Privacy Policy App

Last updated: April 4, 2026

1. Controller / Who Is Responsible

The controller responsible for the processing of your personal data within the meaning of the EU General Data

Protection Regulation (GDPR) is:

  Julian Herrmann
  Geschwister-Scholl-Allee 12, 14532 Kleinmachnow, Germany
  Contact: info@glow-supplements.com

2. What Data We Collect

  Data you provide:
  - First name (optional, entered during onboarding)
  - Face scan photos (Skin Journal feature only)
  - Daily habit logs (core app feature)
  - Skin notes (optional text)
  - Display name (Friends feature only)
  - Order code (GLOW+ activation only)

  Data generated automatically:
- Device ID: A random identifier generated on first app launch, stored locally. Not linked to your real identity.

- Streak count, points, habit activity: stored locally and synced to our server under your device ID.

- Language preference: stored locally only.

 

 Data we do NOT collect:
  - No email address, no account credentials, no password
  - No location data
  - No advertising trackers or analytics SDKs
  - We do not track you across other apps or websites
  - We do not sell your data

 

3. Legal Basis and Purpose

Face scan photos — Purpose: personal Skin Journal — Legal basis: Explicit consent (GDPR Art. 6(1)(a))
Daily habit logs — Purpose: progress tracking, streak calculation — Legal basis: Performance of service (Art. 6(1)(b))
Device ID — Purpose: pseudonymous account identification — Legal basis: Legitimate interest (Art. 6(1)(f))
First name — Purpose: in-app personalization — Legal basis: Consent (Art. 6(1)(a))
Display name + streak — Purpose: Friends feature — Legal basis: Performance of service (Art. 6(1)(b))
Order code — Purpose: GLOW+ activation — Legal basis: Performance of contract (Art. 6(1)(b))

 

4. Face Scan Photos — Special Notice

  Face scan photos may constitute biometric or special category data under GDPR Art. 9.

  - Photos are stored on our secure server to enable your Skin Journal history
  - Photos are only accessible via your device ID — no other person can access them
  - Photos are never shared with third parties, never used for advertising, never used to train AI models
  - You can request deletion at any time by emailing info@glow-supplements.com
  - Photos are automatically deleted 90 days after your last app activity

By using the Skin Journal feature, you explicitly consent to storage of your face photos on our servers (GDPR Art. 9(2)(a)). You may withdraw consent at any time.

 

5. Data Sharing

We do not sell your data. We share data only with:

- Railway (Railway Corp., United States): backend server hosting and database, acting as data processor under a Data Processing Agreement. Transfers to the US are covered by Standard Contractual Clauses (GDPR Art. 46).
- Shopify: solely to verify GLOW+ activation codes against your order. Not used for marketing.
- Legal authorities: only if required by law or court order.

 6. Friends Feature

If you use Friends: your display name and streak count are visible to added friends. Your friend code (e.g.
GLOW-ABC123) is used to connect. You can remove friends at any time.

7. GLOW+ Premium

GLOW+ is a one-time purchase — no subscriptions, no automatic renewals, no in-app charges through Apple. Activated via
a code from a product purchase at glowsupplements.shop.

8. Data Storage and Security

  - Servers located in the United States (Railway infrastructure)
  - All communication via HTTPS/TLS encryption
  - Database encrypted at rest
  - Rate limiting and security headers active
  - Data access restricted to authorized personnel only

9. Data Retention

Daily logs & habits — until you request deletion
Face scan photos — 90 days after last activity, or on request
Skin notes — until you request deletion
Device ID & account — until you request deletion
Friend connections — until removed or account deleted
GLOW+ activation records — 5 years (legal/commercial requirement)

Server access logs — 30 days

10. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to: access your data, correct it, delete it, restrict processing, data
portability, object to processing, and withdraw consent at any time.

To exercise any right: email info@glow-supplements.com with your device ID (found in the app under Profile → About).
We respond within 30 days.

11. Children's Privacy

GLOW Up is intended for users aged 16 and older. We do not knowingly collect data from children under 16. Contact us
immediately at info@glow-supplements.com if you believe a child has provided data.

12. Apple App Store

GLOW Up is distributed via the Apple App Store. Apple may collect technical data (device model, OS version, crash
reports) governed by Apple's own Privacy Policy. We do not receive or control this data. Camera, photo library, and notification permissions are used solely for the features described above and can be revoked at any time in iOS Settings.

13. Changes

We may update this policy. Significant changes will be communicated within the app. Continued use after changes constitutes acceptance.

14. Contact and Complaints

Email: info@glow-supplements.com

Right to lodge a complaint with your data protection authority. In Germany:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153, 53117 Bonn — http://www.bfdi.bund.de

Prepared in good faith to comply with GDPR (EU 2016/679), BDSG, and Apple App Store requirements.