Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Mobile Tech Media, LLC collects, uses, shares, and protects your information when you use Glento on iOS, Android, and the web. We have written it in plain English so you can understand what happens to your data.
Who we are
Glento (the "App" or "Service") is provided by Mobile Tech Media, LLC ("Mobile Tech Media," "we," "our," or "us"), a limited liability company formed in the State of Wyoming, United States. Mobile Tech Media is the controller responsible for your personal data under this Policy.
This Policy covers the Glento mobile apps for iOS and Android, the Glento web app at app.glento.ai, and our marketing website at glento.ai (together, the "Service"). By using the Service, you acknowledge the practices described here.
- Controller: Mobile Tech Media, LLC, 1309 Coffeen Avenue, STE 1200, Sheridan, WY 82801, USA.
- Privacy contact: [email protected].
Local-first by design
Glento is local-first. By default, your tasks, notes, and organizational data are created and stored on your own device and are not sent to our servers. You can use the core App without an account and without any of your task data leaving your device.
Some features do involve our servers — optional cloud sync (a paid Pro feature), account sign-in, our AI features, analytics, purchases, and support. The sections below explain exactly what is collected and why in each case.
Information we collect
Information you provide
- Account information — if you create an account (for example, to use cloud sync), we receive your email address and basic profile identifier from you or from the sign-in provider you choose (Apple, Google, or Facebook). We do not receive your social-media password.
- Task content — your tasks, notes, lists, due dates, and related organizational data. This stays on your device unless you enable cloud sync, in which case it is synced through our servers (see "Cloud sync").
- AI inputs — the task text you type, or text transcribed from your voice, when you choose to use an AI feature (see "AI features").
- Support and feedback — the contents of messages you send us, including your email address and anything you choose to include.
Information collected automatically
- Usage and product-analytics data — events such as features used, screens viewed, and session activity, together with a pseudonymous identifier, approximate region/language, device type, operating system, and app version. We use this to understand and improve the product (see "Analytics").
- Diagnostics — crash and performance information that helps us find and fix problems.
Information from third parties
- Sign-in providers — when you sign in with Apple, Google, or Facebook, we receive a basic identifier and the email address associated with your sign-in (subject to your choices, e.g. Apple's hide-my-email).
- Payment and subscription status — our subscription provider and the relevant app store tell us whether you have an active subscription and the related transaction status. We do not receive or store your full card number.
How we use your information
We use personal data to:
- Provide the App and its core task-management features;
- Provide optional cloud sync and keep your data consistent across your devices;
- Provide AI features you choose to use;
- Authenticate you and secure your account;
- Process and manage subscriptions, and prevent fraud and abuse;
- Understand product usage and improve, troubleshoot, and develop the Service;
- Provide customer support and respond to your requests;
- Send service-related communications, and (only with your consent where required) other updates; and
- Comply with legal obligations and enforce our Terms.
Legal bases for processing (EU/UK)
If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under the EU General Data Protection Regulation (GDPR) and the UK GDPR:
- Performance of a contract (Art. 6(1)(b)). To provide the App, your account, cloud sync, AI features you request, and to manage your subscription.
- Consent (Art. 6(1)(a)). For non-essential analytics on the web where consent is required, and for any optional marketing. You may withdraw consent at any time, without affecting processing already carried out.
- Legitimate interests (Art. 6(1)(f)). To secure the Service, prevent fraud and abuse, keep diagnostics, and improve the product. Where we rely on legitimate interests, we balance them against your rights and you may object.
- Legal obligation (Art. 6(1)(c)). To meet our legal, tax, and accounting obligations.
We do not use your task content or AI inputs to build advertising profiles, and we do not use solely automated decision-making that produces legal or similarly significant effects about you.
AI features
Glento offers optional AI features that generate suggestions and coaching to help you organize and prioritize tasks. Here is exactly how they work:
- When you use an AI feature, the task text you typed — or, if you used voice dictation, the text transcribed from your speech — is sent to our server-side functions, which pass it to our third-party AI provider, OpenAI, which generates the response.
- Voice stays on your device. Voice dictation is transcribed to text on your device; the audio recording itself is not transmitted to or stored by us. Only the resulting text is sent for processing.
