Privacy Policy

Last updated: April 23, 2026

Glyphward ("we", "our", "us") operates glyphward.com. This page explains what data we collect, why, and how you can control it.

1. What we collect

• Email address — when you join the waitlist or sign up, so we can contact you about the product.
• Scanner uploads (images and audio) — what you paste or upload to the free scanner and API. See Section 6 for how long we keep the bytes.
• Detector features — perceptual hashes, OCR strings, CLIP embeddings, and audio fingerprints we compute from your uploads so the corpus compounds.
• Usage data — pages you visit, buttons you click, API endpoints hit, response codes. Used to improve the product, never sold.
• Device info — browser type, screen size, approximate location (country level) inferred from IP.
• Communications — emails you send us and our replies.

We do not collect: government IDs, health data, precise location, payment card numbers (Stripe handles those for paid plans), or information from children under 16. We do not use scanner uploads to train third-party language or vision models, and we do not sell the corpus.

2. Why we collect it

• To provide the service you signed up for.
• To notify you about product updates (you can opt out at any time).
• To fix bugs and improve features based on aggregate usage patterns.
• To comply with legal obligations (tax records, anti-fraud, etc.).

3. Who we share with

We share the minimum necessary data with these categories of processors:

• Email delivery (e.g. Resend) — to send you emails.
• Payment processing (e.g. Stripe) — if you upgrade to a paid plan. We never store your card details.
• Analytics — only aggregate, anonymised website traffic.

We do not sell your data. Ever. We do not share it with advertisers.

4. Cookies

We use a minimal set of first-party cookies for session management. No third-party tracking cookies. If you disable cookies, some features (like staying logged in) won't work, but browsing stays functional.

5. Your rights

Under GDPR (if you're in the EU) and similar laws elsewhere, you have the right to:

• Access — request a copy of everything we have on you.
• Correction — ask us to fix incorrect data.
• Deletion — ask us to delete your data ("right to be forgotten"). We'll comply within 30 days unless legally required to retain (e.g. tax records).
• Portability — get your data in a machine-readable format.
• Objection — opt out of any processing based on legitimate interest.

Email privacy@glyphward.com to exercise any of these rights.

6. Data retention

• Free-tier scanner uploads — raw image and audio bytes are discarded within 60 seconds of the scan completing. We keep only the perceptual hash and detector features (no reversible reconstruction of the original file).
• Paid-tier scanner uploads — you choose: day-1 deletion (default), or 30-day opt-in retention if you need compare reports. Settings live in your account.
• Account data — kept while your account is active, plus 90 days after deletion for backup recovery.
• Waitlist entries — deleted after 2 years of inactivity.

7. Security

Data is encrypted in transit (HTTPS) and at rest. Access is limited to the people who need it to operate the service. We are not perfect; if a breach affects you, we will notify you within 72 hours.

8. International transfers

Our servers are in the EU. If you access the service from outside the EU, your data may be transferred to and processed in the EU — which has strong privacy laws.

9. Changes

We'll update this page if material things change. If we do, we'll notify registered users by email at least 14 days before the change takes effect.

10. Contact

Questions? Email privacy@glyphward.com. We reply within 2 business days.