Last revised: 13 April 2026
SHAYBI Ventures (“Glimp”, “we”, “us”, or “our”) is the data controller responsible for personal data processed in connection with the Services described in this Privacy Policy, unless we state otherwise (for example, where a partner acts solely as controller for a specific program).
Registered address: Ajman Free Zone, United Arab Emirates.
Address: B.C. 1305404
Telephone: +971 50 502 1479
Email: info@glimp.app
For data protection inquiries, regulatory correspondence, or to exercise your rights, contact us using the email or telephone above.
Glimp offers an augmented reality (AR) experience: you can scan printed images and view AR video overlays. This policy applies to the Glimp mobile app and related web services we operate (for example, post-purchase upload flows and account or order tools tied to your purchase).
This Privacy Policy explains how we collect, use, store, and protect information when you use our app and these services (together, the “Services”). By using the Services, you agree to this Privacy Policy.
Some content stays on your phone unless you choose to share it—for example, AR recordings or videos you save locally. Other activity may be sent to us or our providers as described below (analytics, crash data, and any upload or sync flows you start).
When you use our web-based upload or post-purchase experience, you may submit images and videos so we can create AR targets and related experiences. Those files are uploaded to cloud storage (Google Firebase Cloud Storage) and are processed in the cloud; they are not limited to your device. We may also store related metadata (for example, progress or AR target information) in databases such as Google Cloud Firestore.
Fulfillment of your order may include a personal upload link tied to an order identifier. We may load order-related data from Shopify (for example, line items or quantities) through our systems to power the upload experience and fulfillment. Shopify acts as a service provider for e‑commerce and order-related processing.
If you use Glimp as an employee or for event or admin workflows, we may process workforce account data, which can include email, user identifiers (UID), role, and assignment or event-related data. Sign-in may use Firebase Authentication. Event-related or operational uploads may be stored and processed in a manner similar to customer uploads, for operational and fulfillment purposes.
We create AR targets using Vuforia (PTC). Image and related data may be sent to PTC / Vuforia for AR target creation and management. Metadata associated with targets may include information needed to play video overlays in the app.
By uploading images, videos, or other content, you confirm that you have the rights and permissions needed to provide that content to us and to have it processed as described in this policy (including creation of AR targets and use of subprocessors). You should not upload content that infringes others’ intellectual property, privacy, or other rights. If you upload content relating to other people, you are responsible for obtaining any consent or authority required under applicable law.
Depending on where you live, we must have a lawful basis to process personal data. We rely on one or more of the following, as applicable:
If we ask for sensitive categories of data where local law requires a separate basis, we will identify that basis at collection.
| Type | Purpose |
|---|---|
| Personal and order-related data | Respond to inquiries; fulfill orders; provide upload links; build and deliver AR experiences |
| Uploads (images/videos) | Store in cloud storage; process server-side (including Cloud Functions); create and update AR targets (including via Vuforia) |
| Firestore and backend records | Track upload or order progress; store AR target metadata and related operational data |
| Non-personal info | Improve features; optimize AR experience; monitor crashes; analyze usage |
| Firebase Analytics / Crashlytics | Monitor app performance; detect bugs and crashes |
| Firebase Authentication (where used) | Authenticate employees or authorized users for internal or event tools |
The app may request access to:
OS permission prompts and device settings are part of how you control access. Where the law requires consent for certain processing, we align with platform rules and applicable requirements.
Our Services use software development kits (SDKs) and related technologies (which may use cookies, local storage, device identifiers, or similar mechanisms on web or in-app) to provide core functionality, analytics, and crash reporting—for example, Firebase Analytics and Firebase Crashlytics.
These technologies may collect identifiers and usage events as described in this policy and in providers’ documentation. On mobile, you can often limit tracking or reset advertising identifiers through your device settings (for example, Apple’s “Ask App Not to Track” or Android advertising settings, where available). On web, you may control cookies through your browser; if we deploy a cookie banner or preference center for a specific site, we will use it where required.
For regions where consent is required before non-essential analytics or tracking, we rely on consent mechanisms permitted by the platform and law, or on another valid legal basis where applicable. Please ensure your App Store / Google Play privacy labels and in-product disclosures match what you actually collect (including Firebase and uploads)—they should align with this policy.
We do not sell your personal information. We share data only as needed to run the Services, as described in this policy, or when required by law. Examples include legal requests and business transfers (for example, merger or acquisition).
