Privacy Policy

1. Introduction

HerGlow ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use the App.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Profile Information: Skin type preferences, beauty goals, and other profile data you choose to provide
• Photos: Facial images you upload for skin analysis
• Communications: Information you provide when contacting our support team

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features used, time spent in app, interaction patterns
• Log Data: IP address, browser type, pages viewed, crash reports

2.3 Biometric Data

Our AI face analysis technology processes facial features from photos you provide. This analysis is performed to identify skin characteristics, face shape, and undertones for personalised recommendations. We process this data solely for providing our services and do not use it for identification purposes.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Perform AI-powered skin analysis and generate personalised recommendations
• Create and manage your account
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyse trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse
• Personalise and improve your experience
• Comply with legal obligations

4. Data Storage and Security

We implement appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

• Data is encrypted in transit using TLS/SSL
• Data at rest is encrypted using industry-standard encryption
• Access to personal data is restricted to authorised personnel only
• We regularly review and update our security practices

Your data is stored on secure servers provided by Supabase, located in the European Union, ensuring compliance with GDPR requirements.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: Third-party vendors who assist in providing our services (e.g., cloud hosting, analytics, payment processing)
• Legal Requirements: When required by law or to respond to legal process
• Protection of Rights: To protect our rights, privacy, safety, or property
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit consent

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to our processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account Data: Retained while your account is active and for up to 30 days after deletion request
• Analysis Data: Retained to provide ongoing recommendations and track your skincare progress
• Photos: You can delete uploaded photos at any time through the App
• Transaction Records: Retained as required by law (typically 7 years)

8. Children's Privacy

Our App is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected personal information from a child under 16, we will delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We ensure appropriate safeguards are in place to protect your information, including standard contractual clauses approved by the European Commission.

10. Third-Party Services

Our App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

We use the following third-party services:

• Supabase: Database and authentication services
• OpenAI: AI-powered analysis (images are processed and not stored)
• Apple/Google: App distribution, payment processing, and subscription management

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the App and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.