Outglow legal

Privacy Policy

Effective May 26, 2026. Legal version 2026-05-26.

This Privacy Policy explains how Umbra Global LLC, doing business as Outglow ("Outglow," "we," "us," or "our"), collects, uses, shares, stores, protects, exports, and deletes information when you use the Outglow mobile app, API, websites, admin tools, and related services.

Legal entity: Umbra Global LLC
Mailing address: 30 N Gould St 127962, Sheridan, WY 82801
Contact: support@outglow.live

Information We Collect

Account information, including username, display name, email address, password hash, profile photo, bio, profile link, country, date of birth, account role, account status, email verification status, legal acceptance records, and identity-change timestamps.
Optional consent choices, including marketing email consent, analytics and crash-report consent, and the timestamps for those choices.
User content, including uploaded photos, videos, thumbnails, captions, comments, direct messages, reports, moderation details, and related metadata such as media type, size, dimensions, checksum, upload time, storage key, and scan status.
Social, battle, and engagement data, including follows, blocks, likes, saves, votes, battles, battle outcomes, reputation, badges, leaderboards, notifications, activity records, frequency caps, and ranking signals.
Device and technical data, including IP address, user agent, request IDs, client session identifiers, device IDs you provide, app version, platform, Expo push tokens, logs, rate-limit data, abuse-prevention signals, and security events.
Advertising and measurement data, including sponsored entry impressions, clicks, frequency-cap events, rejected ad events, hashed IP and user-agent values, anonymous ad identifiers, and identifiers needed to detect invalid traffic.
Support, safety, and administrative data, including emails or messages you send us, staff actions, admin audit logs, user reports, safety flags, evidence snapshots, and review notes.
Child-safety evidence preservation. When content is uploaded, we record a forensics row containing the raw IP address, User-Agent string, an origin/country hint, and the cryptographic hashes (SHA-256) of any media. These fields are stored separately from the public content record and are accessible only to a small set of moderators with the dedicated safety.csae capability. They support our obligations under 18 U.S.C. § 2258A and our published Child Safety (CSAE) Standards.

Information You Choose To Share

Outglow is a social and creative platform. Information you put in your profile, posts, captions, comments, battles, and public activity may reveal personal details about you or others. Please do not upload or submit private, sensitive, illegal, or unauthorized information. If you include other people in content, you are responsible for having the rights and permissions needed to share that content.

How We Use Information

To create accounts, verify age and region eligibility, authenticate sessions, rotate tokens, deliver password reset and email verification messages, and protect accounts.
To provide profiles, feeds, media uploads, posts, battles, voting, reputation rewards, badges, leaderboards, comments, direct messages, notifications, blocks, reports, and social discovery.
To personalize or rank content, including feed scoring based on recency, follows, engagement, reputation, discovery rules, and other product signals.
To moderate content and accounts, review reports, scan uploads or text for safety signals, investigate abuse, enforce blocks and suspensions, and protect users and platform integrity.
To send service messages, account-security emails, verification emails, password reset emails, and push notifications if enabled.
To serve, rotate, frequency-cap, and measure sponsored entries or ad placements, including invalid click or impression prevention.
To operate hosting, storage, databases, backups, media cleanup, caching, logging, audits, analytics, crash reporting, security monitoring, and deployment checks.
To comply with law, enforce our Terms, defend legal claims, and respond to lawful requests.

Legal Bases For EEA And UK Users

Where GDPR or UK GDPR applies, we process information under the following lawful bases:

Performance of a contract (Art. 6(1)(b)) for account creation, authentication, posting, voting, battles, direct messages, and any other feature you actively use.
Legitimate interests (Art. 6(1)(f)) for safety, security, fraud and abuse prevention, content moderation, age-gate enforcement, analytics on aggregated usage, product operation, and service improvement. We balance these against your rights and only rely on this basis when our interest is not overridden by your privacy interests.
Consent (Art. 6(1)(a)) for optional marketing emails, third-party analytics, crash reporting, and push notifications. You can withdraw consent any time from Settings.
Legal obligation (Art. 6(1)(c)) for tax, accounting, financial-crime checks, age-verification when required, response to lawful government requests, and CSAE reporting under 18 U.S.C. § 2258A. The CSAE pipeline is documented in our Child Safety (CSAE) Standards.
Vital interests (Art. 6(1)(d)) in narrow circumstances involving an imminent threat to life or the safety of a child.

