Privacy Policy
Effective date: 2026-05-21 (auth-provider list reduced to Apple + Google; §12 third-party-services restated with explicit non-affiliation disclaimer)
This Privacy Policy describes how Glass Prompter ("Glass Prompter," "we," "us," "our") collects, uses, and discloses information when you use our website at glassprompter.com (the "Site"), our iOS mobile app (the "App"), and any related services (collectively, the "Service").
By using the Service you acknowledge this Policy. If you disagree, do not use the Service.
1. Who we are and how to reach us
Glass Prompter is operated by Edi Simon, a sole proprietorship ("persoană fizică autorizată") established in Romania, European Union. For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar laws, Edi Simon (trading as Glass Prompter) is the data controller of the personal data described below.
- Privacy questions, access requests, deletion requests, and
GDPR/CCPA rights requests:
privacy@glassprompter.com - Security disclosures:
security@glassprompter.com - Legal notices:
legal@glassprompter.com - Postal address for formal legal correspondence: available on
written request to
legal@glassprompter.com.
We do not currently have a designated EU representative under GDPR Art. 27 because we are established in the EU. If that changes we will publish their contact here.
2. Information we collect
We deliberately collect as little as possible. There are five sources of personal data:
2.1 Account identity
You can sign in with Apple or Google. In each case the identity provider returns a stable user identifier and (if you allow it) your name, email address, and profile picture URL. If you choose Apple's Hide-My-Email feature, we only see the Apple relay address. We store the returned identity record in Supabase as your account row. We do not store your identity-provider password. That account is managed entirely by Apple or Google respectively. If you later choose to sign in with a different provider using the same email address, the providers are linked to the same Glass Prompter account.
2.2 Script content
Scripts you create are stored in our database encrypted at rest with AES-256-GCM using a per-script data-encryption key (DEK). The DEKs are themselves wrapped by a key-encryption key (KEK) held server-side as an environment secret on Vercel and never written to the database or to logs. Our server decrypts scripts only to provide product features that you ask for, such as rendering them in the dashboard, displaying them on your glasses during a session, exporting your data, or running an account deletion. This is encryption at rest, not end-to-end encryption. A compromised Glass Prompter server, or a court order to us, could decrypt your scripts; we cannot truthfully promise otherwise.
2.3 Session metadata
When you cast a script to your glasses we store the session id, the
script id, your cursor position (which line you're on), and a
device identifier for the glasses webview. We do not record
audio, transcripts of your speech, or your camera. Speech
recognition runs on-device on your iPhone via Apple's
SFSpeechRecognizer with requiresOnDeviceRecognition = true; the
audio never leaves your phone.
2.4 In-App Purchase record
If you upgrade to Glass Prompter Pro we record the Apple StoreKit transaction id, product id, entitlement status, and any refund/revocation state. Glass Prompter Pro is a one-time non-consumable In-App Purchase, not a subscription. There is no recurring billing, no renewal, and no trial. The signed transaction (JWS) is kept for entitlement verification. We do not see your payment method. That is handled entirely by Apple's In-App Purchase system.
2.5 Server logs and security telemetry
Our hosting providers automatically capture short-lived request logs (IP address, user-agent, timestamps, path, status code) for abuse and incident response. We do not correlate these logs with account identifiers for product analytics. Error reports sent to Sentry are scrubbed of personally identifiable information before transmission.
2.6 Anonymous usage events
To understand whether the Service is working, including how many people pair their glasses, cast a script, finish a session, encounter an error, we record a small set of anonymous usage events in our own database. We deliberately built this in-house rather than using a third-party analytics product so that no usage data leaves our servers.
What we record:
- What happened: an event name from a short fixed list (e.g.
pair_start,pair_complete,cast_start,cast_end,script_create,app_open,screen_view,error_shown). - When it happened: a timestamp.
- Counts and durations only: number of slides in a script, number of words, slides advanced, session duration in seconds, HTTP status code, font / colour preference choice, screen name from a fixed list. By technical design, free-form text from your scripts cannot reach this table: every field is validated against a number / boolean / fixed-enum allowlist on the server, so even a misbehaving client cannot push content here.
