Privacy Policy

Privacy Policy

How Gleam collects, uses, shares, and protects information across the website, dashboard, hosted Portal, iOS SDK, and SDK REST v1 APIs.

Last updated: May 5, 2026

Scope

This Privacy Policy explains how Gleam, a product by Blackboxes AI, collects, uses, shares, and protects information when you use Gleam websites, the dashboard, hosted feedback portals, developer documentation, the iOS SDK, and related SDK REST v1 APIs.

If your organization has a separate written data processing agreement, order form, or enterprise agreement with us, that agreement controls where it conflicts with this policy.

Information We Collect

We collect information you provide directly, information generated by your use of Gleam, and information needed to run integrations you configure.

  • Account and workspace information, such as email address, name, avatar, authentication metadata, workspace names, project names, roles, and invitation status.
  • Product content, such as feedback posts, comments, votes, roadmap items, announcements, changelog content, uploaded assets, portal configuration, and related metadata.
  • Developer and integration information, such as project IDs, portal slugs, SDK keys, SDK session metadata, API request metadata, notification preferences, APNs device tokens, and APNs configuration values you choose to store in the dashboard.
  • Website and service usage information, such as IP address, user agent, browser type, device information, pages visited, referrer, timestamps, error logs, and security logs.
  • Preferences stored locally in your browser, such as the public website theme preference.

How We Use Information

  • Provide, maintain, secure, and improve Gleam.
  • Authenticate users, manage workspaces, and apply workspace permissions.
  • Operate hosted portals, feedback boards, roadmap views, announcements, notification inboxes, and SDK sessions.
  • Send product notifications, operational emails, support replies, and account-related messages.
  • Register and route APNs device tokens when you enable iOS push notifications.
  • Debug errors, detect abuse, prevent unauthorized access, and preserve service reliability.
  • Comply with legal obligations and enforce our terms.

How We Share Information

We do not sell personal information. We share information only when needed to run Gleam, support customers, comply with law, or protect the service.

  • With service providers that host infrastructure, provide authentication, database, storage, email, payment, analytics, security, or support services for Gleam.
  • With members of your workspace according to their roles and permissions.
  • With the public or invited users when you configure a portal, roadmap, announcement, or feedback surface to be public or shared.
  • With Apple Push Notification service when APNs delivery is enabled and a notification is sent to a registered device token.
  • With authorities or third parties when required by law, to protect rights and safety, or to investigate abuse.
  • As part of a merger, acquisition, financing, reorganization, or sale of assets, subject to reasonable confidentiality protections.

Customer Content And End-User Data

Gleam customers decide what content they collect from their own users and which portal surfaces are public, private, or embedded in their products. If you submit feedback through a Gleam-powered portal, the workspace owner can access and manage that submission.

When we process end-user data for a customer workspace, we do so to provide Gleam to that customer and according to the workspace configuration.

Retention

We keep information for as long as needed to provide Gleam, maintain security, resolve disputes, comply with legal obligations, and enforce agreements. Workspace owners can delete product content from the dashboard, and you can contact us to request account or personal data deletion where applicable.

Security

We use technical and organizational safeguards designed to protect information, including access controls, encrypted transport, hosted infrastructure controls, and operational monitoring. No internet service can be guaranteed to be completely secure, so you should protect your credentials and keep server-only secrets out of client applications.

Your Choices

  • You can update account and workspace information in the dashboard where the product allows it.
  • You can unsubscribe from non-essential marketing emails using the unsubscribe link if one is provided.
  • You can manage browser storage through your browser settings. The public website currently uses local storage for theme preference.
  • You can manage push notification permission through your operating system and app settings.
  • You can contact us to request access, correction, deletion, or portability where applicable law provides those rights.

International Transfers

Gleam may process and store information in the United States and other countries where we or our service providers operate. If you use Gleam from outside those countries, your information may be transferred to and processed in those locations.

Children

Gleam is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information to Gleam, contact us and we will take appropriate steps.

Changes

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as updating the date on this page or providing an in-product notice.

Contact

Questions about privacy can be sent to hello@gleam.land.