Legal

Privacy Policy

Last updated: April 2026

Your privacy matters to us. This policy explains what information we collect, how we use it, and your rights around that data. We will never sell your personal information.

Be My Guest LLC ("we," "us," or "our"), doing business as GLPCircle, operates the GLPCircle app and website at glpcircle.com. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our App.

1. Information We Collect

Information You Provide

Account information. Email address, display name, and password (stored as a secure hash, never in plain text).
Profile information. Avatar, medication type, medication format, time on medication, and any optional profile details you add.
Health-related information. Medication details, goal tracking data, and any journey notes you choose to share.
Community content. Posts, comments, reactions, and bookmarks.
Payment information. Processed securely through Stripe, Apple In-App Purchase, or Google Play Billing. We do not store your full credit card number.

Information Collected Automatically

Device information. Device type, operating system, app version, and unique device identifiers.
Usage data. Features used, screens viewed, time spent in the app, search queries, and crash reports.
IP address. Used for security, rate limiting, and approximate location (country/region only).

2. How We Use Your Information

We use the information we collect to:

Provide and operate the App and its features.
Create and manage your account.
Process Plus subscription payments.
Enable community features: posting, commenting, and reactions.
Moderate content (AI review of reported content only, not bulk scanning).
Send you notifications about activity on your posts and account.
Send system-wide announcements when necessary.
Improve the App based on how the community uses it.
Maintain security and prevent fraud, abuse, or unauthorised access.
Comply with legal obligations.

We will never use your health information for advertising purposes. We will never sell your personal data to third parties.

3. How We Share Your Information

We do not sell your personal information. We share data only in these situations:

With other users. Your display name, posts, comments, and reactions are visible to community members based on your privacy settings. Anonymous posts show no identifying information.
Service providers. We use trusted third-party services for hosting (Railway), payment processing (Stripe), and content moderation (OpenAI Moderation API, used only on reported content). These providers access only the data needed to perform their services and are contractually obligated to protect it.
Legal requirements. We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect safety, prevent fraud, or enforce our Terms.
Business transfers. If Be My Guest LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

4. Data Security

We take security seriously and implement multiple layers of protection:

All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
Passwords are hashed using bcrypt, never stored in plain text.
Database access is restricted and encrypted at rest.
Rate limiting on login attempts to prevent brute-force attacks.
Input sanitisation to prevent SQL injection and cross-site scripting (XSS).
Regular security reviews of all features.

No system is 100% secure. If we discover a data breach that affects your personal information, we will notify you and relevant authorities as required by law.

5. Anonymous Posting

When you post anonymously, your display name is hidden from other members. However, your account information is still associated with anonymous posts in our internal systems. This is necessary for community safety and moderation. GLPCircle staff may identify the account behind an anonymous post in cases of serious violations or legal requirements.

6. AI Moderation Transparency

We use AI tools to review content that has been reported by community members. AI moderation is not used for bulk scanning of all content. It is only activated when a user reports a specific post or comment.

AI moderation assigns a severity score to reported content. High-severity content may be temporarily hidden while a human moderator reviews it. You can appeal any moderation decision through your account settings. AI systems are not perfect. Human review is available for all AI moderation decisions.

7. Your Rights

All Users

Access your personal data through your profile and settings.
Correct or update your information at any time.
Delete your account and associated data.
Opt out of non-essential communications.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to know what personal information we collect and how it is used.
Right to delete your personal information.
Right to opt out of the sale or sharing of your personal information. (We do not sell your data.)
Right to non-discrimination for exercising your privacy rights.

To exercise these rights, use our contact form. We will respond within 45 days.

European Users (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation:

Right of access to your personal data.
Right to rectification of inaccurate data.
Right to erasure ("right to be forgotten").
Right to restrict processing.
Right to data portability.
Right to object to processing.
Right not to be subject to automated decision-making.

Our legal basis for processing your data is: (a) your consent, (b) performance of our contract with you, and (c) our legitimate interests in operating and improving the App. For health-related data, we rely on your explicit consent under Article 9 of the GDPR.

To exercise your rights, use our contact form. We will respond within 30 days.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account:

Your profile, posts, comments, and content are deleted within 30 days.
Anonymised analytics data may be retained (no personally identifiable information).
Backup copies may persist for up to 90 days before being purged.
Data required for legal compliance may be retained as required by law.

9. Children's Privacy

GLPCircle is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete that information immediately. If you believe a minor is using the App, please let us know via our contact form.

10. International Data Transfers

Our servers are located in the United States. If you access the App from outside the US, your data will be transferred to and processed in the US. By using the App, you consent to this transfer. For European users, we use Standard Contractual Clauses to provide appropriate safeguards for international data transfers.

11. Cookies

GLPCircle uses essential cookies to keep you logged in and maintain your session. We do not use advertising or marketing cookies, and we do not use third-party tracking cookies that follow you across other websites. Analytics cookies help us understand how the community uses the App so we can improve it. These are optional and you can opt out in your account settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date and notify you through the App. Continued use of GLPCircle after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, data access requests, data deletion requests, or GDPR/CCPA inquiries, reach us through our contact form.

Be My Guest LLC, doing business as GLPCircle
State of Incorporation: Delaware