Privacy Policy
Effective date: March 7, 2026
Summary: GlowPet processes your face photos to provide skincare analysis and visualisations. Your photos are processed on-device and through secure servers, never sold to third parties, and you can delete your data at any time.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address and display name
- Authentication credentials (managed via Apple Sign-In or email/password)
- Gender (optional, used to personalise recommendations)
- Subscription status
Face & Photo Data
GlowPet uses your device camera and photo library to provide its core features:
- Face scans: We use Apple ARKit and MediaPipe to capture facial landmarks for analysis. Landmark data is processed on your device and stored locally.
- Photos: When you use AI hairstyle or eyebrow visualisation, your photo is sent to our secure servers for AI processing, then the result is returned to your device.
- AR Try-On: The AR eyebrow feature uses your device camera in real time. No camera data is transmitted — all processing happens on-device.
Usage Data
- Skincare routine completions and habit tracking data
- Scan scores and progress history
- App preferences and settings
2. How We Use Your Information
We use your information to:
- Provide personalised skincare analysis and recommendations
- Generate AI hairstyle and eyebrow visualisations
- Track your skincare progress over time
- Manage your account and subscription
- Improve the app's features and accuracy
3. AI Processing & Third-Party AI Services
GlowPet uses third-party AI services to power its core features. All AI requests are routed through our secure backend (Supabase Edge Functions) — no third-party API keys or direct connections exist on your device. The app requests your explicit consent before any data is shared with these services.
Third-Party AI Providers
Face scanning and scoring is performed entirely on your device using Apple ARKit and MediaPipe. No face photos are sent to external services for analysis.
The following third-party AI services are used for specific features:
- Google Gemini (via OpenRouter): Receives structured face analysis data (face shape, proportion scores, skin attributes — not photos) to generate personalised skincare routine recommendations and tips.
- fal.ai: Receives your face photo to generate hairstyle and eyebrow visualisations. Photos are sent only when you explicitly request a visualisation.
Data Handling by AI Providers
- Data is sent solely to fulfil your specific request and is not retained by providers beyond processing.
- Your data is not used by these providers to train their AI models.
- Each provider processes data in accordance with their own privacy policies and provides protection equivalent to ours.
- Generated results are returned to your device and stored in your account.
Your Control
- The app asks for your explicit consent before sending any data to third-party AI services.
- You can revoke AI data-sharing consent at any time in Settings → Privacy. AI-powered features will be disabled until you re-consent.
4. Data Storage & Security
- On-device: Face landmarks, scan data, routine progress, and preferences are stored locally on your device.
- Cloud sync: Account data, scan results, routines, and habits are synced to secure cloud servers (Supabase) to enable backup and cross-device access.
- Encryption: All data in transit is encrypted using TLS/SSL. Data at rest is encrypted on our cloud servers.
- Access control: Your data is isolated to your account. Row-level security ensures only you can access your data.
5. Data Sharing
We do not sell your personal data. We share data only in these limited circumstances:
- Google Gemini (via OpenRouter): Structured face measurements (not photos) are sent for skincare routine generation and personalised tips.
- fal.ai: Face photos are sent for hairstyle and eyebrow visualisation when you request one.
- Payment processing: Subscription purchases are handled by Apple through the App Store. We do not receive or store your payment details.
- Legal requirements: We may disclose data if required by law or to protect our legal rights.
All third-party AI providers listed above process your data solely to fulfil your request, do not use it for model training, and provide data protection equivalent to ours. No data is shared for advertising or marketing purposes.
6. Your Rights & Choices
- Access: You can view all your data within the app.
- Export: Request a copy of your data by emailing [email protected].
- Deletion: You can delete your account and all associated data from the app settings, or by contacting us.
- AI data sharing: You can revoke consent for AI data sharing at any time in Settings → Privacy. AI-powered features will be disabled until you re-consent.
- Camera access: You can revoke camera permission at any time in your device settings.
- Photo access: Photo library access is requested only when you choose to use a custom photo.
7. Children's Privacy
GlowPet is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
8. Data Retention
We retain your data for as long as your account is active. When you delete your account:
- All personal data is permanently deleted from our servers within 30 days
- Local data on your device is cleared immediately upon sign-out
- AI-generated images associated with your account are deleted
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes through the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this privacy policy or your data, contact us at: