Privacy Policy

Last Updated: February 11, 2026

1. Information We Collect

Information You Provide

• Email Address: Used for account creation and authentication
• Hotel Preferences: Hotels you like, super-like, or save
• Interactions: Your swipes, views, and hotel browsing behavior
• Age Range: Optional age bracket (18-24, 25-34, 35-44, 45+) for analytics — we don't collect your exact date of birth
• Country: Approximate country from device locale (not precise location)

Information Automatically Collected

• Device Information: Device type, operating system (e.g. iOS, Android)
• Usage Data: How you interact with the app, features you use, time spent (consent-gated when used for analytics)
• Location Data: We may request location permission to show your position on the map. We do not use precise location (GPS) for analytics. When you enable "Improve recommendations", we use approximate country from your device locale only.
• Session Data: Anonymous session IDs to understand app usage patterns (consent-gated)
• Anonymous ID: When analytics is enabled, we use a randomly generated analytics identifier. This identifier is not based on device fingerprinting and is resettable upon account deletion.
• Crash / Error Reports (Diagnostics): If the app encounters an error, we may send a one-time report (error message, stack trace, timestamp) to our servers for logging. This data is not stored in a user database and is not linked to your identity, email, or account. Crash reports do not contain personal content, hotel interaction history, or full account data.
• IP Address: Our servers may receive your IP address for security, rate limiting, and audit purposes (e.g. when you request account deletion). IP addresses are not stored in user profiles and are not used for behavioral profiling, advertising, or cross-app tracking.

Analytics (First-Party Only)

We do not use Firebase, Amplitude, PostHog, Mixpanel, or any third-party analytics SDK. We use our own first-party analytics, which is optional and only active when you enable "Improve recommendations" in Privacy & Data. When enabled, we collect events such as session start/end, card views, swipe decisions, and time spent — to improve recommendations. This data is linked to your account when you are logged in and is stored in our EU-based database (Supabase).

2. Photo Sources & Third-Party Services

Google Places API Photos

Hotel photos in Glintz are sourced from the Google Places API and are © Google Maps contributors. We use these photos to provide you with high-quality hotel imagery.

Certain content (such as hotel photos and map data) is provided by third-party services and is subject to their respective terms and policies. For Google's terms, see https://policies.google.com/terms.

Mapbox

Hotel map displays use Mapbox for beautiful, interactive maps.

Mapbox's Privacy Policy: https://www.mapbox.com/legal/privacy

Other Third-Party Services

• Supabase: Secure database and authentication (EU region). They process data on our behalf (processor).
• Google Maps: Hotel location display and mapping
• API Hosting: Our app backend is hosted by a US-based provider (e.g. Railway). Requests (including optional analytics and one-time crash reports) pass through their infrastructure; logs may be processed in the United States. No user database is hosted there — only our API and logs.

We do not sell your personal information. We do not use advertising identifiers (e.g. IDFA) or track you across other companies' apps. No App Tracking Transparency (ATT) prompt is used for advertising.

3. How We Use Your Information

We use your information to:

• Provide the Service: Show you hotels, save your preferences, remember your likes
• Personalization: Recommend hotels based on your preferences, country, age range, and browsing behavior (if analytics consent is enabled)
• Authentication: Verify your identity and secure your account
• Communication: Send you important updates about the service (no marketing without consent)
• Improve the App: Analyze usage to make Glintz better
• Safety & Security: Protect against fraud, abuse, and security issues

4. How We Share Your Information

We do not sell your personal information. We only share data in these limited cases:

We do not provide hotels or partners with access to individual user accounts, personal identifiers, or user-level interaction data.

Service Providers

• Supabase: Database hosting and authentication
• Google: Maps and photos (subject to Google's privacy policy)
• Mapbox: Map rendering (telemetry disabled)

Aggregated and Anonymized Insights

We may use aggregated and anonymized statistics (such as overall engagement trends, popular hotel categories, or general usage patterns) to improve the platform or provide high-level performance insights to hotel partners. These statistics:

• Do not include personal identifiers
• Do not include email addresses or account IDs
• Cannot be used to identify individual users
• Are not shared at a user-level granularity

Legal Requirements

We may share information if required by law, court order, or to protect rights and safety.

