Privacy Policy

Last updated: November 30th, 2025

Introduction

GlowDuck ("we", "our", "us") provides a mobile app and website (the "Service") that helps you track skin progress, build habits, and receive AI insights. This Privacy Policy explains what we collect, how we use it, and your choices.

Information We Collect

  • Account info: Email and display name.
  • Habit and progress data: Habits you track and completion records.
  • Weekly progress photos: If you take a weekly face photo, it is saved on your device by default (see "Photos and AI Analysis").
  • Analytics: Anonymous usage and performance metrics (no IDFA unless you explicitly adopt ATT).

Face Data Collection and Use

What Face Data We Collect:

GlowDuck collects photos of your face that you voluntarily upload for skin progress tracking. These photos contain facial images that are analyzed to provide personalized skincare insights.

How We Use Your Face Data:

  • Face Detection: We verify that uploaded images contain a clear view of your face suitable for analysis
  • Skin Health Analysis: We analyze your face to assess skin metrics including:
    • Clarity (blemishes, spots)
    • Dark spots and hyperpigmentation
    • Redness and inflammation
    • Skin texture
    • Hydration levels
    • Eye bags
  • Progress Tracking: We compare your face photos over time to track improvements in your skin health
  • Personalized Recommendations: We use analysis results to recommend skincare products tailored to your specific skin concerns

Third-Party Sharing:

Your face photos are shared with the following third-party service providers:

  1. Anthropic (Claude AI)
    • Purpose: AI-powered face detection and skin analysis
    • Data Shared: Face photos uploaded by you
    • Privacy Policy: https://www.anthropic.com/privacy
    • Data Retention: Anthropic does not retain your images after processing (as per their privacy policy)
  2. Firebase (Google LLC)

Where Face Data is Stored:

  • Local Device: Photos are stored on your device in the app's private storage
  • Firebase Storage (Cloud): Photos are uploaded to Firebase Storage for AI analysis and progress tracking
  • Anthropic Servers: Photos are temporarily sent to Anthropic's servers for AI analysis, but are not retained after processing

Data Retention:

  • Active Accounts: Face photos are retained for as long as your account is active
  • After Account Deletion: All face photos are permanently deleted from Firebase Storage within 30 days of account deletion
  • Local Device: Photos remain on your device until you delete the app or manually delete them through the app
  • Anthropic: Face photos are not retained by Anthropic after analysis is complete (processing only, no storage)

Your Rights:

You have the right to:

  • Access your face photos at any time through the app
  • Delete all face photos by deleting your account
  • Request deletion of your face data at any time by contacting support@glowduck.app

Security:

  • All face photos are encrypted in transit (TLS/SSL) and at rest (AES-256 encryption)
  • Access to face photos is restricted to authenticated users only
  • Face photos are stored in private, user-specific Firebase Storage buckets

Product Recommendations and Affiliate Links

How Product Recommendations Work:

Based on your skin analysis results, our AI recommends skincare products that may help address your specific skin concerns. These product recommendations are generated using your face data analysis (see "Face Data Collection and Use" section above).

Amazon Affiliate Program:

  • Product recommendations include links to Amazon.com
  • These links are affiliate links through the Amazon Associates program
  • As an Amazon Associate, we earn from qualifying purchases
  • You are not required to purchase any recommended products
  • Product recommendations are suggestions only and do not constitute medical advice

What This Means:

  • When you click on a product recommendation and make a purchase on Amazon, we may receive a small commission
  • This does not affect the price you pay for products
  • We only recommend products from our curated list that are available on Amazon
  • Product recommendations are personalized based on your skin analysis, but you are free to choose any products you prefer

Your Choice:

  • You are under no obligation to purchase any recommended products
  • Product recommendations are provided for your convenience and information only
  • You can ignore product recommendations and continue using the app's other features

Photos and AI Analysis

On-device storage: Your weekly progress photos are stored locally on your device by default.

AI analysis: If you initiate analysis, the app sends the current week's photo to our AI processing service (Anthropic Claude AI) to generate scores and friendly feedback. We use short‑lived, access‑controlled handling and delete uploaded copies promptly after analysis. For detailed information about how we handle face data, see the "Face Data Collection and Use" section above.

We do not publish or share your photos with other users.

How We Use Data

  • Provide app functionality: habit tracking, weekly analysis, progress views.
  • Improve the Service: performance, reliability, and feature development.
  • Communications: reminders, critical service notices, and account-related messages.

