Privacy Policy

Last updated: October 15, 2025

Last Updated: October 15, 2025

1. Introduction

GlowNiq ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services.

By using GlowNiq, you agree to the practices described in this Privacy Policy.

2. Information We Collect

Personal Information - Account Information: Email address, name, and phone number (optional) - Authentication Data: Login credentials managed securely - Profile Data: User preferences, settings, and profile pictures

Face Data (Important - Read Carefully) - Photos You Upload: Photos of your face/skin that you submit for AI-powered skin analysis - Analysis Results: AI-generated skin assessments, recommendations, and analysis history - Metadata: Timestamps, settings used, and analysis parameters

What We Do with Face Data: - We collect facial/skin images solely for the purpose of AI-based skin analysis - Images are temporarily processed by AI providers (OpenAI, Groq) to generate personalized skin analysis - We do NOT use face data for: - Biometric identification or authentication - Face recognition - Identity verification - Tracking or surveillance - Any purpose other than skin analysis

Storage and Retention: - Face images are stored securely on EU servers (Hetzner, Germany) - Images are automatically deleted after 30 days from the analysis date - You can delete your images anytime through Settings β†’ Delete Account - Upon account deletion, all face data is permanently deleted within 30 days

Third-Party Processing: - AI providers process images temporarily to generate analysis results - Images are sent encrypted and not permanently stored by AI providers - We have data processing agreements ensuring images are used only for analysis - AI providers cannot use your images for model training or other purposes

Usage Information - Device Information: Device type, operating system, unique device identifiers - Log Data: IP address, access times, app features used - Analytics: Usage patterns and feature interactions

Payment Information - Credits and Purchases: Purchase history managed through Apple App Store or Google Play Store - Transaction Records: Product IDs, transaction IDs, purchase dates - We do NOT collect or store credit card information - All payments are processed by Apple/Google

3. How We Use Your Information

We use collected information to:

  • Provide Services: Process skin analysis requests, manage your account, deliver analysis results
  • Improve Quality: Enhance AI accuracy, develop new features, improve user experience
  • Support: Respond to your inquiries and provide customer assistance
  • Security: Prevent fraud, protect user safety, ensure platform security
  • Legal Compliance: Comply with legal obligations and law enforcement requests
  • Communications: Send analysis notifications and important app updates

4. Data Sharing and Disclosure

We do not sell your personal information. We share data only as follows:

AI Processing Partners - OpenAI (USA): AI-powered skin analysis using GPT-4 vision models - Anthropic/Claude (USA): Advanced skin analysis using Claude vision models - Qwen/Alibaba Cloud (via OpenRouter): Vision analysis using Qwen2.5-VL models - Groq (USA): Fast AI inference and analysis processing - Data processing agreements ensure images used only for analysis - No permanent storage or training on your images - AI providers may vary based on availability and quality

Infrastructure Providers - Hetzner (Germany): EU-based secure cloud storage - Apple CloudKit: Optional data synchronization for iOS users - RevenueCat: Cross-platform purchase receipt validation - All data stored within EU/EEA

Payment Processors - Apple App Store: iOS in-app purchases (mobile app) - Google Play Store: Android in-app purchases (mobile app) - Stripe: Web-based credit card payments (web platform only) - RevenueCat: Cross-platform purchase receipt validation and subscription management - We receive only transaction confirmations, not payment details - Credit card information processed directly by Stripe/Apple/Google (we never see it)

Analytics & Support - Firebase: Crash reporting and anonymous usage analytics - Support Providers: When you contact us for help (only data you share)

Legal Requirements We may disclose information when required to: - Comply with legal processes, court orders, or law enforcement requests - Protect our rights, property, and safety - Prevent fraud or security threats - Protect user safety in emergency situations

5. Data Retention

| Data Type | Retention Period | |-----------|-----------------| | Face Images | 30 days after analysis (automatic deletion) | | Analysis Results | Until account deletion or 30 days max | | Account Information | While account is active | | Purchase Records | 7 years (Belgian law compliance) | | Usage Data | 90 days (anonymized after) | | Support Communications | Up to 2 years | | Deleted Account Data | Permanently deleted within 30 days |

6. Your Rights and Choices

GDPR Rights (EU/EEA Users) - Right of Access: Request copies of your personal data - Right to Rectification: Correct inaccurate information - Right to Erasure: Request deletion of your data via Settings β†’ Delete Account - Right to Restrict Processing: Limit how we process your data - Right to Data Portability: Export your data in a structured format - Right to Object: Object to processing based on legitimate interests - Right to Withdraw Consent: Stop data processing based on consent - Right to Lodge Complaint: Contact Belgian Data Protection Authority

California Privacy Rights (CCPA) If you are a California resident, you have additional rights: - Right to Know: What personal information we collect and how we use it - Right to Delete: Request deletion of your personal information - Right to Opt-Out: We do NOT sell your personal data - Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us at privacy@glowniq.be (response within 45 days).

