Glim Privacy Policy

Effective Date: September 1, 2025

Policy Version: 1.0

Plain-Language Summary

Privacy by design. We do not keep VPN activity logs (no browsing history, DNS queries, content of communications, or linkable timestamps).
BVI jurisdiction. NetAI LTD. is incorporated in the British Virgin Islands (BVI). For non-BVI requests, we require recognition and transfer under applicable BVI procedures and respond only to the minimum extent required by law.
Minimal data, service-only. We collect only what’s necessary to run and secure the Service (e.g., account email, limited transaction metadata from app stores, device/app version, per-account aggregate bandwidth totals). No third-party ads, no in-app ad trackers.
Subscriptions, not data. We earn from your subscription—not from selling or “sharing” personal data for advertising.

1. Our Commitment to Your Privacy

1.1 Philosophy

At NetAI LTD., privacy is the core of Glim. Our systems are built to minimize data collection and avoid retaining VPN activity. This Policy explains what we process, why, and for how long—using plain, verifiable terms.

1.2 No-Logs for VPN Activity (with operational clarity)

We do not create or retain VPN usage logs that could tie activity to a person. Specifically, we do not log: websites/services visited, destination IPs, DNS queries, contents of communications, precise connection timestamps, session durations, your source IP, or the VPN IP assigned to you.

Operational note. To route traffic and operate the network, certain parameters (e.g., your device’s source IP and the assigned VPN IP) may exist transiently in memory during an active session. They are not persisted and are cleared when the session ends. This does not change our no-logs commitment.

1.3 BVI Legal Framework (measured statement)

NetAI LTD. is incorporated in the British Virgin Islands. For non-BVI requests, we require recognition and transfer under applicable BVI law and procedures. We verify scope and legality and, where disclosure is required, respond on a minimum necessary basis.

1.4 About the Name “NetAI LTD.”

We use on-device intelligence to improve routing (e.g., Smart Mode/Orbits). We do not train models on user personal data or traffic content. Any pre-built lists/models are designed to run locally on your device and do not require uploading your content.

1.5 Smart Mode & Orbits

Coarse-grained split: Classifies domestic vs. international/service traffic using local resources to balance speed and access.
Fine-grained (Orbits): On-device grouping of related domains into a “Service,” enabling per-service routing rules. Content is not inspected.
Sync (optional): If you enable cross-device sync, we may store your own rules (domain + chosen region) in your account configuration via encrypted transport for your use only. You can turn sync off or delete rules at any time; we complete deletion within 30 days.
Controls: You can pause/disable Orbits or switch to Global Mode anytime.

2. Scope

This Policy covers the Glim mobile apps (iOS/Android), the website (e.g., glim.cc and subdomains), and communications with our team (support, technical assistance, and general inquiries). Third-party platforms (Apple/Google app stores) and providers (e.g., Cloudflare, Oracle Cloud) process data under their own policies.

3. Information We Process (and What We Don’t)

We collect the minimum necessary to create, maintain, and secure the Service.

3.1 Personal Data You Provide

Account & Login: Email address (for account creation, one-time login codes, essential service notices). Email delivery via trusted email provider(s). You may also sign in with Apple or Google (we receive your email; their policies apply).
Payments (in-app): Limited transaction metadata (date/time, amount, currency, provider transaction ID) for subscription lifecycle, accounting, and anti-fraud. Purchases are processed by Apple/Google under their terms and privacy policies. We do not see or store full card numbers or detailed billing data. If Glim introduces website checkout in the future, a vetted payments processor (e.g., Stripe) may be used and will be listed here.
Support: Your email and message content when you contact us (managed via a vetted helpdesk provider). Please avoid sharing unnecessary sensitive data.

3.2 Service, Connection & Feature Data

Device/App info: Device model, OS version, Glim app version for compatibility and troubleshooting.
Aggregate bandwidth totals (per account): For fair-use and abuse prevention. Aggregated by billing/operational cycle; not used for profiling and not stored indefinitely.
Preferred country: We may store your preferred country (not a specific server ID) to sync across devices.
Approximate region (optional): To suggest the nearest/fastest node, your approximate region may be inferred locally from IP. If server-side calculation is needed, it is momentary for that session; we do not store precise geolocation (GPS/Bluetooth/Wi-Fi scans).
Feature personalization (Orbits rules): If sync is enabled, only your rules (domain + region) are stored in your account config (encrypted in transit) for cross-device consistency; you can disable sync or delete rules anytime (deletion completed within 30 days).