Third-Party Services

We use the following trusted third-party services to operate GlowDuck:

Firebase (Google LLC)

  • Services: Authentication, Cloud Firestore, Cloud Storage, Analytics, Crashlytics, Performance Monitoring, Cloud Functions
  • Purpose: Core app infrastructure, user authentication, data storage, analytics, crash reporting
  • Privacy Policy: https://firebase.google.com/support/privacy

RevenueCat

Apple Sign In

Google Sign In

Anthropic (Claude AI)

  • Service: AI image analysis and face detection
  • Purpose: Generate skin progress insights from your photos and detect faces in uploaded images
  • Privacy Policy: https://www.anthropic.com/privacy
  • Data Retention: Does not retain images after processing

Amazon Associates

These services may process your data according to their own privacy policies. We ensure all service providers are bound by confidentiality agreements and security obligations.

Data Security

How We Protect Your Data:

  • Encryption: All data transmitted to our servers uses TLS/SSL encryption
  • Storage Encryption: Data at rest is encrypted using industry-standard AES-256 encryption
  • Access Controls: Strict access controls limit who can view your data
  • Regular Audits: We conduct regular security reviews and updates
  • Secure Infrastructure: We use Firebase, which is SOC 2 and SOC 3 certified

What We Cannot Guarantee:

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Responsibility:

  • Keep your login credentials secure
  • Use a strong, unique password
  • Enable two-factor authentication if available
  • Report any unauthorized access immediately

Your Rights (GDPR & CCPA)

If you are in the European Union or California, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. Note: Some data may be retained for legal compliance.
  • Right to Data Portability: Request your data in a machine-readable format to transfer to another service.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Object: Object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Opt-Out of Sale: We do not sell your personal information to third parties.

How to Exercise Your Rights:

  • Email: support@glowduck.app with subject line "Privacy Rights Request"
  • Specify which right(s) you wish to exercise
  • We will respond within 30 days (GDPR) or 45 days (CCPA)
  • We may need to verify your identity before fulfilling requests

Data Retention

How Long We Keep Your Data:

  • Active Accounts: We retain your data for as long as your account is active.
  • After Account Deletion: Your data is permanently deleted within 30 days of account deletion.
  • Backups: Data in disaster recovery backups may persist for up to 90 days.
  • Legal Obligations: Some data may be retained longer if required by law (e.g., tax records, fraud prevention).

What Happens to Your Photos:

  • Photos stored on your device remain until you delete the app or clear app data
  • If you initiated AI analysis, server-side copies are deleted immediately after processing
  • No long-term server storage of photos unless explicitly needed for a feature you opted into
  • For detailed face data retention information, see the "Face Data Collection and Use" section above

International Data Transfers

Where Your Data is Stored:

Your data may be stored and processed in the United States and other countries where our service providers operate.

For European Users:

  • We comply with GDPR requirements for international data transfers
  • We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • We ensure adequate safeguards are in place to protect your data

For California Users:

Your data may be transferred outside California but remains protected under CCPA.

Cookies and Tracking Technologies

Analytics and Tracking:

We use Firebase Analytics to understand how users interact with the app. This includes:

  • Session data: Time spent in app, screens viewed, features used
  • Device information: Device model, OS version, screen size
  • Performance data: App crashes, slow operations, errors
  • User properties: Subscription status, account age (no personal identifiers)

You can opt-out of analytics:

  • iOS: Settings > Privacy > Analytics & Improvements > Turn off "Share iPhone Analytics"
  • In-App: Future update will include opt-out toggle

We do not use:

  • Advertising IDs (IDFA/AAID)
  • Cross-app tracking
  • Behavioral advertising cookies

Age Verification and Children's Privacy

Age Requirement:

You must be at least 13 years old to use GlowDuck. By creating an account, you confirm you meet this age requirement.

We Do Not Knowingly Collect Data from Children Under 13:

If we discover that a child under 13 has provided personal information, we will:

  1. Delete the account immediately
  2. Remove all associated data
  3. Notify the parent/guardian (if contact information is available)

For Parents:

If you believe your child under 13 has created an account, please contact us immediately at support@glowduck.app so we can delete the account and data.

Changes to This Privacy Policy

How We Notify You:

When we update this Privacy Policy:

  • We update the "Last Updated" date at the top
  • For material changes, we'll notify you via:
    • In-app notification
    • Email (if we have your email)
    • Prominent notice in the app

Your Continued Use:

Continued use of the app after changes constitutes acceptance of the updated Privacy Policy. If you don't agree with changes, please stop using the app and delete your account.

Contact & Data Protection Officer

General Privacy Questions:

Email: support@glowduck.app

EU Data Protection Officer:

If you're in the EU and need to contact our Data Protection Officer:

Email: support@glowduck.app

Response Time:

  • General inquiries: 3-5 business days
  • Data rights requests: Within 30 days (GDPR) or 45 days (CCPA)
  • Urgent security matters: Within 24 hours