Account Deletion You can permanently delete your account through: 1. Open GlowNiq app 2. Go to Profile β†’ Settings 3. Select "Delete Account" 4. Enter your password to confirm 5. All data deleted within 30 days

What Gets Deleted: - Your account and profile - All face images (immediate deletion) - Analysis history - Usage data - Personal preferences

What We Retain: - Purchase records (7 years for legal compliance) - Anonymized analytics data - Support communication records (if relevant to legal disputes)

7. Security Measures

We implement industry-standard security measures:

  • Encryption: End-to-end encryption for data transmission (TLS/SSL)
  • Secure Storage: Encrypted databases and file storage
  • Access Controls: Role-based access, authentication requirements
  • Regular Audits: Security assessments and penetration testing
  • Data Minimization: Collect only necessary data
  • EU Servers: Data stored in EU/EEA (Hetzner Germany)
  • Compliance: GDPR, CCPA, and Belgian data protection laws

8. Children's Privacy

GlowNiq is NOT intended for users under 13 years of age.

  • We do not knowingly collect information from children under 13
  • If you are a parent/guardian and believe we collected data from a child under 13, contact us immediately
  • Upon discovery, we will delete such information within 24 hours

For users aged 13-18, we recommend parental guidance before using the app.

9. International Data Transfers

GlowNiq operates globally. Your information may be transferred to and processed in countries outside Belgium/EU.

Safeguards We Use: - Standard Contractual Clauses (SCCs) approved by EU Commission - Adequacy decisions for certain countries - Your explicit consent where required - GDPR compliance for all transfers

Your rights under GDPR remain protected regardless of where your data is processed.

10. Third-Party Services

We use the following third-party services (each has its own privacy policy):

| Service | Purpose | Location | Platform | |---------|---------|----------|----------| | OpenAI | AI skin analysis (GPT-4 Vision) | USA (SCCs) | Mobile & Web | | Anthropic/Claude | AI skin analysis (Claude Vision) | USA (SCCs) | Mobile & Web | | Qwen/Alibaba (OpenRouter) | AI skin analysis (Qwen2.5-VL) | USA/China (SCCs) | Mobile & Web | | Groq | Fast AI inference | USA (SCCs) | Mobile & Web | | Hetzner | Cloud hosting | Germany (EU) | Mobile & Web | | Apple | App Store, payments | USA (Adequacy) | Mobile only | | Google | Play Store, payments | USA (Adequacy) | Mobile only | | Stripe | Credit card payments | USA (Adequacy) | Web only | | RevenueCat | Receipt validation | USA (SCCs) | Mobile only | | Firebase | Analytics, crash reports | USA (SCCs) | Mobile & Web |

We encourage you to review their privacy policies.

11. Data Breach Notification

In the event of a data breach affecting your rights and freedoms:

1. We will notify the Belgian Data Protection Authority within 72 hours of discovery 2. We will notify affected users without undue delay if the breach poses a high risk 3. Notification will include: - Nature of the breach - Likely consequences - Measures taken to address it - Recommendations to protect yourself

Report suspected security issues to: privacy@glowniq.be

12. Changes to This Policy

We may update this Privacy Policy periodically.

How We Notify You: - In-app notifications for major changes - Email notifications (if you provided email) - Updated "Last Updated" date - 30-day notice before significant changes

Continued use after changes constitutes acceptance of the updated policy.

13. Contact Information

For privacy-related questions or requests:

Email: privacy@glowniq.be Website: https://glowniq.be Response Time: Within 45 days for GDPR/CCPA requests

Controller: GlowNiq Registered Address: Belgium (Contact us for details) Data Protection Officer: Available upon request

14. Legal Compliance

This Privacy Policy complies with: - GDPR (General Data Protection Regulation - EU) - Belgian Data Protection Act - CCPA (California Consumer Privacy Act - USA) - App Store and Google Play privacy requirements - International data protection standards

15. App Store Privacy Labels

As required by app stores, we disclose:

Data Linked to You: - Contact Info (email, name) - Identifiers (user ID, device ID) - User Content (face images for analysis) - Usage Data (app interactions)

Data Not Collected: - Precise location - Sensitive info (except face data for analysis) - Financial info (handled by Apple/Google) - Browsing history - Search history

For detailed privacy labels, see our App Store listing.

---

By using GlowNiq, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Last Updated: October 15, 2025 Effective Date: October 15, 2025 Version: 2.0