# Glimmer Privacy Policy

Version: 2026-05-27
Last updated: 2026-05-27
Operator: MARQUE & CROWN INC., Ontario, Canada

## 1. Who We Are

Glimmer is operated by MARQUE & CROWN INC., an Ontario company. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use the Glimmer web app, product pages, account services, support channels, generation workflows, saved profiles, reusable workflows, templates, and related services.

In this policy, "Glimmer", "we", "us", and "our" mean MARQUE & CROWN INC. "You" means the person using Glimmer or the organization on whose behalf Glimmer is used.

## 2. Scope And Relationship To Other Terms

This policy applies to Glimmer's own services. It should be read together with the Glimmer Terms of Service and the Glimmer Consent Notice shown during registration or login. Third-party services, social platforms, app stores, payment providers, email providers, hosting providers, and OpenAI may also have their own terms and privacy practices.

## 3. What Glimmer Does

Glimmer helps users turn travel materials, ordinary photos, optional selfies, optional subject reference images, destination notes, style choices, prompts, and publishing preferences into ready-to-publish social posts, captions, workflows, and generated images.

Glimmer is not a biometric identity service, surveillance service, identity-verification service, or general face-recognition product. Optional subject references are creative generation references selected by the user for a workflow.

## 4. Key Privacy Points

When you start a generation workflow, Glimmer sends the selected prompt and selected image materials to OpenAI GPT Image / OpenAI image generation capabilities as generation reference input.

Glimmer does not use face recognition to identify you or another person. Glimmer does not create a biometric template, faceprint, face embedding, facial geometry profile, or face-recognition database. We do not sell face data.

One-off generation materials should not be retained long term by Glimmer unless they become part of a saved profile, generated work, workflow, template, log, or required record. If you save a subject profile, work, workflow, or template, the saved item remains available so you can reuse or manage it.

## 5. Information We Collect

We may collect or process the following categories of information, depending on how you use Glimmer:

- Account and login information, such as email address, session state, login codes, invite or test codes, consent version, locale, timestamps, and security events.
- Profile and preference information, such as style preferences, subject profile fields, publishing preferences, workflow settings, template choices, and saved project state.
- User content, such as uploaded photos, scene images, selfies, subject reference images, prompts, destination notes, captions, tags, generated works, feedback, and support messages.
- Generation and usage records, such as generation requests, workflow parameters, quota counters, rate-limit counters, audit events, error reports, moderation or safety signals, and provider request metadata.
- Device and technical information, such as browser type, device information, IP-derived request data, cookie or local-storage identifiers where used, service worker state, and basic diagnostics.
- Payment, billing, or subscription information if paid features are enabled. Payment card data should be handled by payment providers rather than stored directly by Glimmer.

## 6. How We Collect Information

We collect information directly from you when you create an account, log in, upload or select content, write prompts, save profiles or works, submit templates, contact support, or use generation features.

We also collect information automatically from the app and server infrastructure for security, abuse prevention, reliability, analytics if enabled, quota enforcement, and debugging. Some information may come from service providers that support login, hosting, storage, payments, generation, or security.

## 7. OpenAI GPT Image And Image References

Glimmer uses OpenAI API image generation and editing capabilities, including GPT Image models. When you click a generation action, Glimmer sends the selected prompt, selected image materials, and relevant workflow parameters to OpenAI as generation reference input for the request you initiated.

Selected images may include ordinary travel photos, scene materials, selfies, or subject reference images. Glimmer uses those materials to produce the requested creative output. Glimmer does not use them to verify identity, identify a person, enroll a biometric identifier, or build a face-recognition database.

OpenAI may process and temporarily retain API inputs and outputs under OpenAI API data controls, including for abuse monitoring or application-state needs where applicable. OpenAI states that API data is not used to train or improve OpenAI models by default unless the customer explicitly opts in.

## 8. Face References, Biometrics, And Likeness

Some user-selected images may contain a face or recognizable likeness. Glimmer treats those images as user content and creative references. Glimmer does not intentionally extract, store, or compare biometric identifiers from faces, such as faceprints, facial-geometry templates, or face embeddings.

If you save a subject profile or generated work, the saved image or output may remain in your account until you delete it or we delete it under retention rules. That saved content is not the same as a biometric database. You should not upload another person's image unless you have the rights and consent needed to use it for AI-assisted generation.

