Legal

Privacy Policy - Glitch (Chrome Extension + MCP Server)

Effective Date: February 17, 2026

Applies to: (1) the Glitch Chrome Extension ("Extension"), (2) the Glitch MCP Server and related APIs ("Service"), and (3) the website at tryglitch.app (the "Site").

Company/Controller: Glitch ("we," "us," "our").

This Privacy Policy explains what information Glitch collects, how we use it, where it is stored, when it is shared, and the choices you have.

1) Summary (Key Points)

• You control capture. Glitch does not run "always on." The Extension injects capture code only when you start a snapshot or recording.
• Captures can include sensitive page content. A context pack may include DOM structure, attributes, and computed styles of selected elements and related parent/child context. Depending on the page, that could include personal data that appears in the DOM.
• Local export stays local. If you export a context pack to your device, it is stored locally and not sent to us unless you choose to upload.
• Cloud upload is optional. If you upload to the MCP server, we store the context pack and related metadata to provide MCP tools and retrieval.
• We do not sell personal information. We do not sell or rent your information to third parties.

2) Definitions

"Context Pack": A JSON-based (and optionally ZIP-compressed) package containing captured bug context (e.g., manifest metadata, element data, computed CSS, geometry, parent chain, and optional timeline deltas).

"Capture": A snapshot or recording session initiated by you through the Extension.

"MCP Server": Optional backend that stores context packs and provides programmatic access via Model Context Protocol tools.

3) Information We Collect

A. Information Collected by the Extension (During a Capture)

When you initiate a snapshot or recording, Glitch may collect:

Element and DOM context

• HTML tag names, selectors, attributes, and DOM structure related to selected elements.
• Parent-chain context and surrounding hierarchy necessary to reproduce layout/state.

Style and layout data

• Computed CSS styles.
• Layout geometry (e.g., bounding boxes, overflow, z-index stacking context).
• Visual state information relevant to rendering.

Timeline / state deltas (Recorder mode)

• Time-stamped changes detected via MutationObserver (e.g., attribute/style/DOM mutations) to show when a bug appeared.

Capture metadata

• Bug-type tags you select (if any).
• Timestamps and local identifiers for the capture session.

Important: Glitch is designed for UI debugging, which means the captured DOM may include personal data if that data is present on the page (e.g., usernames, emails, IDs, messages, addresses). Glitch does not intentionally target sensitive data, but it may be present in the captured DOM.

B. Information You Provide

Depending on how you use Glitch, you may provide:

Account / API key information (for higher limits and premium features)

• API key(s) associated with your account.
• Associated account identifiers (e.g., internal user ID).

Email address (waitlist / onboarding)

• If you sign up via the Site waitlist, we collect your email and send a confirmation email (via Resend).

C. Information Collected Automatically by the Service/Site

When you use the MCP server or visit the Site, we may collect:

Server logs and usage data

• IP address, request timestamps, endpoints accessed, error logs, rate-limit events.
• Basic device/browser info sent by your client (e.g., user agent).

Security and abuse prevention signals

• API authentication events and failed attempts.
• Rate limiting and suspicious activity indicators.

We do not use the Extension to track your browsing activity. The Extension operates on-demand, triggered by you.

4) What We Do Not Collect (By Design)

• No always-on recording: We do not continuously record pages in the background.
• No keystroke logging: We do not intentionally capture keystrokes.
• No screen/audio recording: We do not capture audio, video, or screenshots as part of the described product.
• No sale of personal data: We do not sell personal information.

5) How We Use Information

We use collected information to:

Provide core functionality

• Generate context packs.
• Enable exporting packs locally.
• Enable uploading and retrieving packs via the MCP server tools (e.g., get_pack_manifest, get_element_data, get_state_at_time).

Operate and secure the Service

• Authenticate API requests (API keys / bootstrap tokens).
• Enforce rate limits and prevent abuse.
• Troubleshoot errors and maintain reliability.

Onboarding and communications

• Send waitlist confirmation and onboarding-related emails (via Resend).
• Provide support responses when you contact us.

Service improvement

• Analyze aggregated usage patterns and error rates to improve stability and performance.

We do not use your uploaded context packs to train public models unless you explicitly opt in through a separate written agreement.