- We send only what is needed to produce the suggestion (your task text and minimal context). We do not send your account password or your full task database.
- The AI processor processes this text solely to return a result to us, on our instructions, under contractual confidentiality and security terms, and acts as our sub-processor.
- Under OpenAI's API terms, data sent through the API is not used to train OpenAI's models, and we have not opted in to any data-sharing for model training. OpenAI may retain API inputs and outputs for a short period (up to 30 days) for abuse and misuse monitoring and then deletes them.
- AI inputs and outputs are retained only as long as needed to provide and improve the feature and to maintain security, and are then deleted or de-identified (see "Data retention").
AI output is generated automatically and may be inaccurate or incomplete. It is provided as a suggestion only — use your own judgment and do not rely on it as professional advice. The free tier includes a monthly limit on AI suggestions; Pro removes that limit. To avoid sending sensitive information to the AI features, simply do not enter it into them.
Cloud sync (Pro)
Cloud sync is an optional paid feature. When you enable it, your task data is synced through our hosting provider so it stays consistent across your signed-in devices. If you never enable cloud sync, your task data is not stored on our servers.
Disabling cloud sync stops further syncing. To remove data already synced, delete the relevant items or your account (see "Your choices and rights" and "Data retention").
How your data is protected
We use industry-standard safeguards to protect your information, including:
- Encryption in transit (TLS) for data sent between your device and our servers and processors;
- Encryption at rest for data stored on our servers;
- Access controls, authentication, and the principle of least privilege; and
- Ongoing security maintenance and updates.
To be clear, our cloud sync uses encryption in transit and at rest — it is not end-to-end encryption, which means we (and our hosting provider, acting on our instructions) are technically able to access synced data in order to operate the sync service. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Service providers and sub-processors
We share personal data with a limited number of vendors that process it on our behalf, under contracts that require appropriate confidentiality and security and that limit their use to providing services to us. The categories of sub-processors we use are:
- Server hosting & infrastructure — Hetzner. Provides the servers and infrastructure on which we run our own database, account authentication, and (for Pro users) cloud-sync. We self-manage these services on that infrastructure.
- Product analytics — PostHog. Provides product analytics. We use PostHog's European Union hosting region for this data.
- Subscription management — RevenueCat, with Stripe for web payments. Manages subscription entitlements across platforms. For purchases made on the web, payment is processed by Stripe. Stripe receives the payment details needed to take payment; we do not receive or store your full card number.
- In-app billing — Apple App Store and Google Play. Process purchases and subscriptions made inside the iOS and Android apps under their own terms and privacy policies.
- Sign-in providers — Apple, Google, and Facebook. Provide optional single sign-on (OAuth) when you choose to sign in with them.
- AI/LLM processing — OpenAI, Inc. (United States). Receives the task text (typed or voice-transcribed) you submit to an AI feature, solely to generate the response, as described in "AI features."
- Email routing — Cloudflare. When you send us a message through our contact form, Cloudflare routes it to our inbox. We use it to receive your messages.
- Email inbox — Google (Gmail). The inbox where we receive and reply to contact-form and support messages. Your message and the email address you provide are stored there while we handle your request.
These providers have their own privacy policies, which we encourage you to review. We may also disclose information if required by law, to enforce our Terms, to protect the rights, safety, and security of our users or others, or in connection with a merger, acquisition, or sale of assets (in which case we will continue to protect your information and notify you of any change in control of your data). We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
International data transfers
We are based in the United States, and our service providers may process data in the United States and other countries. When we transfer personal data from the EEA, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum for UK data), and we take additional measures where needed. Where a provider is certified under the EU-U.S. Data Privacy Framework (and its UK extension and Swiss-U.S. framework), transfers to that provider may also rely on that certification. You can request more information about these safeguards using the contact details below.
Data retention
We keep personal data only for as long as we need it for the purposes described in this Policy, then delete or de-identify it. In general:
- Local task data lives on your device until you delete it or uninstall the App.
- Account and synced data are retained while your account is active. When you delete your account, we delete or de-identify the associated data within 30 days, except where we must keep limited records for legal, tax, or fraud-prevention reasons.
- We do not retain your AI inputs or outputs on our own servers after the result is returned to you. Our AI provider, OpenAI, may retain them for up to 30 days for abuse monitoring and then deletes them; it does not use them to train its models.
