Privacy Policy

What we know,and what we don’t.

This Privacy Policy describes how TypeSpan (“TypeSpan,” “we,” “us,” or “our”) collects, uses, and protects your personal data when you use the TypeSpan plugin for Glyphs.app and the TypeSpan website. These are collectively referred to as the “Services.” By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

We only collect information when it is necessary to provide our Services. All information is collected through fair and lawful means with your knowledge and consent. TypeSpan does not share or sell your information for advertising or marketing purposes.

§ 1 Information We Collect

We collect several different types of information to provide and improve our Services:

1-1. Personal Data

When you create an account through our OAuth authentication system, we may collect the following personally identifiable information:

  • Email address
  • Name (first and last name, if provided by OAuth)
  • Profile image/avatar (if provided by your OAuth provider)
  • OAuth account identifier
  • API Key (Pro subscribers only): a hashed token stored on our servers, used to authenticate plugin requests. The raw key is shown once at creation and never stored.

1-2. Font and Time Tracking Data

TypeSpan collects the following information solely for time tracking and reporting features:

  • Font Metadata: Font name, total glyph count, and master information (names and identifiers)
  • Glyph Information: Glyph names, unicode values, color labels, and export status
  • Time Tracking Data: Working time records per glyph and master, including dates and duration
  • Session Data: Temporary session identifiers used to display your reports

We do not collect glyph shapes, vector data, or your complete font files. Your original time tracking data remains stored locally within your Glyphs font files.

1-3. Usage Data

We may collect information about how you access and use the Services, including your IP address, device type, browser type and version, pages visited, time and date of visits, and other diagnostic data. This information is used to maintain and improve the Services.

The TypeSpan plugin sends a lightweight daily ping to verify service availability and check for updates. This ping includes a one-way hashed representation of your IP address (not the IP itself) and the plugin version. No personally identifiable information is transmitted.

1-4. Payment Information

When you subscribe to our paid services, Paddle (our third-party payment processor and merchant of record) collects and processes your payment information, including your name, email, billing address, and credit/debit card information. We do not directly store or process your payment card details. Payment processing is subject to Paddle’s terms of service and privacy policy.

§ 2 Use of Data

TypeSpan uses the collected information for the following purposes:

  • Service Operation: To provide, maintain, update, monitor, and protect the Services, including generating time tracking reports
  • Account Management: To manage your account, authentication, and subscription
  • Communication: To provide customer and technical support, and to send service-related notifications
  • Service Improvement: To analyze usage patterns and improve the Services
  • Payment Processing: To process subscription fees and manage billing through our payment processor
  • Legal Compliance: To comply with applicable laws and regulations or court orders
  • Security: To detect, prevent, and respond to potential fraud, violations of our terms, or misuse of the Services

TypeSpan does not use your data for advertising, marketing to third parties, or training artificial intelligence models without your explicit consent.

§ 3 Cookies and Tracking Technologies

TypeSpan uses a minimal number of cookies and similar technologies to provide essential functionality. We do not use advertising or tracking cookies.

3-1. Essential Cookies

These cookies are necessary for the Services to function:

  • Session Cookies: For account authentication and security
  • Preference Cookies: To remember your interface preferences (e.g., sidebar state)

3-2. Third-Party Cookies

Our third-party service providers may set cookies:

  • Paddle: For payment processing and subscription management
  • Cloudflare: For content delivery, security, and performance

TypeSpan does not use Google Analytics, advertising pixels, or other behavioral tracking technologies.

§ 4 Sharing With Others

We do not sell or share your personal data for advertising or marketing purposes. We may disclose your information only in the following circumstances:

  • Service Providers: We may share data with third-party service providers who perform services on our behalf (e.g., Paddle for payment processing, Cloudflare for content delivery). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal Requirements: We may disclose your information if required by law, court order, or governmental request, or to protect the rights, property, or safety of TypeSpan, our users, or the public.
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, your information may be transferred.
  • With Your Consent: We may share your information with other third parties when you explicitly consent to such sharing.

§ 5 International Data Transfer

Your information may be transferred to and maintained on servers located outside of your state, province, or country. Data protection laws may differ from those in your jurisdiction.