For special-category data (Art. 9), including any biometric data we may process as part of safety screening, we rely on Art. 9(2)(g) (substantial public interest in child safety and crime prevention) and applicable national laws.

Data Protection Officer And EU Representative

Privacy and data-protection enquiries from EEA, UK, and Swiss residents: dpo@outglow.live.

Until a dedicated Art. 27 representative is appointed, EEA and UK residents may also contact us by post at Umbra Global LLC, 30 N Gould St 127962, Sheridan, WY 82801, USA, Attention: Data Protection.

Digital Services Act (EU) — Single Point Of Contact

Outglow is a hosting service for the purposes of Regulation (EU) 2022/2065 (Digital Services Act). Authorities of EU member states, the Commission, and the European Board for Digital Services may contact us electronically at dsa@outglow.live in English. We respond in English; we use machine translation for incoming requests in other EU official languages.

Recipients of the service may use the same address to file an objection under Article 20, or to escalate a content-moderation decision under our internal complaint-handling system. See our Terms of Service "Appeals" section for the in-product appeal flow.

We publish an annual transparency report covering orders received from authorities, content removals, account actions, complaints received, and the median and longest decision times. The first report covers calendar year 2026 and will be published on this domain by 30 April 2027.

Public Information

Your username, display name, avatar, bio, public profile link, posts, captions, battle entries, battle results, reputation, badges, follower counts, and some public activity may be visible to other users or visitors. Votes may be reflected in battle totals or outcomes. Reports, moderation notes, account tokens, password hashes, private security signals, and internal audit logs are not public profile information.

Direct Messages And Moderation Review

Direct messages are visible to conversation participants. They are not end-to-end encrypted. Outglow staff with appropriate roles may access message content when necessary for safety, abuse investigations, reports, legal compliance, or platform integrity. Admin message access should be limited by role and audited.

Age, Country, And Children

Outglow is not intended for children under 13 or the minimum age required in their region. We collect country and date of birth at signup to apply age gates and privacy surfaces. If you believe a child has provided personal information without appropriate consent, contact us so we can review and take appropriate action.

Advertising, Analytics, And Third-Party SDKs

Outglow may show private sponsored entries and, if enabled, mobile ads served by third-party advertising providers such as Google AdMob. Those providers may process device, app, ad interaction, or measurement data under their own policies. We do not sell personal information for money. If we enable a feature that legally qualifies as a sale or sharing of personal information, we will provide any required notice and opt-out controls.

Push Notifications

If push notifications are enabled and you allow them, we may collect and store Expo push tokens, device identifiers you provide, app version, and platform information so we can deliver notifications. You can disable push notifications through your device settings. We may disable invalid or inactive tokens.

Sharing

We may share limited information with vendors and service providers that help us operate hosting, databases, Redis or cache services, media storage, content delivery, email delivery, push notifications, security scanning, analytics, crash reporting, error monitoring, advertising, customer support, legal, and business operations.

We may also disclose information when required by law, to enforce our Terms, to protect users, to investigate abuse or security incidents, or in connection with a merger, financing, acquisition, bankruptcy, reorganization, or sale of assets.

International Processing

Your information may be processed in the United States and other countries where Outglow or our service providers operate. Data protection laws may differ from those in your location. Where required, we use appropriate safeguards for international transfers.

Retention

We keep information for as long as needed to provide the service, maintain accounts, enforce our Terms, comply with law, resolve disputes, prevent abuse, maintain security, and operate backups and audit records. Some records have shorter retention. For example, ad event records are designed to expire after about 120 days. Some safety, moderation, legal, fraud-prevention, backup, and audit records may be retained longer when needed.

