1. Data controller

In this Privacy Policy, "Gleamy", "we", "us", and "our" refer to the data controller responsible for processing your personal data. The Gleamy service is provided by Ayşe Bahar Çelik as a Sole proprietorship under the Gleamy brand.

Service provider

Ayşe Bahar Çelik

Business address

Alacaatlı Mah., 3361 Sk., No: 1, İç Kapı No: 12, Çankaya/Ankara, Türkiye

Tax office

Doğanbey Tax Office

Tax identification number

9180195481

Contact

hello@gleamy.ai

For questions about data processing or to exercise your rights, contact hello@gleamy.ai or use the contact form in the Contact section on the gleamy.ai homepage.

2. About this policy

This Privacy Policy explains how we collect, use, share, and protect personal information when you visit https://gleamy.ai (the "Site") or use the Gleamy platform—such as when you register, create an event, upload content, or purchase a plan. Together with our Terms & Conditions, this policy defines our data processing obligations regarding the Service.

3. Information we collect

When you visit the Site, we may automatically collect certain information about your device and how you interact with the Site. This may include your browser type, IP address, time zone, and cookie identifiers, as well as pages you view and actions you take. We refer to this as "Device Information."

• Cookies – Small data files stored on your device that help the Site work properly and remember preferences. You can manage cookies in your browser settings.
• Log files – Records of site activity that may include IP address, browser type, referring/exit pages, and timestamps.
• Web beacons, tags, and pixels – Technologies used to understand usage and improve performance and user experience.
• Analytics tools – Analytics services that help us understand traffic, feature usage, and performance so we can improve Gleamy over time.

4. How we use information

We use Order Information to:

• Process purchases and payments, and issue invoices where applicable
• Create and manage your Gleamy account and event galleries
• Provide core features such as uploads, sharing, downloads, and reminders
• Communicate with you about your account, events, support requests, and important updates
• Detect, prevent, and address fraud, abuse, and security issues

We use Device Information to:

• Operate, improve, and optimize the Site and platform experience
• Understand feature usage and performance to improve reliability
• Help protect Gleamy and its users against suspicious activity

5. How we share information

We share personal information with trusted service providers only when needed to operate Gleamy securely and effectively. This may include:

• Payment processors that securely handle transactions and payment verification.
• Cloud and infrastructure providers that host the platform and store data securely.
• Analytics and monitoring providers that help us understand performance and improve the service.

6. Your rights

Depending on your location, you may have rights regarding your personal information—such as the right to access, correct, delete, restrict processing, request portability, or object to certain processing. To exercise these rights, contact us at hello@gleamy.ai or use the contact form in the Contact section on the gleamy.ai homepage.

• Access, correction, or update of your personal information
• Deletion requests, subject to legal and contractual requirements
• Objection to or restriction of certain types of processing
• Withdrawal of consent where processing is based on consent
• Data portability where applicable

7. Legal basis for processing

We process personal data based on one or more of the following legal grounds: (a) performance of a contract — to provide the Service you have purchased or requested; (b) legitimate interests — to operate, improve, and secure the platform; (c) legal obligations — to comply with applicable laws and regulations; (d) consent — where you have provided explicit consent for specific processing activities, such as enabling face recognition features.

8. International data transfers

We operate globally and may transfer your data to countries outside your jurisdiction, including countries that may have different data protection standards. When we transfer data internationally, we implement appropriate safeguards—such as standard contractual clauses or equivalent mechanisms—to ensure your data remains protected in accordance with applicable law.

9. Security measures

We implement technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, access controls, regular security assessments, and secure infrastructure provided by reputable cloud providers. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Data retention

We retain account and transaction-related information as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Event media (photos and videos) may be retained based on your plan settings and storage policies, or until deletion is requested where applicable.

11. Event content and biometric data

Event content may include personal data within photos and videos. Some features—such as AI Face Find or Private gallery access—may involve face matching to help guests find their own moments and/or to limit visibility to content they appear in. Where required by applicable law (including KVKK in Turkey and GDPR in the EU), Event Hosts are responsible for providing appropriate notices and obtaining any necessary consents before enabling these features.

12. Minors

Our services are not intended for individuals under 18 to create an account or purchase plans. Event content may include minors; in such cases, the Event Host is responsible for ensuring appropriate permissions and compliance with local laws.

13. Do not track

Some browsers offer a "Do Not Track" signal. We do not currently respond to DNT signals with a uniform change in behavior. You can manage cookies and similar technologies through your browser settings.

14. Complaints

We encourage you to contact us first at hello@gleamy.ai or via the contact form on the gleamy.ai homepage to try to resolve any concerns regarding your data. If you believe your data protection rights have been violated and we have not adequately addressed your concern, you have the right to lodge a complaint with a supervisory authority. In Turkey, you may contact the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu). In the EU/EEA, you may contact your local data protection authority.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or business practices. When we make material changes, we will:

• Update the 'Last updated' date at the top of this page
• Notify you via email or through the Service at least 30 days before changes take effect (for material changes)
• Provide a summary of key changes where practical

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree to the changes, you should stop using the Service before the changes take effect.

18. Contact information

If you have questions about this Privacy Policy, the Service, or your rights, please contact us:

• Service provider: Ayşe Bahar Çelik (Sole proprietorship operating under the Gleamy brand).
• Address: Alacaatlı Mah., 3361 Sk., No: 1, İç Kapı No: 12, Çankaya/Ankara, Türkiye
• Doğanbey Tax Office: VKN 9180195481
• Email: hello@gleamy.ai
• Phone: +90 532 280 16 87
• Contact form: use the form in the Contact section on the gleamy.ai homepage.

We aim to respond to inquiries within 5 business days.