Privacy Policy

Last updated: March 27, 2026

1. Overview

Glamdu ("we", "us", "our", or "the app") is a personal beauty and aesthetic treatment tracking application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, available on the Apple App Store and Google Play Store.

By using Glamdu, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the app.

2. Data Controller

For the purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, the data controller is:

Glamdu
Email:

3. Information We Collect

3.1 Information You Provide

Data Type	Examples	Purpose
Account information	Email address, display name	Account creation and authentication
Treatment logs	Appointment dates, treatment types, practitioner names, costs, notes, ratings	Core app functionality
Photos	Before/after treatment photos you choose to attach	Treatment documentation
Goals and preferences	Treatment goals, notification preferences, currency settings	Personalization
Effectiveness ratings	1–5 star ratings for treatments	Treatment effectiveness tracking
Treatment notes & voice memos	Text notes, skin reaction ratings, audio recordings about treatments	Treatment journaling (Premium)
Health-related data	Medication names, allergy information, healing timeline entries	Safety alerts and recovery tracking
Provider information	Practitioner names, clinic names, addresses, contact details	Provider directory and appointment tracking

3.2 Information Collected Automatically

Data Type	Purpose
Device information (model, OS version)	App compatibility and crash reporting
App usage analytics	Improving user experience
Crash logs and performance data	Bug fixing and stability

3.3 Information We Do NOT Collect

Precise location data
Contact lists or address books
Browsing history
Data from other apps on your device
Biometric data (skin analysis photos are processed entirely on your device and are never uploaded)

4. On-Device AI Processing

Our AI Skin Analysis feature uses on-device machine learning to analyze photos you voluntarily submit. This processing occurs entirely on your device. No photos, analysis results, or biometric data are transmitted to our servers or any third-party servers. Skin analysis scores saved to your history are stored locally on your device.

5. How We Use Your Information

Provide, maintain, and improve the app experience
Sync your data across your devices via your account
Send treatment reminders and notifications (only if you enable them)
Generate personalized insights from your treatment history
Process your subscription and manage your account
Respond to your support requests
Detect and prevent fraud or abuse

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

Legal Basis	Processing Activity
Contract performance	Providing the app service, managing your account, processing subscriptions
Consent	Sending push notifications, processing skin analysis photos, collecting health-related treatment data
Legitimate interest	Analytics to improve the app, crash reporting, fraud prevention
Legal obligation	Compliance with applicable laws and regulations

Treatment data (including aesthetic procedures, skin analysis results, and medication information) may constitute special category data under GDPR Article 9. We process this data based on your explicit consent, which you provide by voluntarily entering this information into the app. You may withdraw consent at any time by deleting your data.

7. How We Share Your Information

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We use the following third-party service providers who process data on our behalf:

Service	Provider	Purpose	Privacy Policy
Authentication	Firebase Auth (Google)	User sign-in and account management	Link
Database	Cloud Firestore (Google)	Secure data storage and sync	Link
Analytics	Firebase Analytics (Google)	Anonymous usage statistics	Link
Payments	RevenueCat	Subscription management	Link
Sign-In	Apple / Google	Optional authentication	Respective policies

We may also disclose your information if required by law, in response to valid legal process, or to protect the rights, property, or safety of Glamdu, our users, or the public.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Google/Firebase) operate. When we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with all service providers
Adequacy decisions where applicable

9. Data Retention

Data Type	Retention Period
Account information	Until you delete your account
Treatment logs, photos, and preferences	Until you delete them or delete your account
Skin analysis scores (on-device)	Until you delete them; not stored on our servers
Analytics data	26 months (Firebase Analytics default)
Crash reports	90 days

Upon account deletion, all personal data is permanently removed from our servers within 30 days. Anonymized, aggregated data (such as total user counts) may be retained indefinitely.

10. Data Security

We implement industry-standard security measures to protect your personal data:

All data is encrypted in transit (TLS/SSL) and at rest
Authentication via Firebase with secure token management
AI skin analysis processed entirely on-device — photos never leave your phone
Treatment photos stored locally on your device, not uploaded to our servers
Regular security reviews of our infrastructure

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Your Privacy Rights

11.1 Rights for All Users

Access: View all data we hold about you
Export: Download your data via Profile > Export Data (Premium), or request a copy by contacting support
Deletion: Delete individual logs, all data, or your entire account
Correction: Update inaccurate information at any time
Opt out: Disable notifications, analytics, or optional features at any time

11.2 Additional Rights under GDPR (EEA/UK Users)

Right to restriction of processing: Request limited use of your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interest
Right to withdraw consent: Withdraw consent at any time without affecting prior processing
Right to lodge a complaint: File a complaint with your local data protection authority

11.3 Additional Rights under CCPA/CPRA (California Residents)

Right to know: Request disclosure of the categories and specific pieces of personal information collected
Right to delete: Request deletion of personal information
Right to opt-out of sale: We do not sell your personal information
Right to non-discrimination: We will not discriminate against you for exercising your rights

In the preceding 12 months, we have not sold any personal information, nor do we use personal information for targeted advertising.

11.4 Additional Rights under LGPD (Brazil), PIPEDA (Canada), and Other Jurisdictions

If you are located in a jurisdiction with applicable data protection laws, you may have similar rights to access, correct, delete, and port your personal data. Contact us to exercise these rights.

To exercise any of these rights, use the Privacy & Data section in your Profile settings, or contact us at . We will respond within 30 days (or within the timeframe required by applicable law).

12. Children's Privacy

Glamdu is not intended for use by anyone under the age of 16 (or 13 in jurisdictions where permitted by law). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete the information.

13. Automated Decision-Making

Our AI Skin Analysis feature provides automated scores and insights based on photos you submit. These results are for informational purposes only and do not constitute medical advice, diagnosis, or treatment recommendations. No decisions with legal or significant effects are made solely based on automated processing.

14. Do Not Track

We honor Do Not Track signals. If your browser or device sends a Do Not Track signal, we will not track your activity for advertising purposes. We do not engage in cross-site tracking.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you through the app before the changes take effect. Your continued use of the app after notification constitutes acceptance of the updated policy.

Previous versions of this policy are available upon request.

16. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, please contact us:

Email:

For GDPR-related inquiries, you may also contact your local supervisory authority.