- Your account id: so we can compute distinct-user metrics (e.g. monthly active users). This is the same internal UUID we already store on your account; it is never linked to advertising identifiers and never sold or shared.
What we never record:
- The text of your scripts, your script titles, folder names, or anything else you typed.
- Your speech, your camera, or your microphone.
- Your IP address or precise location (these stay only in the short-lived request logs in §2.5).
- Identifiers from third-party trackers.
You can see your own usage events at any time by emailing
privacy@glassprompter.com. Deleting your account erases all of
your events.
We do not collect: contact lists, photos, precise location, ad identifiers, third-party tracker identifiers, behavioural-advertising data, or biometric data.
3. What we do not do
To remove ambiguity:
- We do not sell or "share" personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).
- We do not use your scripts, audio, or any other content to train, fine-tune, or evaluate machine-learning or AI models, ours or anyone else's.
- We do not use cookies for advertising, profiling, or cross-site tracking. The Site uses only the strictly-necessary cookies required to maintain your authenticated session.
- We do not use any third-party analytics, advertising, or attribution SDK (no Google Analytics, no Mixpanel, no Amplitude, no Segment, no Facebook SDK, no Firebase). The anonymous usage events described in §2.6 are stored only in our own database.
- We do not perform automated decision-making with legal or similarly significant effects on you (GDPR Art. 22).
- We do not show targeted advertising.
- We do not send marketing emails. The only emails we send are transactional (e.g. deletion confirmation, security notice).
4. Legal bases for processing (GDPR)
For users in the EU, EEA, UK, or Switzerland, we rely on the following legal bases under GDPR Art. 6:
| Processing | Legal basis |
|---|---|
| Account creation, sign-in, sync | Performance of a contract (Art. 6(1)(b)) |
| Storing and rendering your scripts | Performance of a contract (Art. 6(1)(b)) |
| Casting to your glasses and tracking cursor | Performance of a contract (Art. 6(1)(b)) |
| Pro purchase verification and entitlement gating | Performance of a contract (Art. 6(1)(b)) |
| Anonymous usage events (§2.6), service health | Legitimate interests (Art. 6(1)(f)) |
| Security logs, abuse prevention, fraud defence | Legitimate interests (Art. 6(1)(f)) |
| Compliance with tax, accounting, legal requests | Legal obligation (Art. 6(1)(c)) |
| Establishing or defending legal claims | Legitimate interests (Art. 6(1)(f)) / Art. 9(2)(f) |
You may object to processing based on legitimate interests by
emailing privacy@glassprompter.com. If we cannot demonstrate a
compelling override, we will stop the processing.
5. How information is shared
We share information only with the recipients below, each strictly to operate the Service. The role column reflects how the recipient acts with respect to your data:
| Recipient | Purpose | Role with respect to your data | Region |
|---|---|---|---|
| Apple Inc. | Sign in with Apple, App Store purchases, IAP | Independent controller / service provider (its own terms) | United States |
| Google LLC | Sign in with Google (when you choose this) | Independent controller (its own terms) | United States |
| Vercel Inc. | Web hosting and serverless API runtime | Processor (acts on our instructions) | United States |
| Supabase Inc. | Postgres database, authentication, file storage | Processor / sub-processor | United States |
| Cloudflare Inc. | DNS, edge TLS termination, R2 backup storage | Processor / sub-processor | Global |
| Functional Software, Inc. (Sentry) | Error reporting (PII-scrubbed) | Processor / sub-processor | United States |
Apple and Google process data for their respective sign-in flows under their own published privacy terms, and each acts as an independent controller for that activity. We only see the identity record they hand back to us after you authorise the sign-in. Vercel, Supabase, Cloudflare, and Sentry act on our documented instructions under written data-processing agreements meeting the requirements of GDPR Art. 28.
We will update this list when we add or replace a recipient and note the change on this page; in some cases we will also notify account holders by email.
Outside of these sub-processors, we disclose personal data only:
- with your specific consent;
- to comply with applicable law, court orders, lawful government requests, or to enforce our Terms of Service;
- to protect the rights, property, or safety of Glass Prompter, our users, or the public; or
- in connection with a merger, acquisition, financing, or sale of all or substantially all of our assets, in which case we will bind the acquirer to terms at least as protective as this Policy and notify affected users in advance to the extent feasible.
