6. Secure Sharing Feature

MyGlimpse Pro includes a feature that lets you share secrets via encrypted links. When you use this feature:

Your secret is encrypted on your device before being uploaded.
The encrypted blob is stored temporarily on our server. We cannot decrypt it.
The decryption key is placed in the URL fragment (the part after the #), which by how the web works is never sent to any server.
The recipient's browser decrypts the secret locally using the key from the URL fragment.
Shared secrets are automatically deleted after being viewed once or after expiry, whichever comes first.

7. Export and Import

You can export your data as an encrypted file protected by a passphrase you choose. This file is created locally on your device. We never see or process this file. When you import on a new device, decryption happens locally using your passphrase.

8. In-App Purchases

MyGlimpse offers optional paid subscriptions (Pro and Family plans) through the Apple App Store and Google Play Store. All payment processing is handled entirely by Apple or Google. We do not collect, store, or have access to your payment information, billing address, or financial data.

9. Children's Privacy

MyGlimpse does not knowingly collect any personal information from children under the age of 13 (or the applicable age in your jurisdiction). Since we do not collect any personal data from any user, there is no data to differentiate by age. The app can be safely used by anyone.

10. Third-Party Services

The core MyGlimpse app does not integrate with or send data to any third-party services. The only third-party interactions are:

Apple App Store / Google Play Store — for app distribution and in-app purchases. These platforms have their own privacy policies.

11. Data Retention

Since we do not collect data, there is nothing to retain. Data stored locally on your device persists until you delete it within the app or uninstall the app. Shared secrets (via the sharing feature) are deleted from our server after one view or after the expiry period.

12. Your Rights

Under applicable privacy laws (including GDPR, CCPA, and others), you have rights regarding your personal data. Since we do not collect or store any personal data on our servers, these rights are inherently satisfied:

Right to access: All your data is on your device. You have full access at all times.
Right to deletion: Delete any secret within the app, or uninstall to remove all data.
Right to portability: Use the export feature to take your data with you.
Right to rectification: Edit any secret directly in the app.

13. Security

MyGlimpse uses industry-standard encryption:

XChaCha20-Poly1305 for authenticated encryption of your secrets.
Argon2id for key derivation (export/import passphrase protection).
SQLCipher for encrypted local database storage.
Platform secure keychain (iOS Keychain / Android Keystore) for encryption key storage.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top of this page. Since we don't collect your email or contact information, we encourage you to review this page periodically.

15. Contact Us

If you have any questions about this Privacy Policy or MyGlimpse's privacy practices, please contact us at:

privacy@myglimpse.app