Privacy Policy
- Introduction
- Information We Collect
- How We Collect Information
- How We Use Your Information
- Photo Content and AI Processing
- Data Sharing and Disclosure
- Data Retention
- Security
- Children's Privacy
- International Data Transfers
- Your Choices and Data Deletion
- Changes to This Policy
- Contact Us
Welcome to Glow Up ("App"), provided by Hamza Canbaz ("we," "our," or "us"). This Privacy
Policy explains how we collect, use, share, and protect your information when you use our appearance-analysis and
routine-planning services.
1. Introduction
By using Glow Up, you agree to the collection and use of information in accordance with this policy. The App allows
users to complete onboarding, upload a photo, receive AI-assisted facial score analysis, view teaser and score
outputs, follow weekly plans, and purchase subscriptions for premium access.
2. Information We Collect
We collect the following categories of information to provide and improve the App:
- User Input and Onboarding Data: Information you provide during onboarding, such as selected
goals, priority areas, target level, commitment inputs, age, gender, and related responses.
- Photo Content: Photos you provide (camera or photo library) and related metadata such as
local photo path references needed for app functionality.
- Analysis Outputs: Generated score outputs (for example overall, potential, skin quality,
symmetry, jawline, eyes, cheekbones), along with scan IDs and associated plan/task data.
- Account and Identifier Information: Anonymous authentication identifiers (Firebase user ID)
and app user identifiers used for subscriptions and entitlement state.
- Usage and Event Data: Feature and flow events such as onboarding step events, analysis
events, paywall views, continue taps, restore actions, and similar diagnostics/analytics records.
- Purchase and Subscription Information: Entitlement and transaction-related details from Apple
App Store and RevenueCat. We do not store full payment card details.
- Support Information: Information you share with us when contacting support.
3. How We Collect Information
We collect information in the following ways:
- Directly from You: When you complete onboarding, upload photos, use analysis and routine
features, make purchases, restore purchases, or contact support.
- Automatically Through the App: When you use the App, certain interaction, technical, and
diagnostics data may be collected to operate and improve the service.
- From Service Providers: We receive authentication, subscription, purchase, and infrastructure
data from providers such as Apple, Firebase, and RevenueCat.
4. How We Use Your Information
We use collected information for the following purposes:
- To authenticate you and maintain your account and app state.
- To process photo-based analysis requests and return your score results.
- To generate and refresh routine tasks and weekly plans.
- To save your progress, check-ins, and feature state across sessions.
- To process purchases, restore transactions, and manage subscription entitlements.
- To monitor performance, diagnose issues, prevent abuse, and improve reliability.
- To respond to support requests and comply with legal obligations.
5. Photo Content and AI Processing
Because Glow Up includes AI-based analysis, submitted content is processed as follows:
- Face Data Collected: A face photo that you choose (camera or photo library) and related
onboarding inputs used to run your requested analysis.
- Face Data Not Collected: We do not create or store a face recognition template, faceprint, or
biometric identity profile.
- Planned Use: Face photos are used only to generate appearance-analysis scores and to power
your in-app routine recommendations.
- AI Processing Provider: Analysis requests are sent through our backend to
OpenAI to produce structured scoring output for the App experience.
- What May Be Sent for Analysis: This may include your scan identifier, selected onboarding
fields, optional demographic inputs (if provided), and a compressed base64 version of your photo.
- Provider Request Controls: The backend sends analysis requests with
store: false in the OpenAI request payload.
- Third-Party Storage Practices (OpenAI): OpenAI may retain certain API inputs and outputs,
including face-photo analysis content, for up to 30 days to detect abuse, enforce platform safety policies,
and maintain service security/reliability. OpenAI may retain data longer if required by law.
- Why This Retention Period: The retention period supports abuse prevention, security
monitoring, and legal compliance obligations of the AI processing provider.
- Storage by Us: In the current analysis flow, we do not persist raw face photos in our
Firestore database as part of completed analysis records.
- No Sale of User Content: We do not sell your face photos or submitted onboarding content to
data brokers or advertisers.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share information with the following categories of recipients:
- AI Processing Provider: OpenAI, for face-photo and context analysis output
requested by you.
- Infrastructure and App Services: Google Firebase for authentication,
Firestore database, Cloud Functions, and storage-related operations.
- Subscription and Purchase Providers: RevenueCat and
Apple App Store for purchase processing, entitlement handling, and restore flows. We do not
share face photos with RevenueCat for subscription processing.
- Legal and Safety Reasons: If required by law or reasonably necessary to protect rights,
users, systems, or services.
7. Data Retention
We retain information only as long as needed for the purposes described in this policy and service operation.
- Face Photos for Analysis: Face photos are transmitted for analysis at your request and are not
stored by us as completed scan records in Firestore. Analysis requests are sent with store:
false to the AI provider.
- Third-Party Retention: Our AI provider (OpenAI) may retain certain API inputs/outputs for up
to 30 days for abuse prevention and service security, unless a longer period is legally required.
- Account and App State: User IDs, onboarding state, active plans, and progress records may be
retained while your account is active in our systems.
- Scans and Analysis Records: Scan summaries, scores, and related metadata (not raw face image
files) may be retained to provide continuity and history in the App.
- Analytics and Transaction Data: Certain event and purchase-related records may be retained
for diagnostics, fraud prevention, accounting, and legal compliance.
- Retention Period: Unless a longer period is required by law, app data is retained until you
request deletion or delete your account through in-app deletion controls.
8. Security
We use commercially reasonable safeguards and established infrastructure providers to protect information. However,
no method of internet transmission or electronic storage is fully secure, and absolute security cannot be
guaranteed.
9. Children's Privacy
Our App is not intended for children under 13, and we do not knowingly collect personal information from children
under 13. If you believe a child has provided data through the App, contact us so we can review and take
appropriate action.
10. International Data Transfers
Your information may be processed in countries other than your own by us and our service providers. By using the
App, you understand that information may be transferred to jurisdictions with different privacy laws.
11. Your Choices and Data Deletion
You can request deletion of your app data. The backend includes an account deletion flow that removes user
records, associated storage files (where applicable), and attempts to remove the authentication user.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and
revise the effective date above.
13. Contact Us
If you have questions or suggestions about this Privacy Policy, contact us at:
Email: spanky.global@gmail.com