Our primary database is Cloudflare D1. The location of the primary database is determined automatically by Cloudflare based on where it is first accessed, and may be located in any of Cloudflare’s regions worldwide. The Services run on Cloudflare Workers, which process requests at edge nodes distributed globally. As a result, your data may transit through or be stored in multiple regions depending on your location. By using the Services, you consent to the transfer of your information to these locations.

TypeSpan takes steps to ensure that your data is treated securely and in accordance with this Privacy Policy. We have appropriate technical and organizational measures in place to protect your data during transfer and storage.

§ 6 Data Retention

We retain your information only for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy:

  • Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes
  • Report Data (/report): Report data uploaded to your private report expires one hour after export. If you choose to convert a report to a public share link (/share), that data is retained on our servers indefinitely until you manually close the share link. Only Pro subscribers can create share links.
  • Payment Records: Retained as required by law for tax and accounting purposes
  • Local Data: Your original time tracking data remains stored locally in your Glyphs font files under your control

§ 7 How We Secure Your Information

The security of your data is important to us. We implement technical, administrative, and physical safeguards to protect your information from loss, misuse, unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments and updates
  • Access controls and monitoring
  • Secure data centers with physical security measures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

§ 8 Your Data Protection Rights (GDPR/UK)

Depending on your location, you may have certain rights regarding your personal data. For residents of the European Union (EU), European Economic Area (EEA), United Kingdom, or similar jurisdictions, these rights may include:

  • Right to Access: Request access to and obtain a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: Request that we limit how we use your personal data.
  • Right to Data Portability: Receive your personal data in a structured and machine-readable format.
  • Right to Object: Object to our processing of your personal data.
  • Right to Withdraw Consent: Withdraw your consent at any time where we rely on it.
  • Right to Complain: Lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us. We may ask you to verify your identity before responding. Please note that certain Services may not be available without necessary data.

You can also choose not to use the report upload feature. Your time tracking data remains stored locally in your font files. You have full control over whether to share it with our Services.

§ 9 California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

  • Right to Know: Request disclosure of what personal information we collect, use, and share.
  • Right to Delete: Request deletion of personal information collected from you.
  • Right to Opt-Out: Direct us not to sell or share your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Non-discrimination: We will not discriminate against you for exercising your privacy rights.

TypeSpan does not sell your personal information. We also do not share your information with third parties for their own commercial purposes. To exercise your California privacy rights, please contact us.

Our Services do not currently respond to “Do Not Track” (DNT) signals from web browsers. We use only a minimal number of essential cookies for account management and security.

§ 10 Children’s Personal Data

To use the Services, you must be at least 13 years old if you reside in the United States, or at least 16 years old if you reside elsewhere. If you are under 18 years old, depending on where you reside, you may need to have your parent or guardian’s consent to use the Services.

We do not knowingly collect personal data from children under these age limits without parental consent. If you are a parent or guardian and become aware that your child has provided us with personal data without your consent, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information.

§ 11 Third-Party Service Providers

We use third-party companies and services to facilitate our Services, provide Services on our behalf, or assist us in analyzing how our Services are used. These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Our primary service providers include:

  • Paddle: Payment processing and subscription management (Merchant of Record)
  • Cloudflare: Application hosting, database (D1), object storage (R2), content delivery network (CDN), security, and performance optimization
  • Sentry: Error monitoring and diagnostic reporting
  • OAuth Providers: Third-party authentication services (e.g., Google, GitHub, Discord) for account access

Each of these service providers has their own privacy policies. We encourage you to review their policies to understand how they handle your data.

§ 12 Links to External Sites

Our Services may contain links to external websites or services that are not operated by us. We have no control over the content and practices of these sites and cannot accept responsibility for their respective privacy policies. We urge you to read the privacy and security policies of any third-party sites before providing information to them.

§ 13 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the date at the bottom of this page. If a modification materially reduces your rights, we will notify you by email or by displaying a prominent notice in the Services. Modifications will not apply retroactively.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Continued use of the Services after any modification takes effect constitutes acceptance of the updated Privacy Policy.

§ 14 Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need assistance, please contact us at hello@typespan.com.

Last updated: June 9, 2026