Privacy Policy

Effective Date: March 11, 2026

GlowUp ("we", "our", "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the GlowUp mobile application ("App").

1. Information We Collect

Account Information: When you sign in with Apple, we receive your Apple ID, display name, and email address (if you choose to share it).
Face Photos: Photos you upload or capture for facial analysis are transmitted securely to our server, processed by our AI system in real-time, and immediately discarded after analysis. Face photos are never stored on our servers or in cloud storage. Only the resulting analysis scores and text recommendations are retained. See Section 3 for full details on face data handling.
Analysis Data: Scores, category breakdowns, recommendations, and progress data generated from your analyses.
Chat Messages: Messages you send to the AI Coach feature are processed by OpenAI to generate responses. Chat messages are processed in real-time and are not permanently stored on our servers. Chat history is only kept locally on your device during your session.
Usage Data: App interactions such as features used, session duration, and task completions for improving the App experience.
Device Information: Device type, operating system version, and push notification tokens for delivering notifications.

2. How We Use Your Information

To provide AI-powered facial analysis and personalized recommendations
To track your progress and improvement over time
To deliver AI Coach responses tailored to your profile
To process subscription purchases and manage your account
To send push notifications you have opted into (daily reminders, milestones)
To improve and maintain the App

3. Face Data Collection, Use, and Retention

What face data we collect: When you use the facial analysis feature, the App captures or receives a single photo of your face via the device camera or photo library. The photo is converted to a base64-encoded image on your device and transmitted securely (via HTTPS/TLS) to our backend server for processing.

How face data is used: Your face photo is sent to OpenAI's GPT-4o API for AI-powered facial analysis. The AI evaluates facial features across categories such as symmetry, jawline definition, skin quality, grooming, and style. The analysis produces numerical scores (0-100), text-based strengths and improvement suggestions, and celebrity look-alike matches. The photo itself is used solely for this one-time analysis.

Third-party sharing: Your face photo is transmitted to OpenAI (https://openai.com) for AI processing. OpenAI processes the image in real-time to generate the analysis. Per OpenAI's API data usage policy, API inputs are not used to train their models and are retained for up to 30 days for abuse monitoring purposes before being deleted. No other third parties receive your face photo.

Data storage: Face photos are NOT stored on our servers. The photo exists in server memory only during the brief processing window (typically under 30 seconds) and is immediately discarded after the AI analysis completes. Only the resulting text-based analysis data (scores, recommendations, category breakdowns) is saved to your account in our database. The original photo remains only on your local device.

Data retention: Since face photos are not stored on our servers, there is no server-side retention of face images. The analysis results (scores and text) are retained as long as your account is active and are permanently deleted when you delete your account. The photo file on your local device is managed by your device's storage and is not controlled by the App.

AI consent: Before your first facial analysis, the App displays a consent modal explaining that your photo will be processed by AI. You must explicitly consent before proceeding. AI-generated scores and recommendations are for entertainment and self-improvement purposes only and should not be considered medical, psychological, or professional advice.

4. Data Storage & Security

Your account data and analysis results are stored securely using Supabase (hosted on AWS). We implement industry-standard security measures including encryption in transit (TLS) and at rest, row-level security policies, and secure authentication via JSON Web Tokens (JWT). Face photos are never stored on our servers — only text-based analysis results are retained in the database.

5. Third-Party Services

Supabase: Database and authentication hosting
OpenAI: AI analysis and chat processing
RevenueCat: Subscription and purchase management
Apple: Sign-in authentication and in-app purchases
Expo: App update delivery

Each third-party service has its own privacy policy governing their use of data.

6. Data Retention & Deletion

Your data is retained as long as your account is active. You can delete your account at any time from the Settings screen in the App. When you delete your account:

All analysis data (scores, recommendations, category breakdowns) are permanently deleted from our database
All profile data, progress history, streaks, achievements, and task completions are permanently deleted
Your authentication account is permanently removed
No face photos need to be deleted as they are never stored on our servers

Deletion is irreversible and typically completes within minutes.

7. Children's Privacy

GlowUp is not intended for children under 17. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 17, we will delete it promptly.

8. Your Rights

You have the right to:

Access your personal data through the App
Delete your account and all associated data
Opt out of push notifications via device settings
Request information about your data by contacting us

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by updating the effective date above.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: glowupaiapp@gmail.com