1. Introduction
Welcome to Glō ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, and share information about you when you use our mobile application and website (collectively, the "Services").
2. Information We Collect
- Account information: Email address and password when you create an account.
- Profile information: Skin type, skin concerns, and lifestyle data you provide voluntarily.
- Skin scan images: Photos you take within the app for skin analysis. Each photo is sent to Anthropic's Claude API for visual analysis and is not stored by Glō after processing — only the resulting analysis data (skin scores, metrics, recommendations) is retained in your account. The Before & After progress feature compares these saved metrics over time, not the photos themselves.
- Usage data: How you interact with the app, features you use, scan history (metrics only), and streak data.
- Device information: Device type, OS version, and app version for technical support.
3. How We Use Your Information
- Provide AI skin analysis and personalised recommendations
- Generate your skin scores, routines, and product picks
- Send scan reminders and progress notifications (with your permission)
- Maintain your scan history and progress tracking
- Provide customer support and detect misuse
4. AI Analysis & Facial Data
Glō uses Anthropic's Claude AI (anthropic.com/legal/privacy) to analyse photos of your face for cosmetic skin assessment. Before your first scan, the app asks for your explicit consent to send photos to this third-party AI service.
When you take a scan, your photo is:
- Transmitted securely over TLS-encrypted connections to Anthropic's Claude API
- Processed by Claude solely to generate a cosmetic skin analysis (hydration, texture, evenness, visible concerns such as acne)
- Not used by Anthropic to train AI models, under Anthropic's commercial API terms
- Not stored by Glō after analysis — the photo exists only for the duration of the API request
- Not retained by Anthropic beyond the duration of the API request, except in transient abuse-monitoring logs that are purged within 30 days
Only the resulting analysis data (skin scores, metrics, ingredient and product recommendations) is saved to your account. The Before & After progress feature compares these saved metrics across scans — not the photos themselves.
Are face photos biometric data? Glō does not perform face recognition, identity verification, or generate biometric templates. The analysis assesses visible skin features only — colour, texture, evenness — and does not identify you as an individual. For this reason, the processing does not fall under the special category of biometric data under GDPR Article 9.
Glō is not a medical device. Results are for informational and cosmetic purposes only and should not replace professional dermatological advice.
5. Data Storage & Security
Your data is stored securely using Supabase with industry-standard encryption. Data is stored on servers in the European Union.
6. Data Sharing
We do not sell your personal data. We share information only with:
- Anthropic (privacy policy) — your scan photo is sent to Anthropic's Claude API for AI skin analysis during processing only. Anthropic does not retain or train on this data per their commercial API terms.
- Supabase (privacy policy) — for secure storage of your account data and analysis results in EU-hosted infrastructure. No photos are stored.
- Apple — for payment processing via In-App Purchases.
- Affiliate partners — when you tap a "Buy" link, you are redirected to a third-party retailer (e.g. Amazon). We may earn a commission on purchases made through these links. We share no personal data with these retailers beyond the standard click-through.
- Law enforcement — when required by law.
7. Affiliate Links & Click Tracking
Glō includes affiliate links to third-party retailers for products and supplements recommended to you. When you tap a "Buy" button:
- We record the product ID and your region (e.g. US, UK, ES, FR) to measure which recommendations are most useful
- No personally identifiable information is shared with the retailer
- We may earn a small commission if you make a purchase — at no extra cost to you
- Affiliate relationships do not influence which products are recommended. All recommendations are generated by AI based on your skin analysis
8. Your Rights
Depending on where you live, you may have the following rights with respect to your personal data:
- Right of access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate data
- Right to erasure — delete your account in-app from the Profile tab, or by emailing us
- Right to restriction of processing
- Right to data portability — receive your data in a machine-readable format
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time
To exercise any of these rights, contact us at support@gloapp.nl. We respond within 30 days. If you live in the European Economic Area or the United Kingdom, you may also lodge a complaint with the data protection authority in your country of residence — see edpb.europa.eu.
9. Legal Basis for Processing
For users in the EEA, UK, and similar jurisdictions, we process your personal data on the following legal bases under GDPR Article 6:
- Performance of a contract — to provide the Services you signed up for
- Legitimate interests — security, abuse prevention, and product improvement
- Consent — for AI processing of your scan photos, optional notifications, and marketing
- Legal obligation — when required by applicable law
10. International Transfers
Some of our processors are located outside the EEA, including in the United States. When we transfer your personal data outside the EEA, we rely on appropriate safeguards including the EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
11. Data Retention
- Account and analysis results: retained while your account is active, plus 30 days after deletion
- Scan photos: never stored after processing — see Section 4
- Transient processing logs: purged within 30 days
- Subscription records: retained as required by applicable tax and accounting laws
- Support correspondence: retained for 2 years
12. Children's Privacy
Glō is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with data, contact us and we will delete it.
13. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes through the app or by email at least 14 days before they take effect.
14. Contact
Email: support@gloapp.nl