Glider Privacy Policy

Effective:  ·  Last updated:

1. Who we are

Glider ("we," "us," or "our") is an independent travel-planning and trip-collaboration mobile application. Glider is not affiliated with, endorsed by, or sponsored by Apple Inc. This Privacy Policy applies to all users of the Glider mobile app and this website, regardless of location.

For all privacy questions, data requests, or complaints, contact us at glidertravelapp@gmail.com. We will acknowledge requests within 5 business days and fulfil verified requests within 30 days.

2. Data we collect

We collect only data that is strictly necessary to provide Glider's features. We do not collect data speculatively or for undefined future purposes.

a) Account data
Your email address and a Supabase-generated unique user ID. Required to create, authenticate, and manage your account. Without this we cannot provide the service.

b) Trip content (user-generated)
Itineraries, bookings, checklist items, expense amounts, group contributions, decisions, and notes or messages you create inside a trip. Stored and synced so you and your explicitly invited collaborators can access it across devices. You own this content; we process it solely to deliver the service to you.

c) Precise location — foreground and background
With your explicit permission via iOS system prompts, we access your GPS coordinates while the app is open (foreground) and, when separately enabled, while the app is running in the background. Used for map views, nearby place discovery, destination weather, and in-trip context features. This permission is entirely optional. You can revoke it at any time:

d) Contacts
Accessed only when you explicitly tap an invite or share feature. We read contact information on-device solely so you can choose who to invite. We do not copy, upload, or store your contacts on our servers. To revoke: iOS Settings → Privacy & Security → Contacts → Glider → toggle off.

e) Security data
We use Cloudflare Turnstile (a CAPTCHA service) during sign-in. Turnstile processes browser environment signals to distinguish human users from bots. This data is governed by Cloudflare's Privacy Policy and is not linked to your Glider identity. Our backend retains short-lived rate-limit logs (IP address, timestamp, endpoint) for abuse prevention, automatically purged within 30 days.

f) Local device storage
Glider stores cached app state and offline-pending data on your device to maintain functionality without network access. This data is not transmitted to third parties and is removed when you uninstall the app.

3. How we use your data

We process your data exclusively for the following purposes. We will not use your data for any purpose not listed here without updating this policy and, where required by law, obtaining your consent first.

• Service delivery: Authenticating your session, storing and syncing your trip content, and enabling collaboration with people you invite.
• Location features: Powering map, weather, and place-discovery features you have explicitly enabled.
• Security and abuse prevention: Protecting your account and our infrastructure from unauthorised access, spam, and automated abuse.
• Service communications: Responding to support requests and, where legally permitted, notifying you of material changes to this policy.

We do not use your data for advertising, behavioural profiling, sale to third parties, or training AI/ML models.

4. Third-party data sharing

We do not sell, rent, trade, or otherwise disclose your personal data to third parties except as described below. All third-party processors are bound by data processing agreements and are only permitted to use data for the purposes we specify.

• Supabase, Inc. — cloud database and authentication. Stores your account data and trip content. Supabase Privacy Policy.
• Cloudflare, Inc. — network security and CAPTCHA (Turnstile). Processes security telemetry during sign-in only. Cloudflare Privacy Policy.

We may disclose personal data if required by law or valid legal process (e.g. a court order), or to protect the rights, property, or safety of Glider, our users, or others. We will notify affected users where legally permitted.

If we add new processors, we will update this policy before those processors handle any user data.

5. Tracking and advertising

Glider does not track you across other companies' apps or websites. We have no advertising SDK, no analytics SDK, and no data-broker relationships. Our App Store privacy label "Data Used to Track You" is set to None. We do not access or use Apple's Advertising Identifier (IDFA).

6. Data retention

• Account and trip data: Retained while your account is active. Permanently deleted within 30 days of a verified deletion request.
• Security / rate-limit logs: Automatically purged within 30 days. Not linked to your identity after purge.
• Local device cache: Controlled by you. Cleared when you uninstall the app or clear app data in iOS Settings.

We do not retain personal data beyond these periods. When data is no longer needed for the purpose it was collected, it is securely deleted.

7. Security

We implement industry-standard technical and organisational measures to protect your data, including: encrypted connections (TLS 1.2+) for all data in transit; Supabase row-level security and access controls for data at rest; Cloudflare network-level protections; and the principle of least privilege — only code and personnel that require access to perform their function are granted it.

No electronic transmission or storage method is 100% secure. If a data breach occurs that affects your personal data, we will notify you as required by applicable law and will take prompt remedial action.

8. Children's privacy

Glider is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal data from children below these ages. If you believe a child has provided us personal data without appropriate parental consent, contact us at glidertravelapp@gmail.com and we will delete it promptly.

9. Your rights

Regardless of your location, you have the following rights over your personal data. To exercise any right, email glidertravelapp@gmail.com with "Privacy Rights Request" in the subject line. We will respond within 30 days and will never discriminate against you for exercising these rights.

• Access: Receive a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request permanent deletion of your account and all associated personal data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Withdrawal of consent: Where processing is based on your consent, withdraw it at any time without penalty.

10. EU/EEA users — GDPR

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies.

Legal basis for processing:

• Contract performance (Art. 6(1)(b)): Account data and trip content — necessary to deliver the service you signed up for.
• Legitimate interests (Art. 6(1)(f)): Security logs and abuse prevention — our legitimate interest in maintaining service integrity, which does not override your rights.
• Consent (Art. 6(1)(a)): Foreground and background location — collected only after you grant explicit permission via iOS system prompts. You may withdraw consent at any time.

International data transfers: Your data may be stored or processed in the United States by Supabase and Cloudflare. These transfers are made under appropriate safeguards including Standard Contractual Clauses (SCCs). You may request details by contacting us.

Right to complain: You have the right to lodge a complaint with the supervisory authority in your EU/EEA member state if you believe we have processed your personal data unlawfully.

11. California residents — CCPA/CPRA

If you are a California resident, the CCPA and CPRA grant you the following rights:

• Right to Know: The categories and specific pieces of personal information collected, the purposes, and whether it is sold (it is not).
• Right to Delete: Request deletion of your personal information, subject to limited legal exceptions.
• Right to Correct: Request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioural advertising.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the service.
• Right to Non-Discrimination: We will not deny, charge differently for, or provide reduced service because you exercised a privacy right.

Categories collected in the past 12 months: Identifiers (email, user ID); precise geolocation; internet/network activity (security logs); user-generated content (trip data); financial information (expense amounts). None of this data is sold.

To submit a CCPA/CPRA request, email glidertravelapp@gmail.com with "CCPA Privacy Request" in the subject line.

12. Changes to this policy

We may update this policy when we change our data practices, add new features, or when laws require it. When we make material changes, we will update the "Last updated" date above and notify you within the app. Your continued use of Glider after the updated effective date constitutes acceptance of the revised policy.

13. Contact

For all privacy questions, data requests, or complaints:
Glider — glidertravelapp@gmail.com

If you are unsatisfied with our response, you may contact your local data protection authority (EU/EEA) or the California Privacy Protection Agency (California).