Sign In
Terms & Policies

SugarGlitch — Privacy Policy

Last Modified: April 20, 2026

This Privacy Policy ("Privacy Policy" or "Policy") describes the types of information collected and processed by SugarGlitch Ltd, a Cyprus private limited company ("SugarGlitch," "we," "our," or "us").

We take the protection of your information seriously. We use industry-standard encryption to protect personal information in transit and at rest, and we implement technical and organizational measures designed to safeguard your information against unauthorized access, disclosure, alteration, or destruction.

Except as otherwise described, this Policy applies to the website at sugarglitch.com and any other electronic or digital products or services made available by SugarGlitch and that link to this Policy (collectively, the "Services").

By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not access or use the Services.

Capitalized terms not defined here have the meanings given in the SugarGlitch Terms of Service.

1. Information We Collect

When you access or use our Services, we may collect information from you. The types of information we collect depend on how you use the Services. Some information is required to provide the Services to you — if you do not provide it, or if you ask us to delete it, certain features may no longer be accessible. The information we collect includes information you provide directly, information we collect automatically, and information we obtain from other sources.

Information You Provide Directly to Us

You may provide us with information when you register for an account, use the Services, communicate with us, subscribe to communications, or participate in a promotion. This information may include:

  • Email address
  • Username
  • Account preferences (including your NSFW access setting)
  • Payment information, processed by our third-party payment providers (we do not store full card numbers on our systems)
  • Your User Content, including chat communications, prompts, generated outputs, and shared Characters
  • Content of communications with us, such as support requests

You are not required to provide this information, but certain features may not be available without it.

Information We Collect Automatically

We and our third-party service providers may use cookies, web beacons, pixel tags, and similar technologies to collect information about the devices you use to access the Services, including:

  • Browser type, ISP, and operating system
  • Domain name and referring or exit pages
  • Access times, page views, and session duration
  • IP address and unique device identifiers
  • Version of the Services you are using
  • Blockchain addresses
  • General location inferred from your IP address (we do not collect precise GPS location)
  • How you engage with and navigate the Services

We use this information for analytics (including to determine which portions of the Services are used most frequently), to evaluate the success of any advertising campaigns, to detect fraud and abuse, and as otherwise described in this Policy. For details on how we use cookies and how to manage them, see Section 4 below.

Information We Collect From Other Sources

Third-Party Logins. The Services support sign-in via third-party accounts ("Third-Party Accounts"), including Google, Apple, Meta (Facebook/Instagram), X (Twitter), Discord, LINE, and KakaoTalk. When you connect a Third-Party Account, that platform shares certain information with us in accordance with the permissions you grant — typically a unique identifier, your name or username, your email address, and a profile image. Connecting a Third-Party Account is optional. You can revoke permission at any time by disconnecting SugarGlitch from your settings on the relevant third-party platform. We may retain information collected through a Third-Party Account in accordance with this Policy even after you disconnect.

Referrals and other sources. We may receive information about you from other users (for example, when you are referred to the Services), from our service providers, and from third-party platforms when you interact with our content on those platforms.

2. How We Use the Information We Collect

We may use your information for the following purposes:

  • Provide, administer, and personalize the Services
  • Process transactions, manage subscriptions, and prevent payment fraud
  • Communicate with you about the Services, including to inform you of features, respond to inquiries, and notify you of changes to our terms or policies
  • Send marketing communications where permitted (you may unsubscribe at any time)
  • Analyze, maintain, improve, modify, customize, and measure the Services, including to train, evaluate, and refine our artificial intelligence and machine-learning models
  • Develop new features and Services
  • Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service or other policies
  • Enforce our Terms of Service and other agreements, and protect our rights, privacy, safety, or property — and that of our users and the public
  • Comply with legal obligations, respond to legal process, and cooperate with law enforcement and regulators
  • Carry out any other purpose disclosed at the time the information was collected

We may combine information collected through the Services with information from other sources, and we may aggregate or de-identify information. We may use and disclose aggregated or de-identified information for any purpose, including research and marketing.

3. When We Disclose the Information We Collect

We may disclose your information in the following circumstances:

Service providers. We disclose information to vendors and consultants who perform services on our behalf and need access to it to do so. Categories of service providers include:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Analytics providers
  • Email and communications providers
  • Customer support and ticketing providers
  • Error-monitoring and security providers
  • AI and machine-learning service providers used to power generation features
  • Content moderation and trust-and-safety providers
  • Fraud-prevention and identity-verification providers
  • Legal, accounting, and other professional advisors

We require our service providers to handle personal information consistent with applicable law and our instructions. A current list of significant subprocessors is available on request by contacting [email protected].

