Legal

Privacy policy.

What we collect, why, who we share it with, and how to remove it. Last updated 6 May 2026. We comply with the EU General Data Protection Regulation (Regulation 2016/679), the UK Data Protection Act 2018, and the California Consumer Privacy Act where it applies.

Who we are

“Glimpse”, “we”, “us” refers to the operator of this website and the autonomous trading desk it provides. Glimpse is currently operated as a private project by its founder. A formal corporate entity will be announced when registration is finalised; this page will be updated at that time with the registered name, jurisdiction, and address.

Privacy questions: privacy@glimpse.trading. We respond within 30 days.

What we collect

We collect the minimum we need to run the service, and nothing else.

  • Account. Email address. Optional name and country.
  • Exchange identifiers. Your Bybit and/or Toobit user ID, used to verify your account is registered under our affiliate code.
  • API access. Encrypted, trading-only API credentials you choose to provide. Decrypted only briefly in memory to place trades. Never logged.
  • Billing identifiers. Stripe customer and subscription IDs only. We never see or store card numbers — Stripe handles payment data directly.
  • Usage data. Pages viewed, error logs, basic device metadata. Only with your consent for non-essential analytics — see the cookie policy.

What we never see

Your card number. Your bank details. Your exchange password. Your withdrawal keys. We never have those because we are never sent them. Stripe handles payments. Your exchange handles authentication. Trading-only API keys cannot withdraw, transfer, or authenticate.

Why we collect it (legal basis)

  • Contract performance. Account, exchange identifiers, and API credentials are necessary to provide the service you signed up for. Article 6(1)(b) GDPR.
  • Legal obligation. Billing records and tax documentation are kept to comply with applicable tax law. Article 6(1)(c) GDPR.
  • Legitimate interest. Operational logs, error tracking, and necessary security cookies. Article 6(1)(f) GDPR. We balance these against your privacy and minimise what we keep.
  • Consent. Analytics and marketing cookies, transactional and product emails beyond essential service notifications. Article 6(1)(a) GDPR. You can withdraw consent at any time from the footer or the cookie policy.

Who we share it with

We use a small set of third-party processors to run the service. Each is bound by a Data Processing Agreement and processes data on our instructions only.

  • Supabase (Supabase, Inc., USA — EU SCCs in place) — hosting our database and authentication.
  • Stripe (Stripe Payments Europe Ltd., Ireland) — payment processing for paid plans.
  • Cloudflare (Cloudflare, Inc., USA — EU SCCs in place) — content delivery and DDoS protection.
  • Resend (Resend Inc., USA — EU SCCs in place) — transactional email delivery.
  • Bybit (Bybit Fintech Ltd.) and Toobit (Toobit Inc.) — order routing against your own exchange account, only when you connect.
  • Google Analytics (Google Ireland Ltd.) — anonymous usage measurement. Loaded only with your consent.

International transfers

Some of our processors are located in the United States. Where personal data leaves the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where applicable, the EU-US Data Privacy Framework. Copies of our SCCs are available on request.

How long we keep it

  • Account data. As long as you have an account, plus 90 days after deletion in case you want to restore.
  • Trade history. Indefinitely — it's your audit trail and our public track record. Anonymised after account deletion.
  • Billing records. Up to ten years, per applicable tax law.
  • Operational logs. 30 days.
  • Cookie preferences. 180 days, then we re-ask.

Your rights

Under the GDPR you have the right to access, correct, port, and delete your personal data. You also have the right to restrict processing, to object, and to withdraw consent. You can lodge a complaint with your national data-protection supervisory authority — every EU member state has one, and equivalents exist in the UK, EEA, Switzerland, and beyond.

To exercise any of these rights, write to privacy@glimpse.trading. We'll confirm receipt within five business days and complete the request within 30 days.

Children

Glimpse is not intended for use by people under 18. We do not knowingly collect personal data from children. If you believe a child has signed up, write to us and we will delete the account.

Cookies

See the dedicated cookie policy for the full list of cookies, who sets each one, what each does, and how to change your preferences at any time.

Data Protection Officer

For now, the founder acts as Data Protection Officer. You can reach the DPO at privacy@glimpse.trading. We'll appoint an external DPO once headcount or processing scale requires it under Article 37 GDPR.

Updates

We'll email registered users when this policy materially changes. Minor wording fixes are reflected in the “last updated” date at the top.

Contact

General: hello@glimpse.trading
Privacy: privacy@glimpse.trading
Security: security@glimpse.trading