Privacy

Privacy Policy

Effective Date: December 4, 2025

Glambu Limited («we», «us», or «our») respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our luxury dating platform, including the website at https://glambu.com (the «Website») and our related mobile application (the «App») (collectively, the «Service»).

The Service is operated by Glambu Limited, a company incorporated in England and Wales with company number 16877178, having its registered office at 3rd Floor Suite 207, Regent Street, London, England, W1B 3HH. Our email address is [email protected].

We are the Data Controller for the personal data we process through the Service, in compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) (for EU users), and the Data Protection Act 2018.

By accessing or using the Service, you acknowledge that you have read this Policy.

1. Information We Collect

We collect personal data to provide, improve, and secure the Service.

1.1 Data You Provide

  • Account Information: Email address, password, username, date of birth, gender, and search preferences (e.g., age range, location) provided during registration.

  • Profile Data: Photos, bio, education, occupation, lifestyle details, and relationship goals.

  • Special Category (Sensitive) Data: You may choose to provide data revealing your sexual orientation, religious beliefs, ethnicity, or political opinions in your profile or search filters. By providing this information, you explicitly consent to our processing of this sensitive data for the purpose of providing matchmaking services.

  • Communication Data: The content of messages, chats, and interactions sent to other users.

  • Payment Data: Billing details (e.g., cardholder name, partial card number) for subscriptions. We do not store full credit card numbers. Transactions are processed by PCI-DSS compliant third-party providers (e.g., Stripe, Google Pay, Apple Pay).

  • Verification Data: Government-issued ID (e.g., passport/driver’s license), «selfie» photos, or proof of address provided for Know Your Customer (KYC) or age verification purposes.

1.2 Data Collected Automatically

  • Usage Data: IP address, device type, operating system, browser type, pages viewed, time spent, swipes, matches, and login history.

  • Location Data: General location (city/country) derived from IP address. Precise GPS location is collected only with your explicit permission via the App settings.

  • Device Fingerprinting: We collect technical attributes (screen size, font lists, battery level) to generate a device ID for fraud prevention and security, specifically to detect bot networks and multiple account abuse.

  • Biometric Data: If you use our «Selfie Verification» feature, our service provider analyses facial geometry to match your selfie against your profile photos or ID. This biometric template is used solely for immediate verification and is permanently deleted immediately after the check is completed. We do not build a facial recognition database.

2. How We Use Your Information

We process your data for specific purposes and rely on the following legal bases:

  • To Provide and Operate the Service: We use your data to create accounts, facilitate matching, deliver messages, and process payments.

    • Legal Basis: Contractual Necessity.

  • Safety, Moderation, and Verification: We monitor for prohibited content (e.g., solicitation, harassment), verify age, and detect fraud to ensure a safe environment.

    • Legal Basis: Legitimate Interests & Legal Obligation (e.g., Online Safety Act 2023).

  • Improvement and Analytics: We analyze usage trends and user behavior to improve our algorithms, features, and platform performance.

    • Legal Basis: Legitimate Interests.

  • Personalization: We use your activity and preferences to recommend relevant profiles and improve your matching experience.

    • Legal Basis: Legitimate Interests.

  • Marketing: We may send you newsletters, special offers, or promotions (you may opt-out at any time).

    • Legal Basis: Consent.

  • Legal Compliance: We process data to comply with applicable laws, including Anti-Money Laundering (AML) regulations, tax obligations, and court orders.

    • Legal Basis: Legal Obligation.

  • Processing Sensitive Data: We process data revealing sexual orientation, ethnicity, or beliefs solely for the purpose of matching you with compatible users.

    • Legal Basis: Explicit Consent (Article 9 UK GDPR).

3. How We Share Your Information

We do not sell your personal data. We share data only in these specific circumstances:

  • Service Providers: We share data with trusted third parties who process data on our behalf, including:

    • Hosting: AWS (Amazon Web Services).

    • Payments: Stripe, Apple, Google (for processing fees).

    • Verification: Third-party identity verification partners (e.g., for age/ID checks).

    • Analytics: Google Analytics (anonymized).

    • These providers are bound by strict Data Processing Agreements (DPAs).

  • Other Users: Your public profile (username, photos, bio, age, city) is visible to other users. Your email and billing data remain private.

  • Law Enforcement & Authorities: We may disclose data if required by law, such as to comply with the Modern Slavery Act 2015, Online Safety Act 2023, or valid subpoenas. We report indicators of human trafficking or child exploitation to the NCA (National Crime Agency) and relevant NGOs.

  • Payment Dispute Defense (Chargebacks): In the event of a payment dispute or chargeback, we reserve the right to share strictly relevant evidence with the bank or payment processor, including IP access logs, chat timestamps, and proof of account usage, to demonstrate that the service was provided.

  • Business Transfers: If Glambu Limited is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction.

4. Your Data Protection Rights

Under UK and EU GDPR, you have the right to:

  1. Access: Request a copy of the data we hold about you.

  2. Rectification: Correct inaccurate or incomplete data.

  3. Erasure («Right to be Forgotten»): Request deletion of your account and data. Note: We retain certain data (e.g., transaction history, banned account identifiers) where required by law or for safety.

  4. Restriction: Pause processing of your data in certain disputes.

  5. Objection: Object to processing based on «legitimate interests» (e.g., direct marketing).

  6. Portability: Receive your data in a structured, machine-readable format.

  7. Withdraw Consent: Withdraw consent for sensitive data processing (this may result in account closure if the service cannot function without it).

To exercise these rights, email: [email protected]. We verify all requests to prevent fraud.

5. Data Retention

We retain personal data only as long as necessary:

  • Active Accounts: Retained for the duration of your membership.

  • Deleted Accounts: Profile data is deleted or anonymized within 30 days of account closure.

  • Transaction Records: Retained for 6-7 years to comply with UK tax/accounting laws (HMRC).

  • Verification Data: ID photos are deleted 30 days after verification is complete.

  • Banned Accounts: We retain device IDs, email hashes, and phone numbers of banned users indefinitely to prevent them from creating new accounts and threatening user safety (Legitimate Interest).

6. International Data Transfers

As a UK company, your data is primarily stored in the UK or European Economic Area (EEA). If we transfer data to processors outside these regions (e.g., to US-based tech providers), we ensure protection via:

  • UK «Adequacy Regulations» or EU Adequacy Decisions.

  • Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

7. Security

We implement robust technical and organizational measures to protect your data, including encryption in transit (TLS/SSL) and encryption at rest. Access to personal data is restricted to authorized employees with a business need. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

8. Children’s Privacy

The Service is strictly for individuals aged 18 or older. We do not knowingly collect data from minors. If we discover a user is under 18, we will immediately delete their account and data.

9. US State Privacy Rights (California & Others)

Although we are a UK company, we respect the rights of users in California (CCPA/CPRA) and other US jurisdictions.

  • No Sale of Data: We do not «sell» your personal data for money.

  • Right to Opt-Out of Sharing: We do not «share» personal data for cross-context behavioral advertising.

  • Authorized Agents: You may designate an authorized agent to make privacy requests on your behalf via [email protected].

10. Changes to This Policy

We may update this Policy periodically. Material changes will be notified via email or an in-app pop-up. The «Effective Date» at the top indicates the latest revision.

11. Contact Us

If you have questions about this Privacy Policy or your data:

  • Email: [email protected]

  • Mail: Glambu Limited, 3rd Floor Suite 207, Regent Street, London, W1B 3HH, United Kingdom.

  • Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK (www.ico.org.uk) or your local EU Data Protection Authority.