Affiliates. We may disclose information to entities that control, are controlled by, or are under common control with SugarGlitch. Affiliates will use the information consistent with this Policy.

Other users. Certain actions you take are visible to other users — for example, public Characters you create, comments you post, or profile information you choose to make public. Once Content is made public, you should assume it may be seen, copied, and shared by others.

Advertising and analytics partners. We may share certain online identifiers (such as cookie data, IP addresses, device identifiers, and usage information) with advertising and analytics partners to operate the Services, measure performance, and serve advertisements. See Section 4 for more information and how to opt out.

Safety and protection of SugarGlitch and others. We may disclose information if we believe in good faith it is necessary to (i) protect or defend SugarGlitch or other parties, including to enforce this Policy or our Terms of Service, or (ii) protect the rights, property, or personal safety of SugarGlitch, our employees, our users, or the public.

Legal requirements. We may disclose information if we believe in good faith that disclosure is necessary or appropriate to comply with applicable law, legal process, or government requests, including to respond to a warrant, subpoena, court order, or regulatory inquiry.

Business transfers. We may disclose information in connection with the negotiation or closing of any merger, financing, acquisition, sale of assets, or other corporate transaction.

With your consent or at your direction. We may disclose your information to other parties based on your consent or your specific direction.

4. Cookies, Online Analytics, and Tailored Advertising

Cookies

We and our third-party providers use cookies and similar technologies to operate, secure, and improve the Services, to remember your preferences, and to support advertising and analytics. Most browsers accept cookies by default but allow you to modify your settings to decline cookies. If you decline cookies, some features may not function properly. For users in the European Economic Area, the United Kingdom, and other jurisdictions that require it, we use a cookie consent banner to manage non-essential cookies based on your preferences.

Analytics

We use third-party web analytics services to help us understand how users use the Services. These providers use technologies described above to evaluate your use of the Services. The information collected by these technologies is disclosed to or collected directly by these providers, who use it to evaluate use of the Services and prepare reports for us. Where applicable, you can use opt-out tools made available by these providers (for example, the Google Analytics Opt-Out Browser Add-on).

Tailored Advertising

The Services include or may include advertising. We may permit third-party advertising networks to place cookies or other tracking technologies on your device to (a) inform, optimize, and serve marketing content based on your visits to our Services and other online services and (b) measure the performance of advertising. We may also allow these parties to access their own cookies or tracking technologies on your device.

To learn more about tailored advertising and how to manage it, you may visit:

  • The Network Advertising Initiative ("NAI") Consumer Opt-Out Link
  • The Digital Advertising Alliance ("DAA") Consumer Opt-Out Link
  • The European Interactive Digital Advertising Alliance ("EDAA") opt-out tools
  • Google Ads Settings, to manage Google's advertising personalization

If your browser is configured to reject cookies when you visit these opt-out pages, or if you erase your cookies or change browsers or devices, your opt-out may no longer be effective. Even if you opt out of tailored advertising, you may still see advertising — it just won't be tailored to your interests.

5. Your Choices

We offer you certain choices regarding the collection, use, and disclosure of your information.

Profile information. You may verify, correct, update, or delete certain information through your account settings. You may also deactivate your account from your account settings.

Marketing communications. You can unsubscribe from marketing emails by following the directions in those emails or through your account settings. Even if you unsubscribe from marketing emails, we may still send you administrative or transactional emails (for example, notices about changes to our Terms of Service or this Policy).

Cookies and analytics. You can manage cookies and analytics as described in Section 4.

Rights to information about you. Depending on your jurisdiction, you may have the right to request that we:

  • Provide information about the categories of personal information we collect, the categories of sources, the purposes of processing, and the categories of recipients
  • Provide access to and/or a copy of certain information we hold about you
  • Update information that is out of date or incorrect
  • Delete certain information we hold about you
  • Restrict the way we process and disclose certain information about you
  • Transfer your information to a third-party provider of services (data portability)
  • Opt out of processing for direct-marketing purposes (including any direct marketing based on profiling)
  • Opt out of automated decision-making producing legal or similarly significant effects
  • Withdraw consent for processing where consent is the legal basis

You may be able to designate an authorized agent to make requests on your behalf. To verify an authorized agent, we may require signed written permission or a power of attorney, and we may follow up with you directly to confirm your identity.

