Privacy Policy

This Privacy Policy describes how Glowdess LLC ("Glowdess", "we", "us") collects, uses, discloses, and safeguards personal information when you use our website, applications, and services (collectively, the "Services").

1. Information We Collect

• Account Information: name, email address, and authentication data when you sign up or log in.
• Profile and Questionnaire Data: preferences, goals, lifestyle inputs, and optional photos you upload to personalize your plan.
• Face and Photo Data: When you upload photos for your Blueprint, we may analyze facial features including face shape, skin characteristics, and other visible features to provide personalized beauty and skincare recommendations.
  • What we collect: Photos you voluntarily upload containing your face and facial characteristics derived from analysis (face shape classification, skin type indicators).
  • How we use it: Solely to generate your personalized Glow Up Blueprint with tailored makeup, skincare, and styling recommendations.
  • Processing: Photos are processed using our custom tailored AI via our providers to analyze facial features. We do not use facial recognition technology to identify individuals.
  • Third-party sharing: Photos may be transmitted to our AI service provider solely for analysis purposes. They are contractually prohibited from using your photos for any other purpose.
  • Storage: Uploaded photos are stored securely in your private profile. Your Blueprint is also saved under your account and no one has access to it other than you and Glowdess (only with your permission).
  • Retention: Photos and face data are retained while your account is active. You may delete your photos and associated data at any time through the app under Settings or by contacting support@getglowdess.com.
  • Your control: You can request deletion of all face data by emailing support@getglowdess.com.
• Usage and Device Data: IP address, device and browser type, pages viewed, links clicked, and other usage information. We use analytics tools including Vercel Analytics and Microsoft Clarity session insights.
• Analytics and Crash Data: We use third-party providers including Firebase for analytics and Crashlytics for crash reporting. Firebase collects data about the number of users and sessions, session duration, operating systems, device models, geography, first launches, app opens, app updates, and in-app purchases. Crashlytics gathers crash logs to help improve app performance.
• Subscription Data: We manage app subscription data via RevenueCat and Superwall and web purchases via Stripe.
• Communications: feedback, support requests, and messages you send to us.

2. How We Use Information

• Provide, personalize, and improve the Services and recommendations.
• Operate, maintain, and secure the platform, including preventing fraud and abuse.
• Analyze usage to understand performance and improve features (e.g., via Vercel Analytics and Microsoft Clarity).
• Communicate with you about updates, offers, and support.
• Comply with legal obligations and enforce our Terms.

3. Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, and analyze traffic. You can adjust cookie settings in your browser. Some features may not function properly without certain cookies.

4. Sharing of Information

We share information with trusted service providers who help us operate the Services, such as:

• Hosting and infrastructure providers (e.g., Vercel).
• Analytics providers (e.g., Vercel Analytics, Microsoft Clarity).
• Email and communication tools.
• Payment processors if you purchase paid offerings.

We require vendors to handle personal data in accordance with applicable law and our instructions. We may also share information to comply with law, protect rights and safety, or in connection with a business transfer (e.g., merger or acquisition).

5. Legal Bases for Processing (EEA/UK)

Where GDPR or UK GDPR applies, we process personal data based on the following legal bases: (a) your consent; (b) performance of a contract; (c) our legitimate interests to provide and improve the Services and ensure security; and (d) compliance with legal obligations.

6. International Transfers

If you are located in the European Economic Area (EEA), Switzerland, or the United Kingdom, your personal information may be transferred to countries outside your country of residence (including the United States). Where required, we implement appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses (and the UK equivalents), and take additional measures as necessary to protect your information. You can contact us to request more information about these safeguards.

7. Data Retention

We retain personal information for as long as necessary to provide the Services and for legitimate business purposes, including legal, accounting, or reporting requirements. When no longer needed, we will delete or de-identify information.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. You can exercise rights by contacting us at support@getglowdess.com. You may also lodge a complaint with your local data protection authority.

9. GDPR/UK GDPR Rights

If you are located in the EEA, Switzerland, or the UK, you may have the following rights under GDPR/UK GDPR, subject to certain limitations:

• Right of access to your personal data.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten").
• Right to restrict processing in certain circumstances.
• Right to data portability.
• Right to object to processing, including profiling and direct marketing.
• Right to withdraw consent where processing is based on consent.
• Right to lodge a complaint with a supervisory authority.

To exercise these rights, contact us at support@getglowdess.com. We may request information to verify your identity before responding to your request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights subject to certain limitations under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to Know: request disclosure of the categories and specific pieces of personal information we collect, use, disclose, or sell/share.
• Right to Delete: request deletion of personal information we collect from you.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt-Out: opt-out of the sale or sharing of personal information for cross-context behavioral advertising.
• Right to Limit Use and Disclosure of Sensitive Personal Information.
• Right to Non-Discrimination for exercising your rights.

We do not sell personal information in the traditional sense. We may share limited data for analytics and advertising as described above; where this constitutes “sharing” under California law, you can exercise your right to opt-out by contacting us at support@getglowdess.com and by adjusting cookie settings in your browser. To exercise any rights, contact us at support@getglowdess.com and include “California Request” in your subject line. We will verify requests consistent with applicable law.

11. Security

We use administrative, technical, and organizational measures designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

12. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it.

13. Third-Party Services

Our Services integrate with the following third-party providers. We recommend reviewing their privacy policies:

• Firebase: https://firebase.google.com/support/privacy
• Crashlytics: https://firebase.google.com/support/privacy (part of Firebase)
• RevenueCat: https://www.revenuecat.com/privacy/
• Superwall: https://superwall.com/privacy
• Mixpanel: https://mixpanel.com/legal/privacy-policy/
• Google AI (Gemini): https://ai.google.dev/gemini-api/docs/usage-policies
• Vercel: https://vercel.com/legal/privacy-policy
• Microsoft Clarity (web use only, not used in the app): https://privacy.microsoft.com/privacystatement

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with an updated "Last updated" date. Your continued use of the Services following the update means you acknowledge the changes.

15. Contact Us

For questions or requests regarding this Policy, contact us at support@getglowdess.com.