Privacy Policy for Glyph Museum App

Effective Date: September 29, 2025 Last Updated: September 29, 2025

1. Introduction

This Privacy Policy describes how Glyph Museum App (“we,” “our,” or “us”) collects, uses, and protects your personal information when you use our mobile application (the “App”). We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Data Controller Information

Developer: pauwma (Pau Muñoz) Contact Email: contact+glyphmuseum@pauwma.com Jurisdiction: Spain, European Union

3. What Information We Collect

3.1 Account Information (When You Sign In)

When you create an account using OAuth providers, we collect:

  • Display name (from your OAuth profile)
  • Email address (from your OAuth profile)
  • Avatar/profile picture URL (from your OAuth profile or user-provided)
  • Unique user identifier (generated by the OAuth provider or user-chosen)
  • OAuth provider type (Google, GitHub, Discord, X/Twitter)

3.2 Profile Information

  • User handle (@username, automatically generated or user-chosen)
  • Bio/description (optional, user-provided)
  • Social media links (optional, user-provided)
  • Profile creation and update timestamps

3.3 App Usage Data

  • Glyph patterns you create or upload
  • Posts you publish (title, description, tags, glyph data)
  • Likes you give to other posts

3.4 Local Device Data

  • Frame assignments (which posts you assign to glyph frames)
  • Frame configurations (stored locally on your device)
  • App settings (stored locally on your device)
  • Authentication tokens (for maintaining your session)

4. How We Use Your Information

We use your information to:

  • Provide App functionality: Enable you to create, share, and manage glyph patterns
  • Manage your account: Authenticate your identity and maintain your profile
  • Enable social features: Display your profile to other users and manage interactions
  • Ensure App security: Prevent misuse and protect against unauthorized access
  • Improve the App: Understand how features are used (without personal identification)
  • Communicate with you: Respond to your inquiries and provide support

Under the General Data Protection Regulation (GDPR), our legal bases for processing your data are:

  • Contract performance: To provide the App services you’ve requested
  • Legitimate interests: To improve App functionality and security
  • Consent: For optional features like social media links (you can withdraw consent anytime)

6. Data Storage and Security

6.1 Data Storage

  • Cloud Storage: Your profile and app data are securely stored using Supabase server (compliant with EU data protection standards)
  • Local Storage: Some data (frame settings, preferences) is stored locally on your device
  • Data Location: Your data is processed and stored in accordance with GDPR requirements

6.2 Security Measures

  • Encryption: All data transmission uses HTTPS encryption
  • Authentication: Secure OAuth 2.0 with PKCE flow for mobile security
  • Access Controls: Strict access controls limit who can access your data
  • Regular Security Updates: We maintain up-to-date security practices

7. Data Sharing and Third Parties

7.1 We Do NOT Share Your Data With:

  • Advertising networks
  • Analytics companies
  • Marketing companies
  • Data brokers
  • Any third parties for commercial purposes

7.2 We DO Work With:

  • OAuth Providers (Google, GitHub, Discord, X/Twitter): Only to authenticate your identity
  • Legal Authorities: Only when required by law

8. Your Rights Under GDPR

As an EU resident, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: For data processed based on consent

To exercise these rights, contact us at: contact+glyphmuseum@pauwma.com

9. Data Retention

  • Account Data: Retained while your account is active
  • Profile Information: Retained while your account is active
  • User-Generated Content: Retained until you delete it or close your account
  • Usage Data: Retained for legitimate business purposes
  • Deleted Account: All personal data is permanently deleted within 30 days

10. Children’s Privacy

The App is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately. Parents who believe their child has provided information to us should contact us at: contact+glyphmuseum@pauwma.com

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. When we transfer data outside the EU, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

12. Offline Functionality

Some App features work offline using data stored locally on your device:

  • Glyph pattern creation and editing
  • Frame configurations and displays
  • App settings and preferences

This local data is not transmitted to our servers unless you explicitly save or publish content.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the “Last Updated” date
  • Significant changes will be communicated through the App
  • Continued use of the App after changes constitutes acceptance

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: contact+glyphmuseum@pauwma.com Subject Line: Privacy Policy Inquiry

For GDPR-related requests, please include “GDPR Request” in the subject line and specify which right you wish to exercise.

Data Protection Officer: Not applicable (small-scale processing) Supervisory Authority: Agencia Española de Protección de Datos (AEPD) - Spain