Privacy Policy

Effective date: March 24, 2026 · Gliiph LLC · Missouri, USA

1. Overview

Gliiph LLC ("Gliiph," "we," "us," or "our") operates gliiph.com. This Privacy Policy explains what information we collect, how we use it, and what rights you have. We built Gliiph on a zero-knowledge architecture — meaning the content of your secrets is encrypted in your browser before it reaches our servers, and we are technically unable to read it.

2. Information We Collect

2.1 Information you provide

  • Email address — collected when you create a paid account or request a magic link to sign in.
  • Logo image — collected if you are a Brand plan subscriber and upload a logo. Stored securely via Vercel Blob Storage.
  • Payment information — processed directly by Lemon Squeezy. We do not store your credit card number or billing details on our servers.

2.2 Information we do NOT collect

  • The content of your secrets. It is encrypted client-side and we have no access to the plaintext.
  • The decryption key. It lives in the URL fragment (#) and is never transmitted to our servers.
  • IP addresses associated with secret creation or viewing.

2.3 Automatically collected information

Vercel, our hosting provider, may collect standard server logs including IP addresses and request metadata as part of normal infrastructure operation. We do not collect or log IP addresses at the application level, and we do not use infrastructure log data for profiling or analytics.

3. How We Use Your Information

We use your email address to:
  • Send you a magic link to sign in to your account.
  • Manage your subscription and communicate billing-related updates.
  • Respond to support requests you initiate.
We do not sell your personal information. We do not use your information for advertising.

4. Data Storage and Security

  • Secrets are stored in Upstash Redis with a Time-To-Live (TTL). They are automatically and permanently deleted when they expire or are viewed, whichever comes first.
  • All secrets are encrypted using AES-256-GCM before being stored. We store only ciphertext.
  • Account data (email, plan, subscription status) is stored in Upstash Redis.
  • Logo files are stored in Vercel Blob Storage. Filenames are hashed and do not contain identifying information.
  • Session tokens are stored in secure, httpOnly cookies.

5. Third-Party Services

We use the following third-party services:
  • Vercel — hosting and infrastructure.
  • Upstash — Redis database for temporary secret and session storage.
  • Resend — transactional email delivery for magic links.
  • Lemon Squeezy — payment processing and subscription management.
Each of these providers has their own privacy policy governing their data practices.

6. Data Retention

  • Secrets — deleted automatically upon viewing or expiration. No copies are retained.
  • Account data — retained for the duration of your account. You may request deletion at any time by contacting us.
  • Session tokens — expire after 30 days.

7. Abuse Reporting

If you receive a suspicious or harmful link via Gliiph, contact us at legal@gliiph.com and we will immediately and permanently delete it from our servers.

8. Your Rights

You have the right to:
  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and associated data.
To exercise any of these rights, contact us at privacy@gliiph.com.

9. Children

Gliiph is not directed at children under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify subscribers of material changes via email. Continued use of Gliiph after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy, contact us at:

Gliiph LLC
Missouri, USA
privacy@gliiph.com