6) Where Data Is Stored

A. Local Storage (Extension)

• The Extension may store limited configuration and tokens locally (e.g., a trial "bootstrap token") using Chrome extension storage.
• If you export a context pack, it is stored on your device in the location you choose.

B. Cloud Storage (Optional Uploads)

If you upload to the MCP server, your context packs and metadata are stored in one of the following (depending on deployment configuration):

• Local filesystem storage (server-side), and/or
• S3-compatible object storage, and/or
• PostgreSQL for metadata (optional).

The MCP server may be deployed on Railway or run locally via stdio MCP mode.

7) Sharing and Disclosure

We share information only as follows:

A. Service Providers (Processors)

We may share limited information with vendors that help us operate Glitch, such as:

• Email delivery provider (e.g., Resend) for waitlist/onboarding emails.
• Hosting and infrastructure providers (e.g., Railway).
• Storage providers (e.g., S3-compatible storage), if enabled.

These providers are authorized to process information only as needed to provide services to us and are required to protect it.

B. With Your Instruction

• When you choose to upload a context pack, you direct us to store it and make it accessible via MCP tools.
• When you share a context pack with a third party (e.g., a teammate or an AI assistant), you control that disclosure.

C. Legal and Safety

We may disclose information if we believe in good faith that it is necessary to:

• Comply with law, regulation, subpoena, or legal process.
• Protect the rights, safety, and security of Glitch, our users, or the public.
• Detect, prevent, or address fraud, abuse, or security issues.

D. Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy (or a successor policy).

8) Data Retention

• Local exports: retained on your device until you delete them.
• Uploaded context packs: retained until you delete them (if deletion tooling is available) or until we delete them in accordance with our retention practices.
• Logs: retained for a limited period for security and operational purposes, then deleted or aggregated.

Practical note: If you need a guaranteed retention schedule (e.g., 30/90/365 days), Glitch can publish a product-specific retention addendum and implement automatic deletion controls.

9) Your Choices and Controls

A. Do Not Upload

You can use Glitch entirely with local export only, without uploading any context packs.

B. Review Before Sharing

Because context packs may include page content, you should review packs before sharing externally, especially if the target page includes personal data, credentials, secrets, or proprietary information.

C. Deletion

Depending on your deployment:

• If you run the MCP server locally, you can delete files directly from your storage.
• If using Glitch-hosted cloud storage, you may request deletion of uploaded packs and account data by contacting us (see Contact section).

D. Email Preferences

You may unsubscribe from non-essential emails if offered in the message footer. Waitlist/onboarding emails may be transactional and limited.

10) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, or alteration. These safeguards may include:

• API key authentication for server access.
• Rate limiting and monitoring.
• Access controls for storage systems.

No system can be 100% secure. You are responsible for protecting your API keys and any exported context packs stored on your device.

11) Children's Privacy

Glitch is intended for developers and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us so we can delete it.

12) International Users

If you use Glitch from outside the United States, your information may be transferred to and processed in the United States or other locations where we or our service providers operate. We take steps designed to ensure appropriate protections for such transfers where required.

13) Third-Party Websites and Content

The Extension operates on pages you visit. Those sites are governed by their own privacy policies. Glitch is not responsible for third-party sites' practices.

If you share context packs with third-party AI tools or developers, their handling of the data is governed by their policies and agreements with you.

14) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the Effective Date and may provide additional notice via the Site or within the product.

15) Contact Us

For privacy questions, data access requests, or deletion requests, contact:

Glitch Privacy
Email: hello@tryglitch.app
Website: tryglitch.app

16) Product-Specific Notes (Transparency)

Extension Permissions and Data Access

Glitch requests permissions needed to operate on-demand capture and UI:

• activeTab / host permissions: to access the current page only when you initiate a capture.
• scripting: to inject the capture script on demand.
• storage: to store local settings/tokens.
• sidePanel / tabs: to display the UI and coordinate capture flow.

Glitch does not read all pages continuously; it accesses a page only when you use the Extension to capture.

AI Consumption

Context packs are designed to be readable by AI coding assistants. If you upload to the MCP server and then connect an AI assistant to that MCP endpoint, the assistant may retrieve and process context pack data. You control whether to upload and whether to connect an assistant.