Privacy Policy - GlowScan

This Privacy Policy describes how Rozsa Gyene ("we", "us", or "our") collects, uses, and shares information when you use the GlowScan mobile application (the "App"). By using the App, you agree to the collection and use of information as described in this policy.

1. Information We Collect

a) Information You Provide

Account information: When you create an account, we collect your email address and display name.
Beauty profile: Skin type, hair type, nail concerns, eye color, hair color, and preferences you enter during onboarding or in the app.
Diary entries: Notes and logs you add to your skincare diary.

b) Camera and Photo Data

The App uses your device camera and photo library for AI-powered skin, hair, and nail analysis. Here is how we handle this data:

Real-time processing: Photos are processed in real-time and are not stored on our servers after analysis is complete.
AI analysis: Compressed images may be sent to our AI analysis service (Anthropic Claude API) for skin, hair, and nail analysis. Images are processed immediately and discarded — they are not retained by Anthropic or us.
Local storage: Compressed thumbnail images of your scans are stored locally on your device for your scan history. Only the 3 most recent scans per type retain image data.

c) Information Collected Automatically

Scan results: Analysis results including health scores, detected concerns, and recommendations for skin, hair, and nails.
Device information: Device type, operating system version, and anonymous device identifiers used for push notification delivery and advertising.
Usage data: Feature usage patterns, scan frequency, and app interaction data to improve the App.
Crash logs and diagnostics: We collect crash reports and performance data to improve app stability.
Product interaction data: We may collect data about which product recommendations you view and interact with in order to improve the relevance of future recommendations. This data is stored in your user profile and is not shared with third parties.

2. Face Data Collection and Use

What we collect. When you use the Face Scan or Skin Age features, GlowScan captures a still photo of your face — either from the device camera or one you select from your photo library. This is the only "face data" the App collects. We do not capture face geometry, face embeddings, or any biometric template; we do not use Apple's TrueDepth API or Face ID; we do not perform identity recognition.

How we use it. The captured photo is compressed (resized to a maximum of 640 pixels on the longest edge, JPEG quality 0.7) and sent over HTTPS to GlowScan's analysis backend, which forwards it to Anthropic's Claude API. Claude returns a structured JSON analysis describing visible skin characteristics — concerns such as pores, wrinkles, redness, dullness, dark spots, hydration, texture, and an apparent skin-age estimate — together with personalized routine and product recommendations. The photo is processed for this one purpose only.

Who it is shared with. The photo is sent to one third party: Anthropic, PBC, the operator of the Claude API. Under Anthropic's API data-usage policy, content submitted to the Claude API is not used to train Anthropic's models and is not retained beyond the period needed to process the request and return a result. We do not share face photos with advertisers, affiliate retailers, analytics providers, or any other third party.

Where it is stored. GlowScan's analysis backend does not persist the photo: it is held in memory only for the duration of the request and discarded once the analysis is returned. The structured analysis result (scores, concerns, recommendations, summary) is what we save — not the photo. The original photo can be cached locally on your device as a thumbnail so you can review your scan history; only the three most recent scans per scan type retain a thumbnail, and the rest are automatically discarded. If you are signed in, only the structured analysis result is synced to your Firebase account — face photos are never uploaded to Firebase Storage from the Face Scan flow.

How long we keep it. Server-side: not retained beyond the API request/response cycle (seconds). On-device thumbnail: kept until you uninstall the App, clear app data, or until a newer scan rotates it out of the "three most recent" cache. Cloud-synced analysis result: kept until you delete the scan from your history, delete your account, or otherwise request deletion under Section 10 ("Data Deletion") below.

Your control. Before your first face, hair, or nail scan, the App shows an in-app consent screen that explicitly names Anthropic as the analysis provider and asks you to agree before any photo is transmitted. If you decline, no photo is sent. You can revoke this consent at any time in Settings → Privacy → Reset AI Analysis Consent; declining will block future scans until you re-consent. You can also delete individual scans from the in-app scan history at any time, or delete your entire account and all associated data from Settings → Privacy → Delete Account.

3. How We Use Your Information

To provide AI-powered skin, hair, and nail analysis features.
To personalize product recommendations based on your beauty profile.
To send push notifications for skincare reminders (if enabled).
To display relevant advertisements via Google AdMob.
To display affiliate product links and shopping recommendations.
To diagnose technical issues and improve app performance.
To sync your data across devices when you sign in.

4. Third-Party Services

a) Google AdMob

We use Google AdMob to display advertisements in the App for non-premium users. AdMob may collect and use the following:

Device advertising identifiers (IDFA on iOS, GAID on Android).
IP address and general location data.
App usage and interaction data for ad personalization.