- Aggregated, pseudonymous analytics data is retained by our analytics provider for up to 7 years (its standard retention period). It is not linked to your name; on our marketing website it is associated only with a rotating daily identifier rather than a persistent one.
- Residual copies of deleted data may remain in encrypted backups for a limited period after deletion and are removed as those backups are rotated.
Your choices and rights
Depending on where you live, you have rights over your personal data. We honor these rights for all users where we can, and you can exercise them by emailing [email protected] or by using the in-app controls described under "Deleting your account and data."
EEA, UK & Switzerland (GDPR / UK GDPR)
You have the right to: access your data; have it corrected; have it erased; restrict or object to processing; data portability; and withdraw consent at any time (without affecting prior processing). You also have the right to lodge a complaint with your local data protection supervisory authority. We will respond within the timeframes required by law (generally within one month).
California (CCPA/CPRA)
If you are a California resident, you have the right to know and access the personal information we collect, use, and disclose; to request deletion; to request correction; to opt out of the sale or sharing of personal information; and to limit the use of sensitive personal information. We do not sell or share your personal information as those terms are defined under California law, and we do not use or disclose sensitive personal information for purposes that would trigger the right to limit. We honor opt-out preference signals such as Global Privacy Control (GPC) on our website. We will not discriminate against you for exercising your rights. The categories of personal information we collect are described under "Information we collect," and the purposes and recipients are described under "How we use your information" and "Service providers and sub-processors."
Brazil (LGPD)
If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including confirmation of processing; access; correction of incomplete or inaccurate data; anonymization, blocking, or deletion of unnecessary or excessive data; portability; deletion of data processed with your consent; information about with whom we share your data; and the right to withdraw consent. You may also contact the Brazilian data protection authority (ANPD).
Verifying and authorizing requests
To protect your data, we may need to verify your identity before acting on a request, and we may decline requests where permitted by law. You may use an authorized agent to submit a request where the law allows.
Deleting your account and data
You can delete your account and associated server-side data at any time:
- In the mobile app: open Settings, go to the Account screen, and choose Delete Account; or
- By email: write to [email protected] and ask us to delete your account.
Once your account is deleted, we delete or de-identify the associated data within 30 days, except for limited records we are required to keep by law. Task data stored only on your device is removed when you delete it in the App or uninstall the App. Note that deleting your account does not by itself cancel a subscription billed by an app store — manage cancellations as described in our Terms.
Cookies and analytics (web)
Our marketing website uses only a little essential storage plus cookieless analytics (no cookies, so no consent is needed). The signed-in web app uses essential cookies to keep you signed in and remember preferences, plus product analytics to operate and improve the Service. For full details, see our Cookie Policy. Our iOS and Android apps do not use browser cookies.
Children's privacy
Glento is intended for general audiences and is not directed to children. We do not knowingly collect personal information from children under the age limits described below.
- United States: we do not knowingly collect personal information from children under 13 (COPPA).
- EEA/UK: depending on your country, the minimum age to consent to data processing is between 13 and 16. The default is 16; for example, it is 16 in Germany, 15 in France, and 14 in Spain, and 13 in the UK. If you are below the applicable age in your country, you may only use the Service with the consent of a holder of parental responsibility.
If you believe a child has provided us personal information without the required consent, contact us at [email protected] and we will delete it.
Data breach notification
We maintain procedures to detect and respond to personal-data breaches. Where a breach is likely to result in a risk to your rights, and notification is required by applicable law, we will notify the relevant supervisory authority without undue delay (and, under the GDPR, within 72 hours where feasible) and will inform affected individuals without undue delay where the law requires.
Governing language
This Privacy Policy is written in English, which is the authoritative and governing version. We may provide translations for your convenience. If there is any conflict or discrepancy between the English version and a translation, the English version prevails.
Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide a more prominent notice. Please review this Policy periodically.
Contact us
If you have questions about this Policy or want to exercise your rights, contact us:
- Mobile Tech Media, LLC
- Email: [email protected]
- Mailing address: 1309 Coffeen Avenue, STE 1200, Sheridan, WY 82801, USA
- Website: glento.ai/contact