Privacy Policy

1. What GlowTheory Is

GlowTheory provides skincare education, skin observations, product organization, and personalized routine suggestions through our mobile app and website. The Service is informational and is not a medical device, diagnosis tool, or substitute for professional medical advice.

2. Information We Collect

• Account information: name, email address, authentication provider, and Firebase user ID.
• Skin profile information: skin type, concerns, routine preferences, experience level, pregnancy/sensitivity choices when provided, routine history, check-ins, progress, and chat messages.
• Product and shelf information: product names, brands, product types, ingredients, shopping-list items, purchase links, opened dates, and notes you add.
• Photos: selfie images used for skin scans and shelf/product photos used for product identification. These images are processed to provide the requested feature.
• Device and usage information: device type, operating system, app/browser version, IP address, feature usage, analytics events, push notification tokens, crash/error logs, and security logs.
• Communications: support requests, feedback, email preferences, and messages you send to us.

3. Skin Scan, Biometric, and Photo Data

• Before using the AI photo scan, you must consent to GlowTheory processing a selfie image to compute facial landmark geometry and skin-zone observations.
• The selfie image itself is not retained by default. It is transmitted for analysis, processed in memory, and discarded after the response returns. We store derived metrics such as skin type, concern tags, health score, zone observations, and routine context so your account can show progress and generate routines.
• Shelf and product photos are used to identify products and labels. They are not retained by default after the identification response returns.
• If you separately opt in to research or model-improvement storage, confirmed scan images and related labels may be stored for up to 24 months to improve GlowTheory vision models. This is optional, off by default, and revocable from your profile. Revocation deletes stored research scans.
• We do not sell biometric data, use it for advertising, or share it with advertising networks.

4. How We Use Information

• To create and secure your account.
• To analyze skin observations, generate routines, explain recommendations, and track progress.
• To maintain your product shelf, shopping list, reminders, and chat context.
• To send transactional emails, push notifications, routine reminders, product-expiry reminders, and support messages.
• To improve reliability, safety, fraud prevention, analytics, and product quality.
• To comply with legal obligations and enforce our terms.

5. AI and Service Providers

• GlowTheory uses service providers including Firebase and Google Cloud for authentication, database, storage, hosting, analytics, and infrastructure; Google Gemini and related vision services for AI analysis; Expo for mobile push token infrastructure; and email providers for transactional messages.
• These providers process data only as needed to provide the Service, secure it, or comply with law. We do not sell your personal information.

6. Push Notifications and Email

• If you enable push notifications, we store your push token and notification preferences so we can send reminders and account-related alerts. You can turn notifications off in iOS or Android settings at any time.
• We may send account, welcome, routine, reminder, support, and security emails. You can opt out of marketing emails, but we may still send transactional or security messages.

7. Retention and Deletion

• We keep account, routine, product, chat, and derived skin data while your account is active or as needed to provide the Service.
• You can delete your account in the mobile app or website profile. Account deletion removes your Firebase Auth account, profile, routines, scans and derived metrics, product shelf, shopping list, notification preferences, consent records, stored research scans, and other user data from primary systems.
• Some records may remain temporarily in encrypted backups or logs and are deleted on normal retention schedules, generally within 30 days unless a longer period is required by law, security, fraud prevention, or dispute handling.

8. Your Choices and Rights

• You can access and update account information in the app where available.
• You can revoke biometric scan consent from your profile. After revocation, you cannot use photo scanning again until you re-consent.
• You can request access, correction, deletion, portability, or restriction of your personal information by contacting privacy@glowtheory.app.
• Depending on your location, you may have additional privacy rights under laws such as CCPA/CPRA, GDPR, UK GDPR, BIPA, CUBI, or similar laws.

9. Children

GlowTheory is not intended for children under 13, or under 16 where that higher age threshold applies. We do not knowingly collect information from children.

10. Security

We use technical and organizational safeguards including encrypted transport, Firebase and Google Cloud security controls, access limits, and operational logging. No internet service can be guaranteed completely secure.

11. Third-Party Links

GlowTheory may link to product retailers or other third-party sites. Those sites have their own privacy practices, and we are not responsible for them.

12. Changes and Contact

• We may update this Privacy Policy as the Service changes. Material updates will be posted here with a new updated date.
• Questions or requests: privacy@glowtheory.app. General support: support@glowtheory.app.