Privacy Policy
Last updated June 3, 2026
The short version
We collect the minimum we need to deliver a gift. We don’t sell your data. We don’t build advertising profiles. We use a small number of well-known vendors to run the service, and we tell you exactly who they are below.
What we collect
From you:
- Your email address. Used to sign you in via magic link and to contact you about your account.
- Gift content.The recipient’s name, the event date, the list of moments, your closing message, and any photo you upload. We need these to render the gift.
- Payment information.We don’t see or store your card details — Stripe handles the entire payment. We see only what Stripe tells us: order amount, last four digits of the card, billing zip if you provided one.
Automatically, when you visit:
- Analytics. Page views, screen size, country, and rough referral source via Google Analytics 4 (delivered through Google Tag Manager). We use this to understand which parts of the site work and which confuse people.
- Session cookies. One auth cookie that keeps you signed in. No third-party tracking cookies.
Who we share with
To run glimpse, we use:
- Vercel — hosts the website. Sees every HTTP request as part of normal serving.
- Supabase — stores account data, gift content, and uploaded photos. Located in the United States.
- Stripe — processes payments. See their privacy policy at stripe.com/privacy.
- Resend — sends transactional emails (magic-link sign-in, order confirmations). They process your email address to deliver the message.
- ImprovMX — forwards inbound email sent to hello@glimpse.gift to a private inbox.
- Google Analytics 4 / Google Tag Manager— anonymous-ish usage analytics. We don’t link analytics to your account.
We do not share data with advertisers, data brokers, or marketing platforms. We don’t sell anything.
What we don't do
- We don’t sell your data to anyone, ever.
- We don’t build advertising profiles or target ads at you based on your activity.
- We don’t share your gift content with anyone outside the vendors listed above.
- We don’t read your closing messages or recipient names unless you ask us to look at something for a support question.
Gift URL privacy
The gift sites you create are publicly readable to anyone who knows the URL. They’re not indexed by search engines and we don’t share them anywhere, but the URL itself is the only access control. Treat it like a secret.
If you need stronger protection (proposals, sensitive announcements), let us know — password protection is in the works.
Data retention
Gift sites stay live for 30 days after the event date. After that, the site is archived (no longer publicly accessible) but we hold your data for another 30 days in case you choose to extend or restore.
Sixty days after the event, archived data is permanently deleted unless you opt into the lifetime option. Sites you delete manually are removed within 24 hours.
We keep your account as long as you have any active gift, plus 18 months of inactivity (we’ll email you before removing an inactive account).
Stripe holds order records for the period required by US tax law (typically 7 years). We can’t delete those before then.
Your rights
You can request a copy of your data, ask us to delete it, or correct anything inaccurate by emailing hello@glimpse.gift. We process requests within 5 business days. We won’t charge you to exercise these rights, and we won’t make the service worse if you do.
If you’re in the EU/UK, you have rights under GDPR. If you’re in California, you have rights under CCPA. All of the above apply equally regardless of where you live.
Children
Glimpse is not directed at children under 13. We don’t knowingly collect data from children. If you believe a child has signed up, email us and we’ll delete the account.
Changes to this policy
We’ll bump the “last updated” date when anything material changes. For substantive changes that affect how we treat your data, we’ll email anyone with an active account.
Contact
Questions, requests, complaints — email hello@glimpse.gift. A human reads every message.