← Back

Privacy Policy

Last updated: March 16, 2026

About Glimmly

Glimmly is an educational game app designed for children aged 4–16. We take children's privacy extremely seriously. This policy explains exactly what data we collect, why we collect it, and how we protect it.

Glimmly complies with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), and Apple App Store / Google Play children's app requirements.

Data We Collect

Account Information

  • Display name — chosen by the player (e.g. “Ava”)
  • Age / age group — used to tailor difficulty and content
  • Avatar selection — the avatar emoji the player picks
  • Email address — if the player creates an account with email/password, or signs in with Google. Used solely for authentication and account recovery.
  • Password — if using email/password sign-in, stored as a secure one-way hash (bcrypt). Plain-text passwords are never stored or transmitted.
  • Google user ID — a unique identifier from Google, used to link your account across devices when signing in with Google.

Game Progress

  • XP (experience points) and level
  • Stars and coins earned
  • Avatar and theme selections
  • Per-game scores and session history

Subscription & Purchase Data

  • Whether the player has an active premium (ad-free) subscription — stored as a boolean flag on our server.
  • Receipt / purchase token from Apple App Store or Google Play, used solely to verify a valid subscription. We do not store full payment card details — billing is handled entirely by Apple / Google.

Advertising (Free Tier Only)

Free accounts see ads served by Google AdMob. Glimmly configures all ads with:

  • tagForChildDirectedTreatment: true — limits ad targeting to child-safe content under COPPA.
  • tagForUnderAgeOfConsent: true — applies GDPR protections for users under the age of consent.

With these flags set, AdMob does not use personalised/behavioural advertising and does not build ad profiles for players. Premium (ad-free) subscribers see no ads at all.

Device & Technical Data

We do not collect device identifiers, IP addresses, or crash/analytics data beyond what is automatically provided to us by the Apple App Store or Google Play developer consoles (e.g. crash reports, aggregate install statistics). We do not use any third-party analytics SDK (no Firebase, no Mixpanel, etc.).

Data We Do NOT Collect

  • Real name, address, phone number, or photo
  • Precise or approximate location
  • Contacts or address book
  • Microphone, camera, or biometric data
  • Browsing history or data from other apps
  • Persistent device identifiers for advertising (IDFA/GAID) — COPPA-blocked

How We Use Your Data

DataWhy we use it
Display name & avatarShow personalised in-app experience
AgeAdjust question difficulty and content appropriateness
Email / Google IDAuthenticate the account and sync progress across devices
XP, badges, scoresTrack learning progress and award achievements
Subscription statusUnlock ad-free experience for premium users
Purchase receipt/tokenVerify subscription with Apple / Google (one-time check)

We do not sell, rent, or share personal data with third parties for marketing.

Parental Consent (COPPA)

Glimmly is directed at children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Sign-in is optional — children can play as a guest without providing any personal information. If a child signs in with Google, a parent or guardian should supervise that process and ensure they consent to the account being used.

Parents or guardians may request to review, correct, or delete their child's data at any time by contacting us at glimmly.app@gmail.com.

Data Storage & Security

  • Data is stored on a secure server. All communication is encrypted via HTTPS/TLS.
  • Passwords are stored as secure one-way hashes (bcrypt) and are never stored in plain text.
  • Purchase receipts are validated and then only the resulting subscription status is retained.
  • We retain account data for as long as the account is active. Deleted accounts are purged within 30 days.

Third-Party Services

ServicePurposePrivacy Policy
Google Sign-In Optional account authentication policies.google.com/privacy
Google AdMob Child-safe ads (free tier) policies.google.com/privacy
Apple App Store iOS distribution & IAP billing apple.com/legal/privacy
Google Play Android distribution & IAP billing policies.google.com/privacy

No other third-party SDKs or services are used.

Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and all associated data
  • Object to processing or withdraw consent
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, email us at glimmly.app@gmail.com. We will respond within 30 days.

Changes to This Policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes that affect children's data will be communicated in-app.

Contact Us

If you have any questions or concerns about this privacy policy:

Email: glimmly.app@gmail.com
App: Glimmly — Shine & Learn!