Skip to content

Legal

Privacy Policy

Effective date: 10 April 2026 · Last updated: 10 April 2026

1. Introduction

This Privacy Policy describes how Apri Software L.L.C-FZ ("Apri", "we", "us" or "our"), a company registered in the Meydan Free Zone in Dubai, United Arab Emirates under license number 2647334.01, collects, uses, stores and protects information in connection with our website at apri.ae and our messaging application Gluline (together, the "Services").

We take privacy seriously. Gluline is built so that we cannot read the content of your messages, and we collect only the minimum information necessary to operate the Services. If you have any questions about this Policy, you can contact us at s.makarov@apri.ae.

2. Data controller

The data controller for the Services is:

Apri Software L.L.C-FZ
Meydan Grandstand, 6th floor, Meydan Road,
Nad Al Sheba, Dubai, United Arab Emirates
License Number: 2647334.01
Email: s.makarov@apri.ae

3. Information we collect

We deliberately keep data collection to a minimum. The categories of data we may process are:

3.1 Account information

When you create a Gluline account, we collect and store a unique account identifier together with either your phone number or email address, used solely to let other users find you and to deliver messages to your device. You may also choose to provide an optional display name and profile picture.

3.2 Message metadata

To route messages to the correct recipient, our servers process limited metadata such as sender and recipient identifiers, timestamps, message sizes, and delivery status. We do not maintain persistent logs of who contacts whom beyond what is strictly required to deliver messages and provide essential anti-abuse protection.

3.3 Message content

All message content — including text, images, files, voice messages, and calls — is protected with end-to-end encryption using ECDH P-256 key exchange and AES-256-GCM authenticated encryption. Keys are generated and stored on your device. We do not have access to the content of your messages and cannot decrypt them.

3.4 Device information

To deliver push notifications and provide technical support, we may process basic device information such as operating system version, app version, device model, and a push notification token provided by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM).

3.5 Usage and diagnostic data

We may collect anonymised, aggregated technical diagnostics such as crash reports and performance metrics to improve the Services. These diagnostics are not linked to your account and cannot be used to identify you.

4. AI assistant

Gluline includes an optional built-in AI assistant that can help with tasks such as drafting replies, translating, and summarising. We have designed the assistant with privacy in mind:

  • Wherever possible, AI features run on your device, which means your data never leaves the device.
  • When a feature requires server-side processing, we send only the specific content necessary to fulfil your request. This content is processed ephemerally: it is not stored beyond the lifetime of the request, is not used to train machine-learning models, and is not associated with your account identifier where technically possible.
  • The AI assistant is clearly indicated in the user interface. You can opt out at any time from the app settings.

5. How we use information

We use the information described above to:

  • operate, maintain and secure the Services;
  • route and deliver messages, calls and notifications;
  • authenticate users and prevent fraud, spam and abuse;
  • provide customer support and respond to inquiries;
  • comply with applicable legal obligations; and
  • improve the Services using anonymised diagnostics.

For users located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation ("GDPR"):

  • Performance of a contract — where processing is necessary to provide the Services you have requested;
  • Legitimate interests — for example, to protect the security of our users and prevent abuse;
  • Consent — where you have given us consent, for example to use optional features; and
  • Legal obligation — where we are required to process your data to comply with the law.

You may withdraw consent at any time by contacting s.makarov@apri.ae. Withdrawal does not affect the lawfulness of processing that took place before the withdrawal.

7. Sharing of information

We do not sell or rent your personal data. We share information only with a limited number of trusted service providers who help us operate the Services, and only to the extent necessary:

  • Push notification providers (Apple Push Notification service, Firebase Cloud Messaging) to deliver notifications to your device;
  • Cloud infrastructure providers for hosting, storage and content delivery;
  • Anti-abuse and anti-spam providers to protect the integrity of the network;
  • Analytics providers processing only anonymised, aggregated data.

Each provider is bound by contractual obligations requiring appropriate technical and organisational safeguards. We may also disclose information when legally compelled to do so, as described in Section 10.

8. Data storage and international transfers

Our primary data processing infrastructure is operated on reputable cloud providers. Data may be stored in and transferred to data centres located in the United Arab Emirates, the European Union, or other jurisdictions where our service providers operate. When data is transferred outside of your country of residence, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

9. Data retention

We retain personal data only for as long as necessary to provide the Services and comply with our legal obligations:

  • Account information is retained for as long as your account is active. If you delete your account, we delete the associated identifiers within thirty (30) days, subject to any legal retention obligations.
  • Undelivered messages are queued on our servers in encrypted form and deleted once delivered, and in any case no later than thirty (30) days after being queued.
  • Diagnostic data is retained for no longer than ninety (90) days in identifiable form.

We may disclose information when we have a good-faith belief that doing so is required by applicable law, regulation, court order, or to protect the rights, property or safety of Apri, our users or the public. Because message content is end-to-end encrypted, we are technically unable to disclose the content of your messages.

11. Security

We take reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include end-to-end encryption of message content, encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission or storage is one hundred percent secure, and we cannot guarantee absolute security.

12. Your rights

Subject to applicable law, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and the GDPR, you may have the following rights in respect of your personal data:

  • Access — to request a copy of the personal data we hold about you;
  • Rectification — to ask us to correct inaccurate or incomplete data;
  • Erasure — to ask us to delete your personal data ("right to be forgotten");
  • Restriction — to ask us to restrict processing in certain circumstances;
  • Portability — to receive a copy of your data in a structured, commonly used, machine-readable format;
  • Objection — to object to certain processing activities; and
  • Complaint — to lodge a complaint with a supervisory authority.

You can exercise these rights by contacting s.makarov@apri.ae. We will respond within the timeframes required by applicable law.

13. Children's privacy

The Services are not directed to children under the age of thirteen (13), and we do not knowingly collect personal data from children under 13. In jurisdictions where a higher minimum age applies, that higher age applies. If you believe we have inadvertently collected data from a child, please contact us so we can delete it.

14. Cookies and website analytics

Our website at apri.ae uses only strictly necessary cookies to operate. We do not use third-party advertising cookies or cross-site tracking. If we add analytics in the future, we will choose privacy-respecting providers and update this Policy accordingly.

15. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes to the Services, legal requirements, or our practices. When we make material changes, we will notify you through the Services or by updating the "Last updated" date above. We encourage you to review this Policy periodically.

16. Contact us

If you have any questions, concerns, or requests regarding this Policy or your personal data, please contact:

Apri Software L.L.C-FZ
Attention: Privacy Team
Meydan Grandstand, 6th floor, Meydan Road,
Nad Al Sheba, Dubai, United Arab Emirates
Email: s.makarov@apri.ae

Back to home Read Terms of Service