## 9. How We Use Information

We use information to:

- provide login, account, session, generation, saved-work, workflow, template, and profile features;
- send selected prompts and images to OpenAI or other necessary providers to complete user-initiated generation;
- store saved profiles, works, templates, workflows, and settings that you choose to keep;
- provide support, respond to requests, diagnose bugs, and maintain reliability;
- enforce quotas, payments, test-code access, rate limits, service rules, and provider policies;
- prevent fraud, spam, abuse, unauthorized access, security incidents, and misuse;
- comply with legal obligations, preserve records, resolve disputes, and enforce our terms;
- improve Glimmer's product experience, safety, quality, and operations.

## 10. Consent And Choices

By checking the legal acknowledgement box during registration, login, or another consent step, you confirm that you have read and agree to the current Privacy Policy, Terms of Service, and Consent Notice.

Some processing is necessary to provide Glimmer, such as account login, security logs, service messages, selected image generation, and saved-work storage when you choose to save content. Optional features can be avoided by not using them, deleting eligible saved materials, or contacting us for assistance.

You may withdraw optional consent, subject to legal, contractual, security, billing, dispute, and technical limits. Withdrawing consent for image generation means you should stop using features that require sending prompts or images to OpenAI.

## 11. Disclosure And Service Providers

We may disclose information to service providers that help operate Glimmer, including hosting, storage, email, authentication, security, analytics if enabled, payment processing, customer support, and OpenAI for image generation.

We may also disclose information when required by law, to protect rights and safety, to prevent fraud or abuse, to enforce our terms, to respond to lawful requests, or as part of a business transaction such as a merger, financing, restructuring, or sale of assets, subject to appropriate safeguards.

We do not sell personal information or face data.

## 12. Retention And Deletion

We keep personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is needed for legal, security, tax, billing, accounting, dispute, fraud-prevention, provider-policy, or enforcement reasons.

One-off generation materials should not be retained long term by Glimmer unless they become part of a saved subject profile, generated work, workflow, template, system log, security event, provider request record, billing record, legal record, or required operational record.

You may delete eligible saved materials where the app provides deletion controls, or contact us for help. Backup copies, security logs, audit trails, billing records, abuse-prevention records, and legal records may persist for a limited period where required or reasonably necessary.

## 13. Your Rights

Subject to applicable law and reasonable verification, you may request access to personal information we hold about you, correction of inaccurate information, export of eligible account or content data, deletion of eligible personal information, and information about how we use or disclose personal information.

You may also withdraw consent for optional processing, object to certain non-essential uses, unsubscribe from marketing where available, and ask questions about our privacy practices. If you are not satisfied with our response, you may have the right to contact the Office of the Privacy Commissioner of Canada or another applicable privacy authority.

## 14. Security Safeguards

We use administrative, technical, and organizational safeguards appropriate to the sensitivity of the information, including server-side API keys, access controls, rate limits, audit events, session controls, no-store responses for sensitive API calls, provider isolation, and operational monitoring.

No internet service can guarantee absolute security. You are responsible for keeping your login access secure, using content you have rights to use, and promptly reporting suspected unauthorized access.

## 15. Breach Handling

If we determine that a security breach involving personal information creates a real risk of significant harm, we will follow applicable PIPEDA breach reporting, notification, and record-keeping obligations. We may also take steps such as investigating the incident, limiting access, rotating credentials, preserving evidence, notifying affected users, and improving safeguards.

## 16. Service Messages, Marketing, And CASL

We may send necessary service messages such as login codes, account notices, security alerts, generation updates, quota notices, billing notices, and support replies. These messages are part of providing and protecting the service.

Commercial electronic messages, if any, will follow Canada's Anti-Spam Legislation (CASL), including consent, sender identification, and unsubscribe requirements where required. You can opt out of marketing messages without losing necessary service messages.

## 17. Children And Other People's Images

Glimmer is not intended for children under 13. Do not upload images of children or other people unless you have the rights and consent needed to use the image for AI-assisted generation and related saved workflows.

If we learn that we collected personal information from a child in a way that is not permitted, we will take reasonable steps to delete or restrict the information.

## 18. Cross-Border Processing

Glimmer and its service providers may process and store information in Canada, the United States, and other locations where our providers operate. Laws in those locations may differ from the laws where you live, and information may be accessible to courts, law enforcement, or regulators in those jurisdictions where legally required.

## 19. Cookies, Local Storage, And Analytics

Glimmer may use cookies, local storage, session storage, service worker caches, or similar technologies for login state, app preferences, offline behavior, security, diagnostics, and performance. If analytics are enabled, they should be configured to support product reliability and improvement while respecting this policy.

## 20. Changes And Contact

We may update this policy as Glimmer changes or legal requirements evolve. Material updates may be shown in the app, by email, or through another reasonable notice. Continued use after an updated policy takes effect means you accept the updated policy where permitted by law.

Questions, privacy requests, deletion requests, or legal notices can be sent to support@glimmers.cc.