6. International data transfers
Most of our infrastructure is in the United States. When personal data of users in the EU, EEA, UK, or Switzerland is transferred to the United States we rely on:
- the EU–US Data Privacy Framework where the recipient is
self-certified (Vercel, Supabase, Cloudflare, Sentry; verify at
dataprivacyframework.gov); and - the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) as a fallback transfer mechanism for any transfer not covered by the DPF.
We have assessed the risk of these transfers and concluded the
combination of contractual safeguards plus our minimisation and
encryption practices is appropriate. You can request a copy of the
relevant transfer impact assessment by emailing
privacy@glassprompter.com.
7. Your rights
You have the following rights regardless of jurisdiction. Where a specific regime (GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPEDA, etc.) grants you more, we honour the stronger right.
- Access: download a copy of your data via Settings → Account → "Export my data." The export is a JSON document containing your profile, decrypted scripts, folder structure, paired-device metadata, session history, Pro purchase record, and an audit log.
- Delete: erase your account and all associated data via
Settings → Account → "Delete my account." This is irreversible and
cascades through scripts, sessions, paired devices, pairing codes,
audit logs, and your authentication record. Glass Prompter Pro is
a one-time purchase, not a subscription, so there is nothing to
cancel with Apple. We revoke your Pro entitlement immediately and
refunds remain Apple's process at
reportaproblem.apple.com. - Correct: edit scripts in-app at any time; email
privacy@glassprompter.comto update a stored email or name. - Object or restrict: email
privacy@glassprompter.com. - Portability: the export above is in standard JSON.
- Withdraw consent: where any processing is based on your consent, you may withdraw that consent at any time by deleting your account or by emailing us. Withdrawal does not affect the lawfulness of processing already carried out, or processing based on another legal basis (e.g. contract or legal obligation).
- Lodge a complaint: you may complain to your local data
protection authority. EU residents can find theirs at
edpb.europa.eu. For Romania the authority is ANSPDCP. UK residents can complain to the ICO atico.org.uk.
California rights (CCPA/CPRA). California residents may request (i) the categories and specific pieces of personal information we have collected, (ii) the categories of sources and the business purpose, (iii) the categories of third parties with whom we share it, (iv) deletion of personal information, and (v) correction of inaccurate personal information. We do not sell or "share" personal information as those terms are defined under CCPA/CPRA and therefore do not offer a "Do Not Sell or Share My Personal Information" link. We do not offer financial incentives for personal information. We will not discriminate against you for exercising these rights. You may use an authorised agent; we will verify both your identity and the agent's authority before responding.
California notice at collection. In the past 12 months we have collected the following categories of personal information for the purposes described in Sections 2 and 3:
| Category (CCPA) | Examples | Source | Purpose | Retention |
|---|---|---|---|---|
| Identifiers | Apple user identifier, account email (incl. relay email) | You via Apple | Account creation, sign-in, sync | Until account deletion |
| Customer records | Display name (if provided) | You via Apple | Personalisation | Until account deletion |
| Commercial information | Pro purchase transaction id, product id, status | Apple StoreKit | Purchase verification, entitlement gating | 7 years (Apple/tax compliance) |
| Internet or other electronic network activity | IP address, user-agent, request timestamps | Your device | Security, abuse prevention | 30 days |
| Geolocation data | Coarse country/region inferred from IP only | Your device | Security, abuse prevention | 30 days |
| User-generated content | Scripts, folder names, cursor position | You | Service operation | Until account deletion |
| Internet / electronic network activity (in-app) | Anonymous event names + counts + durations (§2.6) | Your device | Service health and product improvement | 1 year |
| Inferences | None drawn | — | — | — |
We do not collect "sensitive personal information" as defined by CPRA (e.g. social security number, geolocation precise to within 1,850 feet, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, mail/email/text contents not directed to the business, sex life or sexual orientation, citizenship or immigration status, health data). The on-device speech recognition does not transmit audio or transcripts to us, so no biometric or audio data is collected.
Both the export and delete flows require re-authentication within the last five minutes to prevent a stolen session from triggering them. We respond to verifiable rights requests within 30 days (GDPR) or 45 days (CCPA), extendable once for complex requests as the law allows.
