GLOWR — PRIVACY POLICY
Effective Date: May 11, 2026
INTRODUCTION
This Privacy Policy describes how Glowr ("we", "us", "the Application") collects, uses, processes, and shares your personal information when you use the Application. By using the Application, you consent to the practices described in this policy. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Apple's App Store privacy requirements.
We share certain personal data with third-party artificial intelligence (AI) service providers and infrastructure providers as described below. Before any such sharing takes place, you will see an explicit in-app consent prompt that identifies what data will be sent and to whom. You may decline at any time. We only share data with third parties that provide a level of data protection equivalent to or greater than our own, as evaluated through their published privacy policies, security certifications, and regulatory compliance posture.
PHOTO AND FACIAL ANALYSIS INFORMATION
The Application uses your device camera to capture photos for aesthetic facial analysis and AI-powered transformations. The following sections explain in detail how each photo is handled, what data is sent, and to whom it is sent.
Aesthetic Facial Analysis (Diagnostic Feature)
When you use the main facial diagnostic feature:
What is collected: The facial photograph captured by the device camera.
How it is collected: The image is captured by the device camera, compressed and resized locally on the device, then transmitted securely over HTTPS/TLS to our backend infrastructure.
Where the data is sent: The image is routed through Supabase Edge Functions (operated by Supabase, Inc., based in the United States) which forward it to Face++ (Megvii Technology Inc., based in China) for biometric analysis. Face++ extracts numerical attributes including facial symmetry indicators, facial proportions, estimated age range, estimated gender, skin condition indicators (acne, dark circles, healthiness), and facial landmark coordinates.
What we receive back: Only numerical scores, attribute estimates, and landmark coordinates are returned to the device. The original photograph is not retained on our servers and is not retained by Face++ beyond the immediate processing window required to compute the analysis.
Where the results are stored: Diagnostic results (numerical scores, recommendations) are stored locally on your device until you manually delete them or uninstall the Application. They are not uploaded to our servers.
A.I. Stylist (Transformation) Feature
To use the "A.I. Stylist" feature, the Application collects facial photographs you provide. These images are sent securely over HTTPS/TLS to Google LLC ("Google") via the Generative AI services (Gemini API) for the requested aesthetic transformation (hairstyle simulation, beard styling, color changes, etc.). Images sent for this purpose are automatically and irreversibly deleted from our infrastructure immediately after the result is generated. We do not retain, sell, or use these images for any purpose other than generating your requested transformation.
Food Photo Analysis
When you use the food photo analysis feature, the captured image is transmitted securely over HTTPS/TLS to Google LLC via the Gemini API solely for the purpose of identifying food items and estimating their nutritional content. The image is processed in real time and is not stored on our servers after the analysis is complete. We do not use food images to identify individuals, build dietary profiles, or share nutritional data with advertisers.
Health Data and Personalized Plans
To generate personalized nutrition and training programs, the Application may collect the following health-related information that you voluntarily provide:
- Body weight and height
- Age and biological sex
- Physical activity level and exercise history
- Dietary preferences and restrictions
- Fitness and body composition goals
This information is transmitted securely to Google LLC via the Gemini API to produce your personalized plan. It is not sold to third parties, not used for advertising purposes, and not shared with any party other than the AI service provider strictly for the purpose of plan generation.
A.I. Coach (Chat) Feature
When you use the AI coach chat feature:
What is collected: Your typed messages, your facial analysis scores, and your health profile information.
How it is collected: Messages are sent from your device to Firebase Cloud Functions (operated by Google LLC).
Where the data is sent: Firebase Cloud Functions forwards the data to Google's Generative AI services (Gemini API) for response generation.
What is retained: Conversation history is stored locally on your device only and is not retained on our servers after the response is delivered.
Health Disclaimer: The nutrition plans, training programs, food analyses, and coach responses provided by Glowr are generated by artificial intelligence and are intended for general informational and wellness purposes only. They do not constitute medical advice, diagnosis, or treatment. Results may vary. Always consult a qualified healthcare professional or registered dietitian before making significant changes to your diet or exercise routine, particularly if you have a pre-existing medical condition, are pregnant, or are under medical supervision.
Is Face Data Shared with Third Parties?
Yes. As described in detail above, facial photographs are shared with the following third parties under strict purpose limitations:
- Face++ (Megvii Technology Inc.) — for biometric attribute analysis in the diagnostic feature
- Google LLC (Gemini API) — for AI Stylist transformations
- Supabase, Inc. — as transient infrastructure during routing to Face++
Face++ and Google operate under their own published privacy policies, which we have reviewed and determined to provide a level of data protection equivalent to or greater than our own. Photographs are not used by these providers for advertising, model training, or identification purposes; they are processed solely to deliver the requested feature output and then deleted.
Where is Face Data Stored?
Original facial photographs are not retained on our servers or by our AI providers after the analysis or transformation is delivered. Diagnostic results (numerical scores, recommendations) are stored exclusively on your device. AI Stylist transformations are deleted from Google's processing infrastructure immediately after the transformed image is delivered to your device. The transformed image you receive may be saved by you to your device's photo library if you choose to do so.
YOUR CONSENT TO AI PROCESSING
Before any AI-powered feature is used for the first time, the Application displays an in-app consent prompt that:
- Discloses what personal data will be sent (facial photograph, demographic information, health profile, or chat messages depending on the feature)
- Identifies the third-party AI providers by name (Face++ / Megvii Technology Inc. and Google LLC via the Gemini API)
- Explains the purpose of the transmission
- Requires your explicit acceptance before any data leaves the device
You may withdraw your consent at any time by:
- Refraining from using AI-powered features
- Deleting your account via Profile → Account → Delete Account inside the Application
- Contacting us at glowrapp@gmail.com to request data deletion
Withdrawing consent will disable the AI-powered features but will not affect non-AI portions of the Application.
