← Back

Privacy Policy

Last updated: November 24, 2025

1. Introduction

Glimbug (“we,” “us,” or “our”) operates the beta testing feedback platform available at glimbug.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our service, in accordance with the Swiss Federal Act on Data Protection (FADP/nDSG) and the EU General Data Protection Regulation (GDPR).

By using Glimbug, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our service.

2. Data Controller

The data controller responsible for your personal data is:

Glimbug

Operated from Switzerland
Contact: Available via the contact form at glimbug.com

3. Data We Collect

3.1 Account Holders (Registered Users)

When you create an account, we collect:

  • Email address — Used for account identification, authentication, and service communications
  • Password — Stored in hashed form using industry-standard encryption (we never store plain text passwords)
  • Subscription and billing data — Your subscription tier, billing cycle, and payment status (payment card details are handled exclusively by Stripe and never stored on our servers)
  • Usage data — Number of projects, feedback submissions received, and storage used

3.2 Feedback Submitters (Testers)

When you submit feedback through a Glimbug feedback link (no account required), we collect:

  • Feedback content — Title, description, type (bug/proposal/question), and reproduction steps you provide
  • Screenshots — Any images you voluntarily attach to your feedback
  • Email address (optional) — Only if you choose to provide it for follow-up communication
  • IP address — Collected temporarily for rate limiting and abuse prevention purposes

3.3 Automatically Collected Data

  • Session data — Authentication tokens stored in cookies to keep you signed in
  • Local storage data — Draft feedback forms are temporarily saved in your browser to prevent data loss

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service provision — To create and manage your account, process feedback submissions, and deliver the core functionality of Glimbug
  • Billing and payments — To process subscription payments, manage billing cycles, and send payment-related notifications
  • Communication — To send service notifications (new feedback, billing alerts, security notices) based on your email preferences
  • Security and abuse prevention — To enforce rate limits, prevent spam, detect fraudulent activity, and protect our users and infrastructure
  • Service improvement — To understand usage patterns and improve our platform (we do not use third-party analytics services)
  • Legal compliance — To comply with applicable laws, regulations, and legal processes

5. Legal Basis for Processing

Under the GDPR and Swiss FADP, we process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR) — Processing necessary to provide our services, manage your account, and fulfill our contractual obligations to you
  • Legitimate interests (Art. 6(1)(f) GDPR) — Processing for security, fraud prevention, and service improvement, where our interests do not override your fundamental rights
  • Consent (Art. 6(1)(a) GDPR) — Where you have given explicit consent for specific processing activities, such as receiving optional email notifications
  • Legal obligation (Art. 6(1)(c) GDPR) — Processing required to comply with applicable laws and regulations

6. Third-Party Services and International Data Transfers

We use the following third-party service providers to operate Glimbug. These providers may process your data outside of Switzerland and the European Economic Area (EEA):

Supabase (United States)

Database hosting, user authentication, and file storage (screenshots). Supabase processes data under Standard Contractual Clauses (SCCs) for EU adequacy.

Stripe (United States)

Payment processing and subscription management. Stripe is PCI-DSS Level 1 certified and handles all payment card data. We only receive transaction confirmations and customer IDs, never card numbers.

Resend (United States)

Transactional email delivery (account confirmations, password resets, notifications). Receives only the email addresses necessary for delivery.

For transfers to the United States and other countries without an adequacy decision from the Swiss FDPIC or European Commission, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by applicable data protection law.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data — Retained while your account is active. When you delete your account, we delete or irreversibly anonymize your personal data in our application databases. However, some information may continue to be stored by our service providers (such as our payment processor) where they are legally required to retain it.
  • Feedback submissions — Retained until the project owner deletes them or until the account owner deletes their account, whichever occurs first.
  • IP addresses — Retained temporarily for rate limiting purposes (maximum 24 hours), then deleted or anonymized.
  • Payment records — Certain billing and transaction information is stored by our payment processor (Stripe) and retained as required by tax and accounting regulations. We do not store your full payment card details in our own systems.
  • Security logs — Retained for up to 90 days for security monitoring and incident investigation.

8. Your Rights

Under the GDPR and Swiss FADP, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of the personal data we hold about you.
  • Right to rectification — You can request correction of inaccurate or incomplete personal data.
  • Right to erasure — You can request deletion of your personal data. Account deletion can be performed directly from your profile settings, which deletes or irreversibly anonymizes your personal data in our application databases. Certain billing and transaction information may still be retained by our payment processor as required by law.
  • Right to data portability — You can request a copy of your data in a structured, machine-readable format. Use the Data Export feature in your profile settings to download your data instantly, or contact us if you need assistance.
  • Right to object — You can object to processing based on legitimate interests.
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time. You can manage your email notification preferences in your account settings.

To exercise these rights, please use the self-service options in your profile settings where available (such as Data Export and Account Deletion), or contact us using the contact form on our website for other requests. We will respond to your request within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.

We do not use your personal data for automated decision-making, including profiling, that produces legal or similarly significant effects for you.

9. Children's Privacy

Glimbug is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe we may have collected data from a child under 16, please contact us immediately.

10. Cookies and Local Storage

We use the following technologies to operate our service:

  • Essential cookies — Required for authentication and session management. These cannot be disabled as the service would not function without them.
  • Local storage — Used to save draft feedback forms in your browser, preventing data loss if you accidentally close the page. This data remains only on your device.

We do not use third-party tracking cookies, advertising cookies, or analytics services that track your activity across websites.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/HTTPS
  • Encryption of data at rest in our databases
  • Secure password hashing using industry-standard algorithms
  • Strong Customer Authentication (3D Secure) for payments
  • Rate limiting and abuse prevention mechanisms
  • Regular security reviews and updates

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated policy on this page with a new “Last updated” date. For significant changes affecting your rights, we will provide additional notice via email to registered account holders. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the contact form available at glimbug.com.

← BackTerms of Service →