Privacy policy

This policy explains what data Glyphy collects, how we use it, who we share it with, and the choices you have. Plain English — and we'll keep it that way.

Glyphy is operated by Glyphy, Inc., a Delaware corporation ("Glyphy," "we," "us"). For any privacy question or request, email legal@glyphy.tv.

Information we collect

• Account info. Email address (for magic-link sign-in), display name, role (viewer / creator / admin), and any creator-profile fields you choose to add (bio, logo, banner, tool tags, channel link).
• Content you upload. For creators: film files, titles, descriptions, prices, posters, trailers, and processing metadata (duration, asset IDs, the AI tools you tag).
• Purchases and payouts. Which films you bought, when, and how much. For creators receiving payouts, your Stripe Connect account identifiers (Stripe collects and holds your bank and identity details — we never see them).
• Originality attestation. The timestamp and policy version recorded each time a creator confirms ownership at upload.
• Activity. Watch history, reactions, and comments you create on the Service.
• Technical and log data. IP address, browser/user-agent, and event logs — used for security, fraud prevention, and audit (including the IP and user-agent captured at policy acceptance).
• ShotBible inputs. Screenplay or script text you submit to the ShotBible tool, processed to generate your shot list and prompts.
• Messages. Anything you email us.

How we use your data

• To run the Service — host and stream films, process purchases, pay creators, and show your library, history, and follows.
• To secure the Service and prevent fraud and abuse.
• To respond to you and send transactional email (magic links, receipts, release notifications you opted into, DMCA acknowledgements), and to provide support.
• To comply with legal obligations (tax, accounting, lawful requests, DMCA).
• To maintain and improve the Service.

We don't use your data for third-party advertising, and we don't sell it.

Legal bases (EU/UK users)

Where the GDPR or UK GDPR applies, we process your data to perform our contract with you (providing the Service), for our legitimate interests (security and improving the Service), to comply with legal obligations, and — where required — with your consent, which you can withdraw at any time.

Who we share it with

We share the minimum data necessary with vendors who process it on our behalf:

• Supabase — database, authentication, and stored images (posters, logos, banners).
• Mux — video processing and streaming.
• Stripe — payments and creator payouts. Stripe handles your card and bank details directly under its own privacy policy; we store only identifiers.
• Resend — transactional email delivery.
• Vercel — application hosting and delivery.
• Cloudflare — DNS and email routing for our domain.
• Anthropic— powers ShotBible. Script text you submit is sent to Anthropic for processing; we don't resell or republish it.

We may also disclose data when required by law, to enforce our Terms, to respond to a valid DMCA or legal request, or to protect the rights and safety of our users and the public. If Glyphy is involved in a merger, acquisition, or sale of assets, data may transfer as part of that transaction.

Cookies and tracking

We use a single essential first-party cookie to keep you signed in (your authentication session). We don't use third-party advertising or cross-site tracking cookies. Because we don't track across sites, we treat a browser "Do Not Track" signal as already satisfied.

Data retention

We keep your data while your account is active. When you delete your account we remove personal data within 30 days, except where law requires us to keep records longer (for example, financial and tax records, and DMCA notices). De-identified, aggregate data may be kept indefinitely.

Security

We protect your data with industry-standard measures: encrypted connections (HTTPS), access controls, and reputable infrastructure providers. No system is perfectly secure, but we work to keep yours safe and will notify you of a breach where the law requires.

International transfers

Glyphy is operated from the United States, and our providers are primarily US-based. If you access the Service from outside the US, your data is processed in the US under appropriate safeguards (such as Standard Contractual Clauses where applicable).

Your rights

Wherever you are, you can ask us to access, correct, or delete your account data by emailing legal@glyphy.tv. We aim to respond within 30 days.

EU/UK (GDPR). You have the right to access, rectify, erase, restrict, port, and object to processing of your data, and to lodge a complaint with your local data-protection authority.

California (CCPA/CPRA).You have the right to know, delete, and correct your personal information, and to opt out of its sale or sharing. We don't sell or share your personal information, and we won't discriminate against you for exercising any right.

Children

Glyphy is for users 18 and over. We don't knowingly collect data from children under 13 (COPPA). If you believe a child has provided us data, email legal@glyphy.tvand we'll delete it.

Changes

When we change this policy we'll update the version stamp at the top of this page. Material changes may also be announced by email.

Contact

Questions or data requests: legal@glyphy.tv.