TRACKING AND ADVERTISING
On iOS devices, the Application complies with Apple's App Tracking Transparency (ATT) framework. The first time the Application launches, you will see a system prompt asking whether you allow the Application to track your activity across other companies' apps and websites. If you decline, no advertising identifier (IDFA) is shared with advertising partners and the ads you see will not be personalized based on your activity. If you accept, your advertising identifier may be shared with Google AdMob to deliver more relevant ads.
You can change your tracking preference at any time from your device's Settings → Privacy & Security → Tracking → Glowr.
ANALYTICS AND PRODUCT IMPROVEMENT
To understand how users interact with the Application and to improve our features, we collect anonymized usage analytics through PostHog (Product Analytics, EU Cloud region). The data collected includes:
- Screens visited and in-app actions performed (e.g., onboarding completion, paywall views, feature usage, purchase events)
- Pseudonymous user identifiers (linked to your subscription account but not to your name or email)
- Device type, operating system, app version, and language
- Anonymized session recordings ("session replay") used to diagnose user-experience issues
Important privacy safeguards for session replay: All text inputs are automatically masked, all images (including any photos shown in-app) are masked, and we do not capture clipboard content or sensitive form fields. Session replays never include your facial photos, food photos, or A.I. Stylist transformations. PostHog data is hosted exclusively in the European Union (eu.i.posthog.com) and is governed by GDPR. We do not sell or share this analytics data with advertisers.
DATA COLLECTION AND THIRD-PARTY ACCESS
The Application obtains the information you supply when you download and register, including when you create an account, use AI-powered features, or make purchases. The types of information collected may include:
- Name and email address (for account creation)
- Health and biometric data you voluntarily provide (weight, height, age, fitness goals)
- Photographs submitted for facial analysis, food analysis, or A.I. Stylist transformations
- Purchase and subscription history
- Device identifiers (IDFA) and usage data, subject to your device permissions and your ATT response
- Anonymized product analytics and masked session recordings (via PostHog)
We do not share your personally identifiable information with third parties except as described in this policy and as necessary to provide the services you request.
THIRD-PARTY SERVICES
The Application uses the following third-party services, each governed by its own privacy policy. We have reviewed each provider's privacy and security practices and determined that they offer a level of data protection equivalent to or greater than our own:
AI Service Providers
Face++ (Megvii Technology Inc.) — Performs biometric attribute analysis on facial photographs to compute symmetry, proportions, age estimation, gender estimation, skin condition indicators, and facial landmarks. Photographs are processed in real time and not retained for training or any other purpose.
Privacy policy: https://www.faceplusplus.com/privacy-policy/
Google AI (Gemini API) — Google LLC — Used for A.I. Stylist image transformations, food photo analysis, personalized nutrition plan generation, training program generation, and the AI coach chat feature.
Privacy policy: https://policies.google.com/privacy
Infrastructure Providers
Supabase, Inc. — Provides serverless function infrastructure used to route facial-analysis requests to Face++ and to host application data. Photographs pass through Supabase Edge Functions transiently during processing and are not stored.
Privacy policy: https://supabase.com/privacy
Firebase / Google Cloud (Google LLC) — Provides authentication, cloud functions, and serverless backend infrastructure used for AI coach features and other Application services.
Privacy policy: https://firebase.google.com/support/privacy
Other Services
RevenueCat — Used for subscription and in-app purchase management. Handles purchase verification and entitlement tracking.
Privacy policy: https://www.revenuecat.com/privacy
PostHog (EU Cloud) — Used for product analytics and masked session replay to understand feature usage and improve the Application. Data hosted exclusively in the European Union.
Privacy policy: https://posthog.com/privacy
Google AdMob — Used for advertising. Subject to your ATT response, may collect device identifiers and usage data to deliver personalized advertising.
Privacy policy: https://policies.google.com/privacy
ACCOUNT DELETION AND DATA RIGHTS
You can permanently delete your account and all associated data at any time through the Profile → Account → Delete Account option within the Application. Upon deletion, all server-side data associated with your account will be permanently removed, including any PostHog analytics events and session recordings tied to your user identifier.
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (including analytics data)
- Object to or restrict processing of your data
- Withdraw your consent to AI processing at any time
- Lodge a complaint with your local data protection authority
To exercise any of these rights, contact us at glowrapp@gmail.com.
AGE REQUIREMENTS
The Application is intended for users aged 16 or older. We do not knowingly collect personal information from individuals under the age of 16. If you believe a minor under 16 has provided us with personal information without parental consent, please contact us at glowrapp@gmail.com and we will delete that information promptly.
In jurisdictions where the minimum age for digital consent is lower than 16, the Application requires verifiable parental or guardian consent for users below the locally applicable minimum age.
SECURITY
We are committed to safeguarding your information. All data transmitted between the Application and our servers — including images sent for facial analysis, A.I. transformations, food analysis, and analytics events sent to PostHog — is protected using industry-standard SSL/TLS encryption. Session replay recordings automatically mask all text inputs and images before leaving the device. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or disclosure.
CHANGES TO THIS POLICY
This Privacy Policy may be updated from time to time. The Service Provider will notify you of any changes by updating this page with the new version and revising the effective date above. Continued use of the Application after changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.
CONTACT US
If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at:
Email: glowrapp@gmail.com
This privacy policy was last updated on May 11, 2026.