Privacy Policy

This Privacy Policy explains how Glymp ("Glymp", "we", "us", or "our") collects, uses, stores, discloses, and protects your personal information when you access or use our services ("Services").

• Visiting our website https://glymp.app
• Downloading and using the Glymp mobile application (User App or Business App)
• Discovering nearby products, stores, and services
• Posting content, reviews, or engaging with businesses
• Earning or redeeming Glymp Coins
• Engaging with us through marketing, promotions, or customer support

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("IT Rules 2021").

If you do not agree with this Privacy Policy, please do not use our Services. For questions, contact us at support@glymp.app.

1. Information We Collect

2. How We Use Your Information

3. Cookies and Tracking Technologies

We use the following technologies:

You can manage cookie preferences through your browser settings. Disabling cookies may affect certain functionalities. On mobile, you can reset your advertising identifier or opt out of personalized ads through your device's privacy settings.

4. Third-Party Integrations and Data Sharing

We share data with the following categories of service providers, bound by contractual data protection obligations:

• Cloud Infrastructure — Hosting, storage, and content delivery (e.g., AWS, Google Cloud, Cloudflare)
• Analytics Providers — Usage analysis and crash reporting (e.g., Firebase Analytics, Cloudflare Web Analytics)
• Payment Gateways — Secure payment processing (e.g., Razorpay)
• Push Notification Services — Delivering notifications (e.g., Firebase Cloud Messaging)
• Media Processing — Image and video optimization (e.g., ImageKit)
• AI/ML Services — Powering search, recommendations, and content understanding
• Communication Tools — Email delivery and customer support

We may also share information:

• With law enforcement or government authorities when required by law or legal process
• During business transfers, mergers, or acquisitions
• With business partners for joint promotions (with your consent)
• With other users when you post content publicly
• To protect the rights, safety, and property of Glymp and its users

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Active account data — Retained for the duration of your account being active
• Post-deletion — Core account data is deleted within 90 days of account deletion request. Some data may be retained in anonymized form for analytics.
• Legal holds — Data may be retained longer if required for legal compliance, dispute resolution, or fraud prevention
• Backups — Encrypted backups are purged on a rolling 30-day cycle
• User-generated content — Publicly posted content (reviews, photos) is removed upon account deletion unless it has been reposted or referenced by others

Glymp Coins balances expire and are forfeited upon account termination.

6. Your Privacy Rights

Under the Indian IT Act, SPDI Rules, and in alignment with global best practices, you have the following rights:

• Right to Access — Request a copy of the personal data we hold about you
• Right to Correction — Update or correct inaccurate personal information
• Right to Deletion — Request deletion of your account and associated data
• Right to Withdraw Consent — Withdraw previously given consent for data processing
• Right to Data Portability — Request your data in a structured, commonly used format
• Right to Object — Object to processing for direct marketing purposes
• Right to Grievance Redressal — File a complaint with our Grievance Officer

To exercise your rights, use the in-app account settings or email us at support@glymp.app with subject line "Data Rights Request". We will verify your identity and respond within 30 days.

7. Children and Minors

Glymp is rated 12+ on app stores.

• Children under 12: We do not knowingly collect personal information from children under the age of 12. If we become aware that a child under 12 has provided us with personal data, we will take steps to delete it promptly.
• Users aged 12–17: Minors between 12 and 17 may use Glymp with the consent and supervision of a parent or legal guardian. Parents/guardians assume responsibility for the minor's activity on the platform.
• Content filtering: We implement age-appropriate content moderation. Content flagged as mature, violent, or inappropriate is restricted from users under 18.
• No targeted advertising to minors: We do not serve behaviorally targeted advertisements to users identified as under 18.
• Limited data processing: For minor users, we limit data collection to what is essential for the service and do not process their data for profiling or marketing purposes.

If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us at support@glymp.app.

8. Security Practices

We implement reasonable security practices and procedures as required under the SPDI Rules, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication mechanisms (token-based, OTP verification)
• Role-based access controls for internal systems
• Regular security assessments and vulnerability testing
• Firewalls, intrusion detection, and DDoS protection
• Secure cloud infrastructure with SOC 2 compliant providers
• Employee training on data protection and privacy

While we strive to protect your personal information, no method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security and encourage users to also take precautions (e.g., strong passwords, not sharing credentials).

9. Cross-Border Data Transfer

Your data is primarily stored on servers located in India. However, some of our service providers may process data in other jurisdictions (e.g., United States, European Union). In such cases:

• We ensure adequate data protection through contractual safeguards
• Service providers are bound by data processing agreements
• We comply with applicable Indian laws regarding data transfer
• Your data receives substantially similar protection regardless of where it is processed

10. Artificial Intelligence Features

Glymp uses AI-powered features to enhance your experience:

• AI-powered search and discovery
• Content recommendations and personalization
• Image recognition and content categorization
• Automated content moderation

Personal data processed through AI features is handled in accordance with this Privacy Policy. AI decisions are not used as the sole basis for actions with legal or significant effects on you.

11. Do-Not-Track Signals

We do not currently respond to Do-Not-Track (DNT) browser signals due to the absence of a uniform industry standard. We will update this policy if a standard is adopted.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• Material changes will be communicated via in-app notification or email
• The "Last updated" date at the top will be revised
• Continued use of the Services after changes constitutes acceptance
• We encourage you to periodically review this policy

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and the IT Rules 2021, the details of our Grievance Officer are:

14. Contact Information