8. Retention
| Data | Retention |
|---|---|
| Account record + scripts | Until you delete your account. |
| Folder structure | Until you delete your account. |
| Active session row | Until the session ends; row retained for history. |
| Pairing codes | Expire 10 minutes after issue; expired rows are deleted at least once daily by a scheduled purge. |
| Glasses device tokens | Until you unpair the device. |
| Pro purchase transaction record | 7 years (tax and Apple audit obligations). |
| Server access logs (no PII linkage) | 30 days. |
| Sentry error reports | 90 days. |
| Audit log (decrypt + export events) | Up to 1 year, then deleted by a scheduled purge job. |
| Anonymous usage events (§2.6) | Up to 1 year, then deleted by a scheduled purge job. |
| Deletion proof record | Indefinite (HMAC-hashed; cannot be linked back). |
| Off-site encrypted backups (production) | 30 days rolling (GPG/AES-256 encrypted). |
| Off-site encrypted backups (staging) | 3 days rolling (rehearsal-only; staging holds no real user data). |
| Supabase-managed point-in-time backups | Per Supabase plan retention, currently 7 days. |
After deletion, residual copies may remain in encrypted backups until the backup window rolls forward, but those backups are not restored except in a disaster recovery scenario.
9. Children
The Service is not directed to children under 13 (or the higher
minimum age of digital consent in your jurisdiction, e.g. 16 in some EU
states), and we do not knowingly collect personal information from
them. If you believe a child has registered, email
privacy@glassprompter.com and we will delete the account and any
associated data promptly.
10. Security
- All traffic is TLS 1.2+ over HTTPS.
- Script content is encrypted at rest with AES-256-GCM via an envelope-encryption scheme (per-script DEK wrapped by a server-held KEK).
- Database access is restricted with Postgres Row-Level Security so that one user cannot read another user's rows, even if our application logic has a bug.
- Service-role keys never leave the server runtime.
- We take a daily off-site encrypted backup of the production database (GPG with AES-256, retained 30 days), in addition to the point-in-time backups Supabase maintains on its side.
- We monitor application errors via Sentry with PII-scrubbing applied before each event leaves the runtime (no user ids, emails, IP addresses, or auth tokens are transmitted).
No system is perfectly secure. If we determine a personal-data
breach has occurred we will notify the competent supervisory
authority without undue delay and, where feasible, within 72 hours
of becoming aware of it, as required by GDPR Art. 33. If the breach
is likely to result in a high risk to your rights and freedoms we
will also notify you directly without undue delay (GDPR Art. 34),
or by other means of public communication where direct notice would
involve disproportionate effort. If you discover a vulnerability,
email security@glassprompter.com; we welcome coordinated
disclosure.
11. Business transfers
If Glass Prompter is involved in a merger, acquisition, financing, reorganisation, or sale of all or substantially all of its assets, personal data may be transferred as part of that transaction. We will require the acquirer to honour the commitments in this Policy or to provide you with prior notice and a meaningful opportunity to delete your account before the transfer takes effect.
12. Third-party services
The App relies on Apple iOS and on the Meta AI companion app for pairing with Meta Ray-Ban Display smart glasses. Glass Prompter is an independent app and is not affiliated with, endorsed by, sponsored by, or otherwise authorized by Meta Platforms, Inc., Ray-Ban, EssilorLuxottica, or Apple Inc. "Meta", "Ray-Ban", "EssilorLuxottica", and "Apple" are trademarks of their respective owners and are used here only to describe interoperability. Once data is handed to those third-party services it is governed by their respective privacy policies. We are not responsible for the privacy practices of Apple, Meta, EssilorLuxottica, or any other third party.
13. Changes to this Policy
We will post material changes here and update the effective date. For material changes we will provide notice at least 14 days in advance via the Service or by email. Continued use of the Service after the effective date of a change constitutes acceptance of the updated Policy. If you do not agree, your remedy is to stop using the Service and delete your account.
14. Contact
For any question about this Policy or about how your data is
handled, email privacy@glassprompter.com. We aim to respond
within 5 business days and at most within the windows required by
applicable law.