← Back to home

Privacy Policy

We take your privacy seriously — especially when it comes to your face.

Last updated: April 2026

Overview

GlowScore AI ("we," "our," or "us") provides an AI-powered facial analysis platform that gives you personalised beauty and symmetry insights. This Privacy Policy explains what data we collect, how we use it, and your rights as a user. By using GlowScore AI you agree to the practices described here.

Data We Collect

We collect only what is necessary to deliver the service:

  • Selfies & facial images — uploaded by you for analysis. Images are processed ephemerally (see below) and are not stored permanently on our servers.
  • Account information — email address, display name, and hashed password (or OAuth tokens) when you create an account.
  • Scan results — the numerical scores, category breakdowns, and AI-generated feedback produced from your analysis, stored so you can revisit them in your dashboard.
  • Usage data — pages visited, features used, timestamps, and device/browser metadata collected to improve the product.
  • Payment data — billing details processed directly by Stripe. We never see or store raw card numbers.

How We Process Facial Images

Facial images are treated with the highest level of care:

  • Ephemeral processing — your uploaded photo is sent over an encrypted connection, analysed by our AI pipeline, and then immediately discarded. We do not retain the raw image after analysis is complete.
  • No biometric databases — we do not create, store, or sell biometric identifiers or templates derived from your face.
  • No facial recognition — our analysis measures aesthetic attributes (symmetry, proportions, skin texture) and does not identify or verify your identity.
  • Optional image retention — if you explicitly opt in (e.g., to compare past scans), a thumbnail may be stored encrypted in your personal account storage. You can delete these at any time from your dashboard.

Third-Party Services

We use trusted third-party providers to run GlowScore AI:

  • Supabase — our database and authentication provider. Account data and scan results are stored in Supabase-managed Postgres databases hosted in the EU (Frankfurt) region. Supabase is SOC 2 Type II certified.
  • Stripe — all payment processing is handled by Stripe, Inc. Your card data never touches our servers. Stripe is PCI DSS Level 1 certified.
  • AI providers— facial analysis is performed by AI models we run via API. Images sent for inference are subject to those providers' data processing agreements, which prohibit training on your data.
  • Vercel— our web application is hosted on Vercel's edge infrastructure. Request logs may be retained for up to 30 days for debugging purposes.

We do not sell your data to any third party, ever.

Cookies & Analytics

We use a minimal set of cookies and analytics tools:

  • Session cookies — required for authentication and to keep you signed in. These expire when you close your browser or sign out.
  • Preference cookies — lightweight cookies that remember your settings (e.g., theme or scan history display preferences).
  • Analytics — we use privacy-respecting analytics to understand aggregate usage patterns. No cross-site tracking, no fingerprinting, and IP addresses are anonymised before storage.

You can disable non-essential cookies via your browser settings. Doing so will not affect core functionality.

Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

  • Access — request a copy of all personal data we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — delete your account and all associated data from your dashboard settings. We will process deletion within 30 days.
  • Data export — download a JSON export of your scan history, scores, and account data from your dashboard at any time.
  • Opt out of analytics — email us and we will exclude you from aggregated analytics reporting.

Users in the EU/EEA have additional rights under GDPR, including the right to lodge a complaint with your local supervisory authority.

Data Retention

Account data and scan results are retained for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days, except where we are legally required to retain records (e.g., billing records retained for 7 years per tax law). Raw facial images are never retained beyond the duration of a single analysis session.

Security

All data is transmitted over TLS 1.3. Data at rest is encrypted using AES-256. We enforce row-level security policies on our database so that users can only access their own data. We conduct regular security reviews and promptly address vulnerabilities. If you discover a security issue, please contact us at security@glowscore.ai.

Children's Privacy

GlowScore AI is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you by email or via an in-app banner. Continued use of GlowScore AI after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have questions, requests, or concerns about this Privacy Policy or how we handle your data, please reach out:

We aim to respond to all privacy-related enquiries within 5 business days.