Certain information may be exempt from such requests under applicable law — for example, information we are required to retain for legal compliance or to secure the Services. We may need certain information to provide the Services to you; if you ask us to delete it, you may no longer be able to use the Services.

To exercise any of these rights, contact us at [email protected]. We take reasonable steps to verify your identity before responding. If we cannot verify your identity, we may be unable to respond. If we deny your request, you may have the right to appeal — we will explain how in our response.

You also have the right not to be discriminated against (as provided by applicable law) for exercising these rights.

6. Regional Privacy Disclosures

European Economic Area, United Kingdom, and Switzerland

SugarGlitch Ltd is the "data controller" of personal data we handle under this Policy within the meaning of the EU General Data Protection Regulation ("GDPR") and the UK GDPR.

Legal bases for processing. We rely on the following legal bases:

  • Performance of a contract: to provide the Services to you and honor our agreements with you
  • Consent: for certain processing where consent is required (such as for non-essential cookies, certain marketing communications, or processing of special category data) — you may withdraw consent at any time without affecting the lawfulness of prior processing
  • Legitimate interests: for activities such as improving the Services, securing our systems, preventing fraud, conducting analytics, managing our business, and providing customer support, where those interests are not overridden by your fundamental rights and freedoms
  • Legal obligation: to comply with applicable law and respond to legal process

Special category data. Some of your activity on the Services may reveal information that GDPR treats as "special category data" (for example, data revealing sex life or sexual orientation). Where we process special category data, we do so on the basis of your explicit consent or another applicable legal basis under GDPR Article 9.

Your rights. In addition to the rights described in Section 5, you have the right to lodge a complaint with the data protection authority in your country of residence. We encourage you to contact us first at [email protected] — we will do our best to address your concerns.

Data Protection Officer. You can contact our Data Protection Officer at: [email protected].

California

Throughout this Policy we describe the categories of personal information we collect, the sources of that information, the purposes for which we process it, and the categories of parties with whom we disclose it. Under the California Consumer Privacy Act, as amended ("CCPA"), we provide the following summary of "categories" as defined by the CCPA.

Categories of personal information collected: identifiers; commercial or transactional information; financial information (such as payment information processed by our payment providers); internet or other electronic network activity information; general geolocation data; audio, visual, or similar information you submit; professional or employment-related information you choose to provide; inferences drawn from any of the foregoing; and other information you may voluntarily provide through User Content or communications with us.

Categories of sensitive personal information collected: account log-in credentials; and other sensitive personal information you may voluntarily provide as a user of the Services (for example, User Content that reveals racial or ethnic origin, religious beliefs, sex life, sexual orientation, or health information). We process sensitive personal information only for purposes for which a right to limit use does not apply under the CCPA.

Sources, purposes, and disclosures. See Sections 1, 2, and 3 above.

"Sale" and "sharing" under the CCPA. When we refer to "sell" or "share" in quotes, we mean those terms as defined by the CCPA. We may use third-party analytics and online advertising services that may result in the "sharing" of online identifiers (such as cookie data, IP addresses, device identifiers, general location, and usage information) with advertising partners. You or your authorized agent can opt out of this "sharing" using the tools described in Section 4.

We do not knowingly "sell" or "share" the personal information of consumers under 16.

Do-Not-Track signals. We do not currently respond to browser-initiated Do Not Track signals, as the industry has not finalized a uniform standard. We do honor Global Privacy Control ("GPC") signals as an opt-out of "sharing" for residents of states whose law recognizes them.

CCPA rights. California residents may make requests to know, delete, correct, and limit the use of sensitive personal information as described in Section 5. We will not discriminate against you for exercising your rights.

Nevada

Nevada residents have the right to opt out of the "sale" of certain personal information to unaffiliated parties as defined under Nevada Revised Statutes Chapter 603A. We do not currently sell personal information as defined under Nevada law. To submit a request, contact us at [email protected] with the subject line "Nevada Do Not Sell Request" and include your name and the email address associated with your account.

Other Jurisdictions

Users in other jurisdictions (including but not limited to Japan, South Korea, Brazil, and Canada) may have additional rights under local law. To exercise such rights or to learn more, contact us at [email protected].