You can opt out of personalized advertising in your device settings. Premium users do not see any advertisements.

For more information, see Google's Privacy Policy.

b) Affiliate Product Links

The App may display product recommendations with affiliate links. When you click on these links, you may be directed to third-party retailer websites. These retailers have their own privacy policies, and we encourage you to review them. We may earn a commission on purchases made through affiliate links, at no additional cost to you.

c) Anthropic (Claude API)

We use the Anthropic Claude API for AI-powered analysis of skin, hair, and nail images. Images sent for analysis are processed in real-time and are not stored or retained by Anthropic after processing. For more information, see Anthropic's Privacy Policy.

d) Google Firebase

We use Google Firebase for authentication, cloud data storage, and push notifications. For more information, see Firebase Privacy and Security.

5. Data Storage and Security

a) Local Storage

Most of your data — including scan history, beauty diary, routines, preferences, and gamification progress — is stored locally on your device. This data remains on your device and is not transmitted unless you sign in to sync.

b) Cloud Storage (Firebase)

When you create an account and sign in, your data is synced to Google Firebase (Firestore) to enable cross-device access. This includes:

User profile and beauty preferences.
Skin, hair, and nail scan results and analysis history.
Skincare routines and diary entries.
Gamification data (points, streaks, achievements).

Data stored in Firebase is protected by Firebase security rules and is only accessible by you (authenticated with your account).

c) Security Measures

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), Firebase security rules for access control, and secure authentication via Firebase Auth. However, no method of electronic storage is 100% secure.

6. Data Sharing

We do not sell your personal information. We may share data with:

Anthropic (Claude API): Images sent for AI analysis are processed in real-time and not retained.
Google Firebase: For authentication, data storage, and push notifications.
Google AdMob: For advertising purposes (non-premium users only).
Affiliate partners: We may share anonymized, aggregated usage data with affiliate partners. We do not share your personal information with them.
Affiliate product links: When you click an affiliate product link, a referral identifier is shared with the retailer to attribute the purchase. No personal information, scan data, or health information is shared with affiliate partners.
Law enforcement: If required by law or to protect our rights.

7. Affiliate Links & Product Recommendations

GlowScan provides personalized product recommendations based on your skin, hair, and nail scan results. When you tap on a recommended product or click a "Shop" or "Buy Now" link within the app, you may be directed to third-party retailer websites, including but not limited to Amazon, Sephora, and Ulta Beauty.

GlowScan participates in affiliate marketing programs, which means we may earn a small commission when you purchase products through links in our app. This commission comes from the retailer at no additional cost to you. Your purchase price is the same whether or not you use our affiliate link.

Important Disclosures

Product recommendations are generated based on your scan results, skin type, hair type, nail condition, and identified concerns. Recommendations are not influenced by affiliate commission rates.
We do not sell your personal data to retailers or advertisers.
Clicking an affiliate link may share limited technical data (such as a referral identifier) with the retailer to attribute the referral. This is standard practice for affiliate programs and does not include your scan results, health data, or personal information.
You are never required to purchase any product to use GlowScan. All scanning, analysis, and recommendation features work independently of any purchase.
Third-party retailer websites have their own privacy policies. We encourage you to review their policies before making a purchase.

Affiliate program partners may include: Amazon Associates, Sephora Affiliate Program, Ulta Beauty Affiliate Program, and select skincare and beauty brand partner programs. This list may be updated from time to time.

8. Data Retention

Your data is retained as long as your account is active. Local data persists until you clear the app data or uninstall the app. Cloud data is retained until you request account deletion.

9. Your Rights

You have the right to:

Access your personal data stored in the App.
Delete your account and all associated data.
Export your data using the export feature in the App or by contacting us.
Opt out of push notifications in the App settings.
Opt out of personalized ads in your device settings.

10. California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the CCPA:

Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to delete: You may request deletion of your personal information, subject to certain exceptions.
Right to opt out of sale: We do not sell your personal information. However, some data sharing with advertising partners (Google AdMob) may constitute a "sale" under the CCPA. You can opt out of this by disabling personalized ads in your device settings.
Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at rozsagyenelaw1@gmail.com.

11. Data Deletion

To delete your account and all associated data:

Use the "Clear All Data" option in the App settings.
Visit our Account Deletion page.
Or email us at rozsagyenelaw1@gmail.com with "Delete My Account" in the subject line.

Upon request, we will delete your account and all associated data from our servers within 30 days. Local data on your device can be removed by uninstalling the App.

12. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child under 13, please contact us immediately at rozsagyenelaw1@gmail.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the App. Your continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Rozsa Gyene
Email: rozsagyenelaw1@gmail.com
Website: myglowscan.com