Skip to content
Glenby
Glenby

As of: 3 July 2026

Privacy

Glenby processes as little about you as possible. Anything you share with others is end-to-end encrypted - we cannot read it. This is a translation for convenience. The German version is legally binding.

Controller

The controller responsible for data processing within the meaning of the DSGVO is Ebrahim Seyfi (Geschäftsbezeichnung „Senorit"), Seeschwalbentwiete 23, 22119 Hamburg, privacy@glenby.de. Full provider details can be found in the Legal notice.

End-to-end encryption

Content you share with friends (photos, notes about places) is encrypted on your device before it reaches our servers. Only the recipients you choose can decrypt it. We store exclusively the encrypted content and hold no key to it.

What data we process

Account
Display name and optionally an email address for sign-in. We store the password exclusively as a hash, never in plain text.
Shared content
Photos and notes about places - stored exclusively end-to-end encrypted. We hold no key to it.
Video calls
1:1 video calls are transmitted directly between devices (WebRTC, encrypted) and are not recorded. Cloudflare acts solely as a TURN relay to broker the connection.
Billing
For a paid subscription, our payment provider Stripe processes the payment data. We ourselves store only the identifier needed for contract administration and the plan status.
Friends and notifications
Friend code, connections, and, if you enable reminders, a push token.
Technical data
Minimal data for operation and security, such as session and device identifiers and synchronization timestamps.

Location and Trailmates

When you complete a task, your location (GPS) is captured once as proof of authenticity and stored together with the completion. There is no background tracking and no movement profile. Your location is therefore not a special category of personal data within the meaning of Art. 9 DSGVO; the processing is based on Art. 6 Abs. 1 lit. b and lit. f DSGVO.

If you voluntarily take part in Trailmates (a meet-people feature, from age 18), we process your express consent, your age group (being of legal age), and your match decisions. Unlike the general location feature, taking part in a meet-people feature can involve information about a person's sex life or sexual orientation (Art. 9 Abs. 1 DSGVO); the legal basis is your express consent (Art. 9 Abs. 2 lit. a DSGVO). Match cards contain no identifying data and, in this version, no location - deliberately, so as not to additionally link this already sensitive processing with location-based inferences. For Trailmates we carry out a data protection impact assessment under Art. 35 DSGVO.

Services we use (processors)

Encrypted content and account data are processed by the following services:

Processors and recipients that Glenby uses to operate the app and website
ServicePurposeLocation / transfer basis
SupabaseStorage of accounts and encrypted content.EU data center (Frankfurt am Main).
StripePayment processing for paid subscriptions.Transfer to third countries (in particular the USA) based on EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework.
CloudflareActs solely as a TURN relay to broker the connection for 1:1 video calls; records nothing.Edge network, connection brokering only.
Apple / GoogleDelivery of push notifications, where enabled.Transfer via the respective push infrastructure (third country).
VercelHosting of this website (glenby.de).To the extent this involves a transfer to third countries, we rely on EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework.
ResendSending of transactional emails (for example deletion and withdrawal confirmations), no marketing emails.To the extent this involves a transfer to third countries, we rely on EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework.

We have the necessary agreements under Art. 28 DSGVO in place with all processors named.

Screening for harmful content on the device

Before a photo is encrypted and shared, the app screens it directly on your device for clearly harmful content. This screening runs locally - no images are uploaded for it. More on this on the Security & Transparency page.

Statutory reporting duty

If there is reasonable suspicion of a serious crime - in particular depictions of the sexual abuse of children - we are required under Art. 18 of Regulation (EU) 2022/2065 (Digital Services Act) to inform the competent law enforcement authority. The central reporting body in Germany is the Bundeskriminalamt as the central office under § 13 DDG in conjunction with § 2 BKAG. Only the content concerned is, in this case, excluded from end-to-end encryption and secured with a separate key that only the automated, official reporting channel can open. No one at Senorit sees this content in plain text.

Legal bases

  • Art. 6 Abs. 1 lit. b DSGVO - provision of the app, its features, and the paid contracts.
  • Art. 6 Abs. 1 lit. a DSGVO - consent for push notifications and for taking part in Trailmates; revocable at any time.
  • Art. 9 Abs. 2 lit. a DSGVO - express consent for the meet-people feature, to the extent it may involve special categories of personal data.
  • Art. 6 Abs. 1 lit. f DSGVO - operation, security, and abuse prevention.
  • Art. 6 Abs. 1 lit. c DSGVO - statutory reporting and cooperation duties.

Retention period

Content and account data are stored for as long as your account exists; upon deletion they are removed (see account and data deletion). If a statutory report under Art. 18 DSA has been triggered for a piece of content, that content remains excluded from deletion for the duration of the official proceedings; the legal basis for this is Art. 17 Abs. 3 lit. b DSGVO.

Your rights

You have the right to access (Art. 15 DSGVO, first copy free of charge), rectification, erasure (Art. 17 DSGVO), restriction of processing, data portability, and objection (Art. 15-21 DSGVO), as well as the right to withdraw any consent given at any time with effect for the future. The app offers an export and a deletion function directly in the settings; see account and data deletion. Requests at any time to privacy@glenby.de.

Right to lodge a complaint

You can lodge a complaint with a data protection supervisory authority, generally the authority of the German federal state (Bundesland) where you reside.

Cookies and local storage

This website uses exclusively technically necessary storage within the meaning of § 25 Abs. 2 TDDDG, for example to provide the page; no consent is required for this, a disclosure is sufficient. Should we deploy analytics or marketing services in the future that are not strictly necessary, we will first obtain your express, granular consent via a consent banner with an equally prominent reject button.