Account Deletion

You can request deletion in the app under Settings, Privacy, Delete my account, or by contacting support@outglow.live. The app requires typed confirmation before scheduling deletion. Deletion is scheduled with a 30-day grace period. Signing back in during that period, or using the cancel-deletion control in Settings, may cancel the request.

After the grace period, Outglow deletes or anonymizes account data. Private content such as direct messages, device tokens, auth tokens, follows, blocks, notifications, likes, saves, votes, reports you filed, activity records, ad events, and idempotency records may be deleted. Public content such as posts and comments may be soft-deleted or replaced with tombstones so other users' threads, battles, and safety records remain coherent. Uploaded media and avatar files tied to your deleted content are queued for removal. We may keep limited safety, moderation, legal, anti-fraud, audit, or backup records when permitted or required by law.

Data Export

You can request or download a JSON export of your account data through in-app privacy controls when available, or by contacting us. Exports may include profile data, posts, comments, engagement, battles, votes, reports you filed, messaging records, follows, blocks, notifications, and safety flags associated with your account.

Your Privacy Rights

Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to processing of your personal information, and to withdraw consent where processing is based on consent. Outglow currently extends access, export, consent controls, and deletion controls broadly to users through Settings. You may also contact us at support@outglow.live. We may need to verify your identity before fulfilling a request.

EEA and UK users may also have the right to lodge a complaint with their local data protection authority. Brazilian users may exercise rights under the LGPD by contacting dpo@outglow.live; Canadian users may exercise rights under PIPEDA and applicable provincial laws.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). These rights are in addition to anything described above.

Right to know. You may request a copy of the categories and specific pieces of personal information we collect, use, disclose, and (if applicable) sell or share about you, the sources, the purposes, and the categories of third parties that received it, looking back 12 months. Use Settings → Download my data in the app to receive an export, or email privacy@outglow.live.
Right to correct. You may request that we correct inaccurate personal information we hold about you. Most fields can be edited directly from Settings → Edit profile.
Right to delete. You may request that we delete personal information we hold about you. Use Settings → Delete my account; deletion is scheduled with a 30-day cooling-off window during which you can cancel.
Right to limit sensitive personal information. You may request that we limit our use of sensitive personal information to purposes reasonably expected by the average consumer requesting the service.
Right to non-discrimination. We will not deny you services, charge different prices, or provide a different level of quality because you exercised your privacy rights.
Authorized agents. You may use an authorized agent to make a request on your behalf. We will verify both your identity and the agent's authority before responding.

Sale and sharing of personal information. Outglow does not sell personal information for money. We do not "share" personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under the age of 16. If we ever change this, we will update this policy and provide a Do Not Sell or Share My Personal Information link on the home page in accordance with the CCPA.

Categories of personal information collected in the last 12 months (CCPA categories): identifiers (account id, email, IP address); customer records (display name, country, date of birth); commercial information (none — no purchases or paid services); internet activity (interactions with the service); geolocation (country-level only); sensory data (photos and videos you upload); professional information (none); education information (none); inferences (reputation, feed-ranking signals).

Submit a CCPA request, or appeal a denial, by emailing privacy@outglow.live. We will respond within 45 days (extendable once by another 45 days where reasonably necessary).

Security

We use security-minded controls such as password hashing, token rotation, request validation, upload validation, rate limits, security headers, role-based admin access, audit logs, moderation workflows, and cleanup workers. No service can guarantee perfect security, but we work to protect data and respond to abuse.

Automated Processing

Outglow uses automated systems to rank feeds, detect suspicious voting or ad activity, enforce rate limits, validate uploads, and flag certain safety keywords for human or staff review. We may change these systems over time. We do not intend automated systems alone to make decisions that produce legal or similarly significant effects without appropriate review where required by law.

Changes

We may update this Privacy Policy as the product changes. The effective date and legal version above identify the current version. Material changes may require users to accept updated terms or policy notices before continuing to use the service.