7. Children's Privacy

The Services are intended for users aged 13 and older. Users under 13 are not permitted to register or use the Services. If we learn that we have collected personal information from a user under 13 without parental consent (where required), we will close the account and delete the information to the extent required by the U.S. Children's Online Privacy Protection Act ("COPPA") and other applicable laws.

In some EU member states and other jurisdictions, the minimum age for consent to data processing is higher than 13 (for example, 16 under GDPR in some member states). Where local law requires verifiable parental consent for data processing of users below the local consent age, you must obtain that consent before using the Services or have a parent or guardian register on your behalf.

Users between 13 and 17 may only access portions of the Services designated as Safe-for-Work. Access to NSFW content requires users to be 18 or older (or the legal age of majority in their jurisdiction, whichever is higher). For details, see our Underage Policy.

8. Security

We implement technical, administrative, and physical safeguards designed to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include encryption of personal information in transit and at rest, access controls, and regular security reviews. However, no method of transmission over the internet or method of electronic storage is fully secure. We cannot guarantee the absolute security of your information, and you provide it at your own risk.

9. Data Retention

In general. We retain your information for as long as is necessary for the purposes for which it was collected, including to provide the Services to you, comply with our legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements. When information is no longer needed, we delete or aggregate it in accordance with our retention practices.

Public Characters. If a Character you create and set to "Public" reaches a certain threshold of popularity, we reserve the right to preserve that Character's defining characteristics and to keep it active on the Services even if you delete other data or your account. We do this to avoid disrupting the experience of other users who interact with the Character. To avoid associating personal information with such a Character, please avoid submitting any personal information as part of the Character creation flow when creating a Public Character.

Backups. Information may persist in encrypted backups for a limited period after deletion from active systems, after which it will be overwritten in the ordinary course of our backup-rotation practices.

10. International Data Transfers

The Services are global. SugarGlitch Ltd is established in Cyprus, but your information may be stored and processed in the United States and other countries outside the country in which you reside. These countries may have data-protection laws that differ from the laws in your country, and in some cases data may be accessible to law enforcement and national security authorities under those countries' laws.

Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards to legitimize the transfer. These safeguards include:

  • The Standard Contractual Clauses ("SCCs") approved by the European Commission, and the UK International Data Transfer Addendum or UK SCCs where applicable
  • Technical and organizational measures, including encryption in transit and at rest, access controls, and regular security reviews
  • Where applicable, transfers to recipients in countries recognized as providing an adequate level of data protection

You may request a copy of the safeguards we use for international data transfers by contacting us at [email protected].

By using the Services, you acknowledge that your information may be transferred to and processed in countries outside your country of residence as described above. Where consent is the legal basis for such transfer under applicable law, your use of the Services constitutes your consent to that transfer.

11. Links to Third-Party Websites

The Services may contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information by third parties will be governed by their own privacy policies, not this Policy. We encourage you to read those policies before providing information to them.

12. Right to Be Forgotten

You have the right, under applicable law, to request the erasure of personal data concerning you without undue delay, and we will erase such data without undue delay where required. This applies, for example, where there is no good reason for us to continue processing the data, where you have successfully objected to processing, where data has been processed unlawfully, or where erasure is required by law.

We may not always be able to comply with a request for erasure for specific legal reasons, which we will explain to you at the time of your request. Reasons we may decline include the need to comply with legal obligations, exercise or defend legal claims, prevent fraud, or protect the rights of others.

13. Time Limit to Respond

We aim to respond to all legitimate requests within one month. Occasionally a response may take longer if your request is particularly complex or if you have made several requests; in that case, we will notify you and keep you updated.

14. Changes to This Policy

We may change this Policy from time to time to reflect changes in the law, our information practices, or the features of the Services. We will indicate the date of the most recent update at the top of this Policy. If we make a material change, we will provide appropriate notice in accordance with legal requirements (for example, by email or by posting a notice on the Services). By continuing to use the Services after a change becomes effective, you confirm that you have read and understood the latest version of this Policy.

15. Contact Us

If you have any questions about this Privacy Policy or our information practices, or to exercise any of the rights described above, please contact us at:

SugarGlitch Ltd
[REGISTERED ADDRESS — TBD]
Cyprus
Email: [email protected]

For users in the European Economic Area, the United Kingdom, or Switzerland: you may also contact our Data Protection Officer at [email protected], or lodge a complaint with the data protection authority in your country of residence.