[ privacy ] the short version
We can't see your data.
The design makes sure of it.
MyGlimpse has no account to sign up for, no analytics, no cookies, and no trackers. Your vault is encrypted on your phone and stays there. The app makes no network request on its own — nothing is uploaded, nothing phones home. The only time anything leaves your device is the moment you tap Share, and even then what leaves is a sealed blob nobody but the recipient can open. This page walks through every one of those edges, in plain words.
the best way to keep data safe is to never hold it.
[ 01 ] the app
It collects nothing, because there is nothing to collect.
There is no sign-up, no email, no login, no profile. The app does not measure how you use it, does not carry an analytics or advertising SDK, and does not have a server it reports back to. Everything you save is written to an encrypted database on the device and unlocked with the same fingerprint or face you use for the phone. The keys are made on the device, sealed in its secure hardware, and never leave it — we never have them, so we could not read your vault even if we were asked to.
- What we store about you
- Nothing. No account, no identifiers, no usage data, no crash telemetry sent to us.
- Where your secrets live
- Only on your phone, encrypted (the exact ciphers are on the technical page). If you make an export or a 24-word backup, that copy lives wherever you put it — also encrypted, also only yours.
- Device permissions
- The camera, only when you choose to photograph a secret, and only to store that photo encrypted in your vault. It is never uploaded. Biometric unlock uses the phone's own secure prompt; we never see the fingerprint or face.
[ 02 ] sharing a link
The one time something leaves your phone — and what it isn't.
When you share a glimpse, the app encrypts it on your device and sends only the ciphertext to a relay server. The key to open it is put in the part of the link after the #, which browsers never send to any server, so the relay holds a sealed blob it has no way to read. Your recipient's phone or browser is where it gets decrypted. The relay hands the blob out a fixed number of times — once, by default — then deletes it; anything left unopened is deleted within 24 hours.
- What the relay can read
- Nothing inside your secret. It only ever sees the encrypted blob, never the key.
- What it logs
- Ordinary operational logs to keep the service up — but deliberately no IP address, no device or browser identifier, and the share's code is stripped out before anything is written. There is nothing on it that could tie a share to a person.
- Who runs it
- By default, our relay. It is open source, so you can read exactly what it does, and you can run your own and point the app at it instead — then even the sealed blob only ever touches a server you control.
a server that can't read what it carries is a server that can't leak it.
[ 03 ] this website
No cookies. No analytics. No third-party anything.
The site you are reading is static pages with no JavaScript at all, so there are no cookies, no local storage, no fingerprinting, and no analytics or advertising scripts loading in the background — nothing here follows you home. We host our own fonts, so not even a font request goes to someone else. Like any web server, ours has to process the request needed to send you the page, but we build no visitor profiles and there is nothing to sell, because we don't collect it in the first place.
[ 04 ] the two normal footprints
Email and the app stores — the parts that aren't ours to make invisible.
- If you email us
- Writing to support@myglimpse.app or privacy@myglimpse.app means we receive your address and whatever you write, so we can answer. We use it for that and nothing else, and we don't add you to any list.
- When you install the app
- Downloading from the App Store or Google Play happens on their platforms, under their privacy terms, not ours. They may record the download the way they do for any app. Once installed, MyGlimpse still talks to no one on its own.
[ 05 ] your rights
There is almost nothing to request, and that's the point.
MyGlimpse is made by Converge, a product studio in Zagreb, Croatia, which is the data controller for the little described above. Because we hold no account and no personal data about you, the usual requests — show me my data, delete my data, export it — mostly have nothing to act on: your data was never with us to begin with, and your vault is already yours to export or erase from inside the app. If you have written to us by email, you can ask us to delete that correspondence at any time. Under the GDPR you can also complain to your local data protection authority; in Croatia that is AZOP.
[ changes ]
If this policy ever changes, the new version goes up here, in the same plain words, with the date below updated. There is no mailing list to notify because we don't have your email — so the page itself is the record. Last updated 8 July 2026.