Business Transfers

If Glintz is acquired or merged, your information may be transferred to the new entity.

5. Data Retention

• Account Data: Kept while your account is active
• After Deletion: Upon account deletion, personal data associated with the account is permanently removed within 30 days, except where limited retention is required for legal or security purposes.
• Legal Requirements: Some data may be retained longer if required by law

6. Your Rights & Choices

Consent Categories in Glintz

When you first use Glintz, you choose your privacy preferences:

1. Core Functionality (Always On)

• Required for the app to work
• Saves your hotel preferences (likes, saves, superlikes)
• Shows your personalized discovery feed
• Remembers your interactions
• No opt-out available (essential for service)

2. Improve Recommendations (Optional)

• Analytics to personalize hotel suggestions
• Requires: country, age range
• Tracks: browsing patterns, card views, session duration, preferences
• Can be disabled anytime in Profile → Privacy & Data

3. Marketing Communications (Optional)

• Updates about new features and partnerships
• Can be disabled anytime
• Currently not active

You can review and change these settings anytime in your profile.

Access & Control

• View Your Data: See all data we have about you
• Update Information: Correct or update your information
• Delete Account: Request full account deletion (Profile → Delete My Account)
• Export Data: Download your data in portable format

Privacy Controls

• Location: Control location access in device settings
• Email: Opt-out of non-essential emails
• Preferences: Clear your saved hotels and preferences anytime
• Analytics: Disable analytics in Privacy & Data settings

7. Security

We take security seriously and implement:

• Encryption: All data is encrypted in transit (HTTPS) and at rest
• Secure Authentication: Passwordless magic link login for enhanced security
• Access Controls: Limited employee access to personal data
• Regular Audits: Security reviews and updates

8. International Data Transfers

Glintz operates globally. Our infrastructure includes EU-based database services (Supabase EU region) and US-based API hosting providers (e.g. Railway). Your data may be transferred to and processed in the U.S. and other countries where our service providers operate. Our main database and analytics storage use EU-based infrastructure (Supabase); our API and its logs (including one-time crash reports and security/audit logs) are hosted in the United States.

For EU/EEA Users (GDPR Compliance)

• We use EU-based servers (Supabase EU region) for data storage
• Data transfers comply with GDPR requirements
• You have the right to lodge a complaint with your data protection authority

9. Children's Privacy

Glintz is not intended for users under 18. We do not knowingly collect information from children. If we discover that a child under 18 has provided us with personal information, we will delete it immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via:

• In-app notification
• Email to your registered address
• Updated "Last Updated" date at the top of this policy

Continued use of Glintz after changes means you accept the updated policy.

11. California Privacy Rights (CCPA)

If you're a California resident, you have additional rights:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We don't sell your information, so this doesn't apply
• Non-Discrimination: We won't discriminate against you for exercising your rights

12. Contact Us

Questions about this Privacy Policy or your data?

13. Third-Party Links, Booking & Monetisation

Glintz may contain links to external websites (e.g. hotel booking sites and Google Maps). When you tap a booking or partner link, you leave the app and open the site in your device's browser (e.g. Safari). We do not use an in-app browser for booking. We are not responsible for the privacy or payment practices of these external sites.

We do not process payments inside the app. Any booking or purchase happens entirely on the external site. We may use affiliate links (e.g. to booking platforms); if you make a booking after following a link, we may receive a commission. This does not change the price you pay.

Please review the privacy policies of any external site before providing information.

14. Data Protection by Design

We build privacy into everything we do:

• Minimal Collection: We only collect what's necessary
• Purpose Limitation: Data is only used for stated purposes
• Storage Limitation: Data is not kept longer than necessary
• User Control: You control your data and preferences
• Consent-First: Analytics and marketing require your explicit consent

15. Data We Do NOT Collect

For transparency, here's what we don't collect:

• Precise location for analytics (we only use approximate country from device locale when you opt in)
• Advertising identifier (IDFA or similar) — we do not track you for ads
• Device ID or fingerprint for tracking
• Date of birth (only optional age bracket)
• Financial information (no in-app purchases)
• Health data
• Contacts
• Browsing history outside of Glintz
• Government IDs
• Biometric data
• Purchase or search history