Privacy Policy

1 Information We Collect

We collect the following types of information to provide and improve the Glowlytics experience:

• Account information -- name, email address, and authentication credentials managed through Clerk
• Skin scan photos -- images captured via your device camera for skin analysis
• Health metrics -- skin scores, condition assessments, and trend data generated by our AI analysis
• Product usage data -- skincare products you log, including barcode scans and usage patterns
• Demographic information -- age, skin type, and related details you provide during onboarding
• Device information -- device type, operating system, and app version for compatibility and troubleshooting

2 How We Use Your Data

Your data is used exclusively to deliver and improve the Glowlytics service:

• Skin analysis -- processing your scan photos through our fine-tuned AI model to identify conditions and generate scores
• Trend tracking -- monitoring changes in your skin health over time to surface meaningful insights
• Personalized recommendations -- providing evidence-based guidance informed by AAD and ACOG clinical guidelines via our RAG pipeline
• Service improvement -- understanding aggregate usage patterns to improve app functionality and accuracy

We do not sell your data. We do not use your data for advertising.

3 Data Storage and Security

Your data is stored using a combination of local and server-side storage:

• Local device storage -- scan history, preferences, and cached data are stored on your device using AsyncStorage
• Encrypted backend -- data synced to our servers is stored in PostgreSQL with TLS encryption in transit

We employ industry-standard security practices to protect your information, including encrypted connections, secure authentication via Clerk, and server-side API key management to prevent exposure of credentials.

4 Third-Party Services

Glowlytics integrates the following third-party services:

• Clerk -- handles authentication, account management, and secure session tokens. Subject to Clerk's Privacy Policy
• OpenAI -- powers our vision-based skin analysis via their API. Per OpenAI's API data usage policy, data sent through the API is not stored or used for model training

No other third-party services receive your personal data.

5 Your Rights (GDPR / CCPA)

You have the following rights regarding your personal data:

• Right of access -- request a copy of the personal data we hold about you
• Right to deletion -- request that we delete your personal data
• Right to portability -- receive your data in a structured, machine-readable format
• Right to rectification -- request correction of inaccurate personal data
• Right to restrict processing -- limit how we process your data
• Right to object -- object to certain types of data processing
• Right to opt out of sale -- we do not sell personal data, but you may exercise this right at any time

To exercise any of these rights, contact drmustafa@bdqholdings.com. We will respond to all verified requests within 30 days.

6 Data Retention

We retain your personal data for as long as your account remains active. You may delete your data at any time through the app's settings or by contacting us at drmustafa@bdqholdings.com.

Upon receiving a deletion request, all associated personal data will be permanently removed from our systems within 30 days.

7 Camera and Photo Permissions

Glowlytics requires camera access to capture skin scan photos. Here is how we handle your photos:

• Photos are stored locally on your device in a secure application directory
• Photos are optionally sent to our backend for AI analysis, transmitted via encrypted connection
• Photos are never shared with third parties for marketing or advertising purposes
• You can revoke camera permissions at any time through your device settings

8 Health Data Disclaimer

Glowlytics provides skin health insights for informational purposes only. Important limitations:

• Our analysis is non-diagnostic and does not constitute medical advice
• Results should not be used as a substitute for professional medical consultation
• Health data is never shared with insurance companies or employers
• Always consult a qualified healthcare professional for medical concerns about your skin

9 Children's Privacy

Glowlytics is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13.

If you believe that a child under 13 has provided personal data to Glowlytics, please contact us immediately at drmustafa@bdqholdings.com and we will take steps to delete that information.

10 Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• The updated policy will be posted in the app and on this page
• The effective date at the top of this page will be updated
• For material changes, we will provide prominent notice within the app

11 Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: BDQ Holdings LLC
• Email: drmustafa@bdqholdings.com
• Subject line: Glowlytics Privacy Inquiry