We do not collect: Browsing history, destination IPs, DNS queries, contents of communications, or any on-device analytics for ads. The Glim app uses no tracking cookies or ad SDKs. Our website uses only essential cookies (e.g., session/language); no third-party ad/analytics tags.

4. GDPR Legal Bases (if applicable)

Data Category	Purpose of Processing	Processor(s)	Legal Basis
Email address	Account creation, login codes, essential service notices	Email delivery provider; Apple/Google (if used to sign in)	Contract (performance of a contract)
Email address (marketing)	Product news/offers (with easy unsubscribe)	Email delivery provider	Consent where required; otherwise Legitimate Interests
Payment transaction data	Subscription management, accounting, anti-fraud	Apple; Google	Contract and Legal obligation
Support communications	Issue resolution, troubleshooting, service quality	Helpdesk provider	Legitimate Interests
Device/App info; bandwidth totals; preferences	Service functionality, reliability, and fair-use	N/A	Legitimate Interests
Orbits rules (if sync enabled)	Cross-device consistency of your routing preferences	N/A	Legitimate Interests

5. Sharing & Service Providers

5.1 No Selling/No “Sharing” for Ads

We do not sell personal data and do not “share” it for cross-context behavioral advertising (as defined under CPRA). We do not integrate third-party ad or remarketing SDKs.

5.2 Processors & Infrastructure

We use vetted providers under data-protection agreements: email delivery provider, helpdesk provider, Apple/Google (in-app payments & sign-in), and infrastructure/network partners (e.g., Cloudflare, Oracle Cloud, data center providers). If Glim introduces website checkout in the future, a vetted payments processor (e.g., Stripe) may be added here. Providers process only what’s necessary to perform contracted services. This list may evolve; material changes will be reflected in Policy updates.

5.3 Other Disclosures (rare)

Legal requirements: We verify scope and legality, respond minimally, and require BVI procedures for foreign requests.
Business transfers: In a merger/acquisition, data may transfer under equivalent protections with notice where required.
Fraud/security: Limited sharing to prevent harm or enforce terms.

6. Your Rights

GDPR/EU/UK: Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where relied on).
California (CCPA/CPRA): Right to know, delete, correct; right to opt-out of sale/sharing (not applicable—we do neither); non-discrimination.

How to exercise: Email support@glim.cc or use the in-app Help Center (“Data Request” / “Delete Account”). We verify requests (e.g., email verification) and generally respond within 30 days, as required by law.

7. Children’s Privacy

Glim is not intended for children under 13. Individuals aged 13–15 should only use Glim with parental/guardian consent. In the EU/UK, individuals under 16 should use Glim only with parental/guardian consent. If you believe a child has provided data, contact us for prompt deletion.

8. Security Measures

We apply administrative, technical, and physical safeguards, including encryption in transit and at rest (where applicable), least-privilege access, separated secrets management, monitoring, and periodic reviews. No system is perfectly secure; if you suspect misuse, contact support@glim.cc immediately.

9. Data Retention

Account data: Kept while your account is active. Upon verified deletion request, we delete/anonymize within 30 days, unless law requires otherwise.
Support tickets: Retained while the account is active and up to 2 years thereafter (or earlier upon request).
Transactions: Retained for legal/tax obligations (typically 5–7 years); where feasible, we remove personal identifiers and keep anonymized records.
Bandwidth totals & operational metrics: Reset/aggregated per operational cycle; not retained indefinitely or used for profiling.
Optional diagnostics: If you voluntarily submit redacted logs for troubleshooting, we use them only for that purpose and delete when no longer needed.

10. International Transfers

We may process data on servers outside your country (e.g., U.S., EU, Asia). For EU/UK users, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum (IDTA), to ensure an adequate level of protection. Regardless of location, we handle personal data in line with this Policy.

11. Legal Requests & Warrants

We disclose personal data only in response to a valid legal order recognized under BVI law and procedures, after verifying scope and legality, and only to the minimum extent required. Because we do not keep VPN activity logs that could tie activity to a person, we typically have no such records to provide. Where applicable, we may provide basic account or transaction/support information.

12. Cookies & “Do Not Track”

The Glim app uses no tracking cookies or ad analytics. Our website uses only essential cookies (e.g., session/language). We do not engage in cross-site tracking; behavior is effectively the same whether DNT is enabled.

13. Changes to this Policy

We may update this Policy. For material changes, we will provide advance notice (e.g., in-app notice, email, or a website banner) before the new terms take effect. The Effective Date above reflects the latest version.

14. Contact Us

Email: support@glim.cc

Mail: NetAI LTD., Intershore Chambers, Road Town, Tortola, British Virgin Islands