1 Information We Collect
We collect the following types of information to provide and improve the Glowlytics experience:
- Account information -- name, email address, and authentication credentials managed through Clerk
- Skin scan photos -- images captured via your device camera for skin analysis
- Face data used for scan alignment -- a face bounding box, approximate face size, head angle, and facial landmark or mesh coordinates processed on-device during live camera preview so scans are framed consistently. We do not use this data for face recognition or identity verification.
- Health metrics -- skin scores, condition assessments, and trend data generated by our AI analysis
- Product usage data -- skincare products you log, including barcode scans and usage patterns
- Demographic information -- age, skin type, and related details you provide during onboarding
- Device information -- device type, operating system, and app version for compatibility and troubleshooting
2 How We Use Your Data
Your data is used exclusively to deliver and improve the Glowlytics service:
- Skin analysis -- processing your scan photos through our fine-tuned AI model to identify conditions and generate scores
- Face alignment -- using live face-position and landmark data on your device to guide framing, distance, and angle before a scan is captured
- Trend tracking -- monitoring changes in your skin health over time to surface meaningful insights
- Personalized recommendations -- providing evidence-based guidance informed by AAD and ACOG clinical guidelines via our RAG pipeline
- Service improvement -- understanding aggregate usage patterns to improve app functionality and accuracy
We do not sell your data. We do not use your data for advertising.
3A Face Data
When you open the guided camera, Glowlytics processes limited face data on-device so it can align your scan consistently. This face data may include a face bounding box, approximate face size, head angle, and facial landmark or mesh coordinates during live preview.
- Purpose -- center your face, confirm distance, and keep scan framing consistent over time
- Retention -- live face-alignment data is discarded when the camera session ends and is not stored as a reusable biometric template
- Sharing -- live face-alignment data is not shared with third parties. Captured scan photos may be processed by our secure backend and OpenAI under our API agreement to generate non-diagnostic skin insights
- What we do not do -- Glowlytics does not use face data for identity verification, face recognition, emotion detection, advertising, or profiling
3 Data Storage and Security
Your data is stored using a combination of local and server-side storage:
- Local device storage -- scan history, preferences, and cached data are stored on your device using AsyncStorage
- Ephemeral face alignment data -- live face bounding boxes and landmark or mesh coordinates stay on-device during camera preview and are discarded after the session ends
- Encrypted backend -- data synced to our servers is stored in PostgreSQL with TLS encryption in transit
We employ industry-standard security practices to protect your information, including encrypted connections, secure authentication via Clerk, and server-side API key management to prevent exposure of credentials.
4 Third-Party Services
Glowlytics integrates the following third-party services:
- Clerk -- handles authentication, account management, and secure session tokens. Subject to Clerk's Privacy Policy
- OpenAI -- powers our vision-based skin analysis via their API. Captured scan photos may include your face and are processed under our API agreement. Photos sent to OpenAI are not stored or used for model training by OpenAI
No third-party service receives your scan photos for marketing, advertising, or model training purposes.
5 Your Rights (GDPR / CCPA)
You have the following rights regarding your personal data:
- Right of access -- request a copy of the personal data we hold about you
- Right to deletion -- request that we delete your personal data
- Right to portability -- receive your data in a structured, machine-readable format
- Right to rectification -- request correction of inaccurate personal data
- Right to restrict processing -- limit how we process your data
- Right to object -- object to certain types of data processing
- Right to opt out of sale -- we do not sell personal data, but you may exercise this right at any time
To exercise any of these rights, use Profile > Delete account in the app or contact drmustafa@bdqholdings.com. We will respond to all verified requests within 30 days.
6 Data Retention
We retain your personal data for as long as your account remains active. You may delete your data at any time through Profile > Delete account in the app or by contacting us at drmustafa@bdqholdings.com.
Upon receiving a deletion request, all associated personal data will be permanently removed from our systems within 30 days.
Live face-alignment data is not retained beyond the active camera session. Captured scan photos that include your face are retained until you delete your account or request deletion.
7 Camera and Photo Permissions
Glowlytics requires camera access to perform skin scans. Photos captured during scans may include your face and are handled as follows:
- Processed on-device for real-time lesion detection during camera alignment
- Stored locally on your device
- Sent to our secure backend for AI-powered analysis, encrypted in transit via TLS
- Photos are never shared with third parties for marketing or advertising purposes
- Photos are never posted publicly or made accessible to other users
- You can revoke camera permissions at any time through your device settings
8 Health Data Disclaimer
Glowlytics provides skin health insights for informational purposes only. Important limitations:
- Our analysis is non-diagnostic and does not constitute medical advice
- Results should not be used as a substitute for professional medical consultation
- Health data is never shared with insurance companies or employers
- Always consult a qualified healthcare professional for medical concerns about your skin
9 Children's Privacy
Glowlytics is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13.
If you believe that a child under 13 has provided personal data to Glowlytics, please contact us immediately at drmustafa@bdqholdings.com and we will take steps to delete that information.
10 Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- The updated policy will be posted in the app and on this page
- The effective date at the top of this page will be updated
- For material changes, we will provide prominent notice within the app
11 Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Company: BDQ Holdings LLC
- Email: drmustafa@bdqholdings.com
- Subject line: Glowlytics Privacy Inquiry
- Terms of Use: glowlytics.ai/terms
- Apple Standard EULA: apple.com/legal/internet-services/itunes/dev/stdeula