Privacy Policy
Last updated: April 28, 2026
This is the privacy policy for Glown, a mobile application operated by an Australian sole trader (ABN 52 606 397 297). This policy explains what information Glown collects when you use the app, why, and what you can do about it.
Glown is built with the belief that private, small conversations between friends should stay private. This policy is designed to reflect that.
What Glown collects
Glown lets you send two kinds of messages: drops (geo-anchored neon signs at specific locations, viewable in AR or on the map) and beams (direct messages delivered as a takeover screen to a friend). To make the app work, Glown collects:
- Your email address — required to sign in and identify your account.
- Your display name — shown to your friends alongside the messages you drop or beam. Defaults to an anonymous identifier if you don't set one.
- Your share code — a randomly generated 8-character code that lets friends add you without sharing your email or phone.
- Your location — only when the app is open and only to (a) anchor neon messages you drop to real-world coordinates, and (b) show you nearby messages your friends have dropped near you. Glown does not track your location in the background and does not log your location history beyond the message anchor points you explicitly create.
- The messages you send — for drops, the content (text, icon, color), the coordinates you chose, the recipients you selected, and the time they were created and expire. For beams, the content (text, icon, color), the recipient, and creation time. Beams have no location.
- Your friendships and friend requests — who you're connected to, who's asked to connect, and who you've blocked.
- Your push notification token — when you grant notification permission, Apple gives Glown a device-specific identifier we use to deliver push notifications. The token is stored on Glown's servers, tied to your account, and used only to send you notifications when friends send you messages. Tokens are removed when you sign out or delete your account.
- Reports you file — if you report another user or a message, the report is stored with your identifier so we can investigate.
Glown does not access your photo library, microphone, contacts, calendar, or health data. The camera is used only for the live AR view and no camera images or video are stored, transmitted, or analyzed.
What Glown does NOT do
- Glown does not sell your data to anyone. Ever.
- Glown does not use third-party advertising networks.
- Glown does not embed analytics SDKs that fingerprint your device or follow you across apps.
- Glown does not track your location in the background.
- Glown does not read, record, or transmit anything from your camera, photo library, or microphone.
- Glown does not share the content of your messages with anyone except the recipients you explicitly chose.
Who sees your messages
When you drop or beam a neon message, you pick the friends who can see it. Only those friends see it — nobody else, including the Glown operator, reads the content of your private messages as part of normal operations.
The only exceptions are:
- When another user reports your message for review, an administrator may read it to assess the report.
- When legally required to comply with a lawful request from law enforcement (with a valid warrant or equivalent).
- For technical incidents where a developer needs to inspect stored data to fix a bug. This access is logged.
Where your data is stored
Glown's backend runs on Supabase, a hosted database and authentication service. Your account data, messages, friendships, and reports live on Supabase's infrastructure. Supabase processes this data on Glown's behalf and is bound by its own published privacy terms. You can read Supabase's policy here: supabase.com/privacy.
Message location data is stored using PostgreSQL with PostGIS, using standard geographic coordinates (latitude/longitude). Nothing about your routes, movement patterns, or daily travel is stored — only the specific points where you chose to drop a message.
When Glown sends you a push notification (e.g. when a friend beams you or drops a message for you), the notification content is briefly handled by Apple's Push Notification service (APNs) for delivery to your device. Apple does not retain the content of these notifications beyond what's needed to deliver them. Apple's privacy practices are described at apple.com/legal/privacy.
How long data is kept
- Individual neon messages expire automatically. The default is 24 hours. After expiry, messages are hidden immediately and removed from the server during regular cleanup.
- Hidden messages. If you "burn" a drop someone else sent you, it is hidden from your view immediately while remaining visible to the sender and any other recipients. The hide flag is stored against your row in the recipient table — it does not delete the underlying message.
- Your account data (profile, friendships, share code) is kept as long as your account exists.
- Reports are kept for up to 12 months to help identify patterns of abuse, then deleted.
Deleting your data
You can delete your entire Glown account from inside the app at any time. Open the GRID screen, scroll to the Danger Zone, tap Delete My Account, and confirm by typing DELETE.
When you do this, the following are permanently erased from Glown's servers:
- Your profile and share code
- Every neon message you have ever dropped or beamed
- Your friendships and friend requests (on both sides)
- Your blocked users list
- Your device push notification tokens
- Reports you have filed
- Your authentication record (email and login credentials)
This action cannot be undone. Glown does not keep a backup copy of deleted accounts.
Messages that other people dropped or beamed to you remain in their senders' accounts until they expire or those senders delete them. Glown cannot delete someone else's message on your behalf — you can, however, block the sender to stop seeing anything from them.
Your rights
If you're in the European Economic Area, the United Kingdom, or a similar jurisdiction, you have rights under the GDPR and similar laws, including the right to access, correct, delete, and export your data. If you're in Australia, you have similar rights under the Privacy Act 1988.
You can exercise all of these rights directly from the app (delete works immediately; export is available on request). You can also email us at the address below.
Children
Glown is not intended for children under 13, and under 16 in some jurisdictions. If you are below the minimum age in your region, please do not use Glown. If you're a parent or guardian and believe your child has created an account, email us and we'll delete it.
Changes to this policy
If this policy changes in a way that affects you, we'll update the "Last updated" date at the top and, for meaningful changes, notify active users inside the app before the new terms take effect.
Contact
You can reach us about anything in this policy — data requests, concerns, corrections — at:
[email protected]
Glown is operated by an Australian sole trader, ABN 52 606 397 297. Postal correspondence can be sent to the registered business address on record with the Australian Business Register.