glamth

Privacy Policy

Last updated: March 5, 2026

1. Introduction

Glamth ("we," "us," or "our") operates the glamth.com website and mobile application (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

2. Information We Collect

Account Information

When you create an account, we collect your email address, display name, username, and password (stored as a one-way hash). If you sign in via TikTok, we receive your TikTok open ID, display name, username, and avatar URL.

Transaction Information

When you buy or sell items, we collect shipping addresses, order details, and payment information. Payments are processed by Stripe — we never store your full credit card number on our servers.

Usage Data

We automatically collect IP addresses, browser type, device information, pages visited, and timestamps when you use the Platform. We use cookies for session management and authentication.

3. How We Use Your Information

  • To create and manage your account
  • To facilitate transactions between buyers and sellers
  • To process payments and shipping
  • To send transactional emails (order confirmations, shipping updates, verification codes)
  • To provide customer support and resolve disputes
  • To detect and prevent fraud, abuse, and security threats
  • To enforce our Terms of Service
  • To improve and personalize the Platform

4. Information Sharing

We share your information only in the following circumstances:

  • With other users: Buyers see seller display names and usernames. Sellers receive buyer shipping addresses to fulfill orders.
  • Service providers: We use Stripe (payments), Shippo (shipping), Resend (email), Cloudflare (hosting and storage), and TikTok (authentication) to operate the Platform. These providers process data on our behalf under their own privacy policies.
  • Legal requirements: We may disclose information if required by law, subpoena, or government request.

We do not sell your personal information to third parties.

5. TikTok Data

When you connect your TikTok account to Glamth, we access the following data through TikTok's API:

Data We Receive

  • Profile data (user.info.basic, user.info.profile): Your TikTok open ID, display name, avatar URL, username, and follower count. Used to create your Glamth marketplace profile and display your identity to other users.
  • Video list (video.list): Metadata about your public TikTok videos including titles, thumbnails, view counts, durations, and embed links. Used to let you link TikTok videos to your product listings.

How TikTok Data Is Stored

  • Access tokens and refresh tokens are encrypted at rest using AES-256-GCM and stored in our database. Tokens are refreshed automatically every 24 hours and revoked when you disconnect your TikTok account or log out.
  • Video metadata is cached temporarily in Redis with a 5-minute TTL. We do not permanently store your TikTok video data — it is fetched fresh from TikTok's API on each request.
  • Profile data (display name, avatar URL, username, follower count) is stored in your user profile for as long as your TikTok account is connected.

Disconnecting TikTok

You can disconnect your TikTok account at any time from the Settings page. When you disconnect:

  • Your TikTok access and refresh tokens are immediately revoked via TikTok's API
  • Your TikTok-sourced profile data (handle, follower count) is deleted immediately
  • Any cached video metadata expires within 5 minutes
  • Your Glamth account remains active — you can continue using email/password login
  • You can reconnect your TikTok account at any time

Content Syndication

When you link a TikTok video to a product listing, we display the video embed on the listing detail page using TikTok's official embed player. You retain all rights to your TikTok content. We do not download, re-host, or modify your TikTok videos.

6. Data Security

We implement industry-standard security measures including HTTPS encryption, HMAC-signed session tokens, bcrypt/argon2 password hashing, and rate limiting. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Cookies

We use a single essential session cookie to keep you logged in. This cookie is HTTP-only, secure in production, and expires after 30 days of inactivity. We do not use third-party advertising or tracking cookies.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise these rights, contact us at privacy@glamth.com.

9. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete that information promptly.

10. Data Retention

We retain your account data for as long as your account is active. Transaction records are retained for 7 years for tax and legal compliance. Session data is automatically purged after expiration. If you delete your account, we remove your personal data within 30 days, except where retention is required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Platform or sending an email. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@glamth.com.