Your face stays on the phone.
Reading a face is intimate work. We treat it like a journal you've left out on the table, closed.
- 01
Information we collect
We collect the following types of information to provide and improve the Glowlytics experience:
- Account information, name, email address, and authentication credentials managed through Clerk.
- Skin scan photos, images captured via your device camera for skin analysis.
- Face data used for scan alignment, a face bounding box, approximate face size, head angle, and facial landmark / mesh coordinates processed on-device during live camera preview so scans are framed consistently. We do not use this data for face recognition or identity verification.
- Health metrics, skin scores, condition assessments, and trend data generated by our AI analysis.
- Product usage data, skincare products you log, including barcode scans and usage patterns.
- Demographic information, age, skin type, and related details you provide during onboarding.
- Device information, device type, operating system, and app version for compatibility and troubleshooting.
- 02
How we use your data
Your data is used exclusively to deliver and improve the Glowlytics service:
- Skin analysis, processing your scan photos through our fine-tuned AI model to identify conditions and generate scores.
- Face alignment, using live face-position and landmark data on your device to guide framing, distance, and angle before a scan is captured.
- Trend tracking, monitoring changes in your skin health over time to surface meaningful insights.
- Personalized recommendations, providing evidence-based guidance informed by AAD and ACOG clinical guidelines via our RAG pipeline.
- Service improvement, understanding aggregate usage patterns to improve app functionality and accuracy.
We do not sell your data. We do not use your data for advertising.
- 03
Face data
When you open the guided camera, Glowlytics processes limited face data on-device so it can align your scan consistently. This face data may include a face bounding box, approximate face size, head angle, and facial landmark / mesh coordinates during live preview.
- Purpose, center your face, confirm distance, and keep scan framing consistent over time.
- Retention, live face-alignment data is discarded when the camera session ends and is not stored as a reusable biometric template.
- Sharing, live face-alignment data is not shared with third parties. Captured scan photos may be processed by our secure backend and OpenAI under our API agreement to generate non-diagnostic skin insights.
- What we do not do, Glowlytics does not use face data for identity verification, face recognition, emotion detection, advertising, or profiling.
- 04
Storage and security
Your data is stored using a combination of local and server-side storage:
- Local device storage, scan history, preferences, and cached data are stored on your device using AsyncStorage.
- Ephemeral face alignment data, live face bounding boxes and landmark / mesh coordinates stay on-device during camera preview and are discarded after the session ends.
- Encrypted backend, data synced to our servers is stored in PostgreSQL with TLS encryption in transit.
We employ industry-standard security practices to protect your information, including encrypted connections, secure authentication via Clerk, and server-side API key management to prevent exposure of credentials.
- 05
Third-party services
Glowlytics integrates the following third-party services:
- Clerk, handles authentication, account management, and secure session tokens. Subject to Clerk's Privacy Policy.
- OpenAI, powers our vision-based skin analysis via their API. Captured scan photos may include your face, but live face-mesh coordinates are not sent to OpenAI. Per OpenAI's API data usage policy, data sent through the API is not stored or used for model training.
No other third-party services receive your personal data.
- 06
Your rights (GDPR / CCPA)
You have the following rights regarding your personal data:
- Right of access, request a copy of the personal data we hold.
- Right to deletion, request that we delete your personal data.
- Right to portability, receive your data in a structured, machine-readable format.
- Right to rectification, request correction of inaccurate personal data.
- Right to restrict processing, limit how we process your data.
- Right to object, object to certain types of data processing.
- Right to opt out of sale, we do not sell personal data, but you may exercise this right at any time.
To exercise any of these rights, contact drmustafa@bdqholdings.com. We will respond to all verified requests within 30 days.
- 07
Data retention
We retain your personal data for as long as your account remains active. You may delete your data at any time through Profile › Delete account in the app or by contacting drmustafa@bdqholdings.com.
Upon receiving a deletion request, all associated personal data will be permanently removed from our systems within 30 days. Live face-alignment data is not retained beyond the active camera session. Captured scan photos that include your face are retained until you delete your account or request deletion.
- 08
Camera and photo permissions
Glowlytics requires camera access to capture skin scan photos. Here is how we handle photos that may include your face:
- Photos are stored locally on your device in a secure application directory.
- Photos are optionally sent to our backend for AI analysis, transmitted via encrypted connection.
- Photos are never shared with third parties for marketing or advertising purposes.
- You can revoke camera permissions at any time through your device settings.
- 09
Health data disclaimer
Glowlytics provides skin health insights for informational purposes only. Important limitations:
- Our analysis is non-diagnostic and does not constitute medical advice.
- Results should not be used as a substitute for professional medical consultation.
- Health data is never shared with insurance companies or employers.
- Always consult a qualified healthcare professional for medical concerns about your skin.
- 10
Children's privacy
Glowlytics is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13.
If you believe that a child under 13 has provided personal data to Glowlytics, please contact us immediately at drmustafa@bdqholdings.com and we will take steps to delete that information.
- 11
Changes to this policy
We may update this Privacy Policy from time to time. When we do:
- The updated policy will be posted in the app and on this page.
- The effective date at the top of this page will be updated.
- For material changes, we will provide prominent notice within the app.
- 12
Contact us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Company, BDQ Holdings LLC.
- Email - drmustafa@bdqholdings.com.
- Subject line, Glowlytics Privacy Inquiry.
- Terms of Use, glowlytics.ai/terms.
- Apple Standard EULA - apple.com/legal/internet-services/itunes/dev/stdeula.