Privacy Policy

Last updated: April 29, 2025

Welcome to Gloam (“Gloam”, “we”, “our”, or “us”). Gloam is an AI-powered customer relationship management (CRM) platform purpose-built for photographers and other wedding professionals. We know how important privacy is to your business and your clients, so we’ve designed every layer of our product and infrastructure with security and transparency in mind.

This Privacy Policy explains what information we collect, how we use it, your choices, and the rights you have when you sign up for or interact with any of our services at trygloam.com (the “Website”) or via our connected mobile / desktop applications (together, the “Services”).

TL;DR
We collect only what we need to run the Services, keep your account secure, and continuously improve the product. 🎉


1. Key Definitions

TermWhat it means
AccountThe workspace you create when you sign up for Gloam
UserAnyone who uses Gloam, whether paying subscriber or on a free trial
ClientA contact that you—the User—store in Gloam (e.g., a couple you’re photographing)
Personal DataInformation that can identify an individual, such as name, email address, or payment details
ProcessingAnything we do with Personal Data (collect, store, analyze, delete, etc.)
ControllerFor EU/UK GDPR, this is usually you—the wedding pro—because you decide the purposes and means of processing your Clients’ data. Gloam acts as a Processor in that scenario.

2. Data We Collect & Why

2.1 Information You Provide

CategoryExamplesPurpose
Account InfoName, business name, email, phoneCreate and secure your workspace
Billing InfoCredit-card number, billing address (handled by Stripe)Process subscription & usage fees
ContentLeads, events, contracts, emails, images, etc.Core CRM functionality
SupportChat transcripts, emailsHelp you troubleshoot issues

2.2 Information We Collect Automatically

CategoryExamplesPurpose
Usage DataPage views, button clicks, feature flagsImprove product & diagnostics
Device DataBrowser type, IP address, operating system, time-zoneSecurity & localization
Cookies & Local StorageAuth tokens, theme preferenceKeep you logged in, remember settings
Marketing AttributionUTM parameters (source, medium, campaign)Track effectiveness of marketing channels

We collect marketing attribution data (such as which website or campaign directed you to our site) through URL parameters when you visit our website. This information is stored locally on your device and included when you submit forms on our site. We use this data to understand which marketing channels are most effective and to optimize our advertising efforts. This information is stored in our email marketing platform and associated with your email address when you join our waitlist or subscribe to our services.

2.3 Information from Integrations (Optional)

When you connect third-party services (e.g. Gmail, Stripe, Google Calendar):

• We request the minimum OAuth scopes required.
• Data stays sandboxed to your account and is used only to provide the specific feature (e.g., email syncing, invoice status).
• You can revoke access at any time from Gloam or the third-party dashboard.


3. How We Use Your Data

  1. Provide & maintain the Services – dashboards, automations, AI features.
  2. Authenticate & secure your Account (2FA, session management, abuse detection).
  3. Improve Gloam via analytics, A/B testing, and user feedback.
  4. Communicate about updates, security alerts, and marketing (opt-out any time).
  5. Comply with legal obligations (e.g., accounting, KYC, fraud prevention).

We never:

  • Sell Personal Data.
  • Use your Clients’ content to train third-party AI models.
  • Look at your account data unless you give explicit support consent.

We rely on one or more of the following:

Contract – to deliver the Services you signed up for.
Legitimate Interests – product analytics, fraud detection (balanced with your rights).
Consent – marketing emails, integrations.
Legal Obligation – tax & accounting records.


5. Retention

We keep Personal Data only as long as necessary:

  • Account data: until you delete your account or 24 months of inactivity.
  • Content inside your workspace: until you remove it or 90 days after account deletion (for recovery purposes).
  • Back-ups: encrypted and purged on a 35-day rolling window.

6. Data Sharing

CategoryRecipient TypeSafeguards
InfrastructureCloud hosting & storageIndustry-standard certifications
PaymentsPayment processorsPCI-DSS compliance
Email DeliveryEmail service providersSOC 2 or equivalent
AI ProcessingAI service providersData encrypted in transit
AnalyticsAnalytics platformsAggregated & pseudonymized

We only work with vendors who meet strict security and privacy standards. All sub-processors sign Data Processing Agreements (DPAs) with Gloam.

A current list of sub-processors is available upon request.


7. International Transfers

Your data may be processed in the United States or other regions where we or our sub-processors operate. We rely on:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission.
  • Adequacy decisions where applicable (e.g., UK-US Data Bridge).

8. Security

• Encryption in-transit (TLS 1.3) and at-rest (AES-256).
• Role-based access controls with least-privilege principle.
• Continuous penetration testing & automated dependency scanning.
• Audit trails for every data access event.

If we discover a breach that affects you, we will notify you within 72 hours (or earlier if required by law).


9. Your Rights

Depending on your locale, you may have the right to:

  • Access, correct, or delete your Personal Data.
  • Port your data in a machine-readable format.
  • Object to or restrict certain processing activities.
  • Lodge a complaint with your local Data Protection Authority.

Submit requests via privacy@trygloam.com and we’ll respond within 30 days. 📨


10. Children’s Privacy

Gloam is not directed to children under 16. If we learn that we have collected Personal Data from a child, we will delete it immediately.


Our Website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies individually.


12. Changes to This Policy

We may update this document from time to time. We’ll notify you via email or an in-app banner and update the “Last updated” date at the top. Continued use of the Services means acceptance of the revised Policy.


13. Contact Us

Questions, concerns, or requests?
Email: hello@trygloam.com

Thanks for trusting Gloam to power your business! 🎉