Privacy Policy

Last updated: May 8, 2026

This is the privacy policy for Glown, a mobile application operated by an Australian sole trader (ABN 52 606 397 297). This policy explains what information Glown collects when you use the app, why, and what you can do about it.

Glown is built with the belief that private, small conversations between friends should stay private. This policy is designed to reflect that.

What Glown collects

Glown lets you send two kinds of messages: drops (geo-anchored neon signs at specific locations, viewable in AR or on the map) and beams (direct messages delivered as a takeover screen to a friend). To make the app work, Glown collects:

Your email address — required to sign in and identify your account.
Your display name — shown to your friends alongside the messages you drop or beam. Defaults to an anonymous identifier if you don't set one.
Your share code — a randomly generated 8-character code that lets friends add you without sharing your email or phone.
Your location — only when the app is open and only to (a) anchor neon messages you drop to real-world coordinates, and (b) show you nearby messages your friends have dropped near you. Glown does not track your location in the background and does not log your location history beyond the message anchor points you explicitly create.
The messages you send — for drops, the content (text, icon, color), the coordinates you chose, the recipients you selected, and the time they were created and expire. For beams, the content (text, icon, color), the recipient, and creation time. Beams have no location.
Your friendships and friend requests — who you're connected to, who's asked to connect, and who you've blocked.
Your push notification token — when you grant notification permission, Apple gives Glown a device-specific identifier we use to deliver push notifications. The token is stored on Glown's servers, tied to your account, and used only to send you notifications when friends send you messages. Tokens are removed when you sign out or delete your account.
Reports you file — if you report another user or a message, the report is stored with your identifier so we can investigate.

Glown does not access your photo library, microphone, contacts, calendar, or health data. The camera is used only for the live AR view and no camera images or video are stored, transmitted, or analyzed.

Sign in with Apple

If you sign in with Apple, Glown receives:

A stable Apple-provided identifier — used to recognize you across sessions and devices. The identifier is opaque and does not reveal your Apple ID or any other account data.
Your email address — either your real email, or a private relay address generated by Apple if you chose Hide My Email. Either way, Glown uses it the same way as a magic-link email: to identify your account and contact you about your account.

Glown does not receive your iCloud account, your contacts, your real name, or any other Apple account data. Glown does not request the Full Name scope. The Apple identifier is stored in our authentication system; we do not share it with third parties.

You can revoke Glown's access at any time from Settings → your name → Sign-In & Security → Sign in with Apple on your iPhone.

What Glown does NOT do

Glown does not sell your data to anyone. Ever.
Glown does not use third-party advertising networks.
Glown does not embed analytics SDKs that fingerprint your device or follow you across apps.
Glown does not track your location in the background.
Glown does not read, record, or transmit anything from your camera, photo library, or microphone.
Glown does not share the content of your messages with anyone except the recipients you explicitly chose.

Who sees your messages

When you drop or beam a neon message, you pick the friends who can see it. Only those friends see it — nobody else, including the Glown operator, reads the content of your private messages as part of normal operations.

The only exceptions are:

When another user reports your message for review, an administrator may read it to assess the report.
When legally required to comply with a lawful request from law enforcement (with a valid warrant or equivalent).
For technical incidents where a developer needs to inspect stored data to fix a bug. This access is logged.

Where your data is stored

Glown's backend runs on Supabase, a hosted database and authentication service. Your account data, messages, friendships, and reports live on Supabase's infrastructure. Supabase processes this data on Glown's behalf and is bound by its own published privacy terms. You can read Supabase's policy here: supabase.com/privacy.

Message location data is stored using PostgreSQL with PostGIS, using standard geographic coordinates (latitude/longitude). Nothing about your routes, movement patterns, or daily travel is stored — only the specific points where you chose to drop a message.

When Glown sends you a push notification (e.g. when a friend beams you or drops a message for you), the notification content is briefly handled by Apple's Push Notification service (APNs) for delivery to your device. Apple does not retain the content of these notifications beyond what's needed to deliver them. Apple's privacy practices are described at apple.com/legal/privacy.

Crash reports and non-fatal errors are sent to Sentry (hosted in the EU, Frankfurt) to help diagnose stability issues. Sentry receives the crash stack trace, device model, iOS version, and the sequence of in-app screens visited before the crash. Sentry does not receive your messages, your share code, your friend list, or your email address. Sentry's privacy policy: sentry.io/privacy.

How long data is kept

Individual neon messages expire automatically. The default is 24 hours. After expiry, messages are hidden immediately and removed from the server during regular cleanup.
Hidden messages. If you "burn" a drop someone else sent you, it is hidden from your view immediately while remaining visible to the sender and any other recipients. The hide flag is stored against your row in the recipient table — it does not delete the underlying message.
Your account data (profile, friendships, share code) is kept as long as your account exists.
Reports are kept for up to 12 months to help identify patterns of abuse, then deleted.

Deleting your data

You can delete your entire Glown account from inside the app at any time. Open the GRID screen, scroll to the Danger Zone, tap Delete My Account, and confirm by typing DELETE.

When you do this, the following are permanently erased from Glown's servers:

Your profile and share code
Every neon message you have ever dropped or beamed
Your friendships and friend requests (on both sides)
Your blocked users list
Your device push notification tokens
Reports you have filed
Your authentication record (email and login credentials)

This action cannot be undone. Glown does not keep a backup copy of deleted accounts.

Messages that other people dropped or beamed to you remain in their senders' accounts until they expire or those senders delete them. Glown cannot delete someone else's message on your behalf — you can, however, block the sender to stop seeing anything from them.

Your rights

If you're in the European Economic Area, the United Kingdom, or a similar jurisdiction, you have rights under the GDPR and similar laws, including the right to access, correct, delete, and export your data. If you're in Australia, you have similar rights under the Privacy Act 1988.

You can exercise all of these rights directly from the app (delete works immediately; export is available on request). You can also email us at the address below.

California residents

If you're a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete it, the right to correct it, and the right to opt out of any sale or sharing of personal information.

Glown does not sell your personal information. Glown does not share your personal information with third parties for cross-context behavioral advertising. There is nothing to opt out of, because Glown does not engage in either practice.

You can exercise your access, deletion, and correction rights directly from inside the app (delete works immediately; access and correction can be requested by emailing [email protected]). Glown will not discriminate against you for exercising these rights.

Children

Glown is not intended for children under 13, and under 16 in some jurisdictions. If you are below the minimum age in your region, please do not use Glown. If you're a parent or guardian and believe your child has created an account, email us and we'll delete it.

Changes to this policy

If this policy changes in a way that affects you, we'll update the "Last updated" date at the top and, for meaningful changes, notify active users inside the app before the new terms take effect.

Contact

You can reach us about anything in this policy — data requests, concerns, corrections — at:

[email protected]

Glown is operated by an Australian sole trader, ABN 52 606 397 297. For postal correspondence, please email [email protected] first and we will provide a current correspondence address.