The table below summarizes key providers and categories of data involved. This is a high-level summary, not an exhaustive list of every subprocessor contract.
| Provider | Role | Category of data (examples) |
|---|---|---|
| Google / Firebase (Authentication, Cloud Storage, Firestore, Cloud Functions, Analytics, Crashlytics) | Cloud infrastructure, authentication, storage, server-side processing, analytics, crash reporting | Account identifiers; uploads; metadata and operational records; usage and diagnostic data |
| Shopify | E‑commerce and order fulfillment; order data for upload and purchase-linked flows | Order identifiers; line items; quantities; related fulfillment data |
| PTC / Vuforia | AR target creation and management | Images and related data for targets; metadata for overlays and playback |
| Amazon Web Services (AWS) (where applicable) | Hosting or infrastructure supporting our services | Data processed by our applications on AWS, as configured |
We retain information only as long as needed for the purposes described here and as permitted by law. Indicative periods below are non-binding examples; actual retention depends on your case, product, legal requirements, and technical limits.
We may delete, erase, disable, or restrict access to data when required or permitted by law, or for legitimate operational, security, legal, or business reasons—such as abuse prevention, security incidents, storage or cost limits, service or vendor changes, end of a product lifecycle, or alignment with retention rules. We are not obligated to retain data longer than needed for these purposes and our legal obligations (including to consumers and data subjects under applicable law). Where feasible and where the law requires notice, we will provide it.
Nothing in this Privacy Policy is intended to override mandatory consumer protection or data protection rules in your jurisdiction. Where the law gives you rights to access, correct, delete, or restrict processing, we honor those requests in line with Section 9.
Exact retention can vary by product, region, and request; contact us for questions about a specific dataset.
AR recognition and video overlays depend on data we and our subprocessors store and process (for example, uploaded images or videos, AR targets, and related metadata). If we delete or disable that data—whether because you asked us to, because a retention period ended, to comply with law or regulatory requests, for security or operational reasons, as described under “Our right to delete data,” or because a third-party service removed or expired data—the corresponding experience in the app may stop working. Physical prints, packaging, or other items are unchanged, but scanning them may no longer produce the intended AR effect.
We do not guarantee that any print or AR target will function indefinitely. Fulfilling a valid deletion request, or deleting data as described in this policy, may be necessary for privacy or legal compliance and can make related AR features unavailable. That outcome is an expected consequence of removing the underlying data, not a defect in the physical product.
Depending on your location, you may have the following rights regarding your personal data (subject to exceptions under law):
To exercise these rights, contact info@glimp.app. We may need to verify your identity. For requests involving cloud uploads, AR target data, or purchase-linked information, we may ask for proof of order (for example, order number or receipt) so we can locate the correct data without disclosing it to the wrong person.
Deletion and AR functionality. If we honor your deletion request (or delete overlapping data we are required or permitted to remove), AR targets, uploads, or metadata tied to that data may no longer work, including for prints you already have. You understand that asking us to delete data can end the related AR experience, and you accept that trade-off when you request erasure. We will not refuse a valid deletion request solely because AR would stop working afterward, except where we must retain specific information by law.
This policy describes our privacy practices and is not legal advice. For limitations of liability, refunds, and product warranties, see your purchase terms or contact us.
The Services are not directed at children under 13 (or the higher age required by your country’s laws for valid consent to online services). We do not knowingly collect personal information from children under that age.
If you are a parent or guardian and believe your child has provided us personal information, or if you have concerns about minors’ data, please contact us at info@glimp.app and we will take steps to delete such information where required by law.
Your information may be processed in countries other than your own—including the United Arab Emirates, the United States, the European Union, and other locations where we or our subprocessors operate.
Where personal data originating in the EEA, UK, or Switzerland is transferred to countries not recognized as providing an adequate level of protection, we rely on mechanisms such as the EU Commission’s standard contractual clauses (SCCs), the UK Addendum or equivalent, or other lawful transfer tools, and we enter into data processing agreements with vendors (including Google Cloud / Firebase and others) that incorporate appropriate safeguards as required by law.
Providers publish their compliance materials (for example, Google’s Data Processing Terms and transfer mechanisms). You may request more detail about safeguards by contacting us.
We use technical and organizational measures designed to protect your information. No method of transmission or storage is completely secure.
Access to some upload or progress features may depend on knowing an order-related identifier or a unique link. Treat upload links as private—do not post them in public channels. Anyone who obtains such a link or identifier may be able to use parts of the flow associated with it.
We may update this Privacy Policy from time to time. We will post the current version on this page and update the “Last revised” date. If we make material changes, we will provide notice as appropriate (for example, through the app, email where we have your address, or a prominent notice on our site).
SHAYBI Ventures — Glimp
Ajman Free Zone, United Arab Emirates
Address: B.C. 1305404
Telephone: +971 50 502 1479
Email: info@glimp.app