Glo — Privacy Policy

3. What we collect (and what we don't)

    Stored on your device only LOCAL

    The following data is stored locally on your device using on-device storage and is never uploaded to a server or central database: your skin profile (name, date of birth, gender, skin type, concerns), routines and completion history, daily mood check-ins, weekly and monthly skin check-ins, product shelf and product reviews, streak data, AI chat history (last 30 messages), and AI skin memory summaries. If you delete the app, this data is deleted with it.

    Processed by our service providers

    When you use "Ask Glo" (AI chat), your messages are sent to our AI provider for processing. When you subscribe, your payment is handled by our subscription provider. When you join the waitlist, your email is stored by our email provider. See sections 4–6 for details on each.

We do not currently use any analytics, tracking, or advertising SDKs. We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. How AI conversations work

When you use "Ask Glo" or when Glo generates your personalised routine, here's what happens:

Your message is sent from your device to a secure proxy server hosted on Cloudflare Workers.
The proxy forwards your request to Anthropic's API (Claude) for processing, then returns the response to your device.
Anthropic processes your request to generate a reply. Under Anthropic's data policy, API inputs and outputs are not used to train their models and are not stored beyond what is needed to provide the service and comply with their safety and legal obligations.
We do not permanently store your AI conversations on any server. Conversation context sent with each request is assembled from data held locally on your device.

    What data is included in AI requests?

    To give you personalised advice, each AI request may include context from your on-device data alongside your message. This can include: your name, age, gender, skin type, skin concerns, mood and skin check-in history, product shelf and product reactions, routine details, ingredients you avoid, your budget and experience level, and your AI skin memory summary. This data is sent only when needed to generate a relevant response — it is not stored on our servers.

Because the AI processes information about your skin (which could be considered health-related data under UK GDPR), we process this on the basis of your explicit consent when you choose to use the AI chat feature.

5. Subscriptions & payments

Subscriptions (£9.99/month or £99.99/year) are managed through Apple's App Store. We plan to use RevenueCat as our subscription management provider.

We never see or store your payment card details. Apple handles all payment processing. RevenueCat, once integrated, will receive a pseudonymous app user ID to manage your subscription status — they will not receive your name, email, or other personal information from us.

You can manage or cancel your subscription at any time through your Apple ID settings.

6. Waitlist emails

If you signed up for our waitlist via our website, your email address is stored by Brevo (formerly Sendinblue), our email service provider. We use GDPR-compliant double opt-in, meaning you must confirm your email before being added to our list.

Your email is used solely for Glo launch updates. You can unsubscribe at any time using the link in any email, or by contacting us directly.

7. Third-party links

Glo may offer links to third-party websites. For example, if you tap "Buy on Amazon" for a product recommendation, you will be directed to Amazon.co.uk with a search for that product name. Once you leave Glo, the third party's own privacy policy applies — we have no control over what data they collect. We do not receive any commission or data back from these links.

8. International data transfers

Some of our service providers are based outside the UK:

Anthropic (AI processing) — based in the United States
Cloudflare (proxy server) — infrastructure distributed globally, headquartered in the US
RevenueCat (subscriptions) — based in the United States
Brevo (waitlist emails) — based in France (EU), with data processing that may involve non-UK locations

Where data is transferred outside the UK, we rely on appropriate safeguards as required by UK GDPR, including standard contractual clauses and adequacy decisions where applicable. We only share the minimum data necessary for each service to function.

9. Our lawful basis for processing

Under UK GDPR, we process personal data on the following bases:

Contract: Processing your subscription and providing the app's core features (Article 6(1)(b)).
Consent: Sending waitlist marketing emails and processing health-related skincare data through the AI chat feature (Articles 6(1)(a) and 9(2)(a)). You can withdraw consent at any time.
Legitimate interests: Maintaining the security and functionality of the app (Article 6(1)(f)).

10. Your rights under UK GDPR

You have the right to:

Access — request a copy of any personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — ask us to delete your personal data (your on-device data can be deleted by uninstalling the app).
Restrict processing — ask us to limit how we use your data.
Data portability — receive your data in a portable format.
Object — object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at hello@tryglo.app. We will respond within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. How long we keep data

On-device data — kept until you delete the app or clear app data. We have no access to this.
AI conversation data — not permanently stored by us. Anthropic may retain data temporarily in line with their data retention policy and legal obligations.
Subscription data — retained by RevenueCat and Apple for as long as needed to manage your subscription and meet legal requirements.
Waitlist emails — retained by Brevo until you unsubscribe or request deletion.

12. Security

We take reasonable measures to protect your data. AI requests are transmitted over encrypted HTTPS connections via our Cloudflare Worker proxy. Your on-device data benefits from your device's own security features (passcode, Face ID, etc.).

No system is 100% secure, but we are committed to protecting your information and will notify you promptly if a breach affecting your data occurs.

13. Children's privacy

Glo is not intended for anyone under 16. We do not knowingly collect personal data from children under 16. If we learn that we have inadvertently collected such data, we will take steps to delete it as quickly as possible. If you believe a child under 16 is using Glo, please contact us at hello@tryglo.app.

14. Not medical advice

Glo provides general skincare information and AI-powered coaching for educational purposes only. It is not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare provider (such as a dermatologist or GP) about any skin concerns or conditions. Never disregard professional medical advice because of something you read or received through Glo.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or via email (if we have your email address). The "last updated" date at the top of this page will always reflect the most recent version.

Continued use of Glo after changes are posted constitutes acceptance of the updated policy.

Privacy Policy

1. Who we are

2. Age requirement