Privacy Policy

Last updated: February 13, 2026

1. Data Controller

The controller of your personal data is:

• Company Name: COSITY TECH S.L. (Tax ID: B24764045)
• Address: Calle Fontecomido, 36, Louro, 15291, Muros (A Coruña), Spain
• Registry: Registered in the Commercial Registry of Santiago de Compostela, Sheet SC-54149
• Contact: myglowappsoporte@gmail.com

2. What Data Do We Process and Why?

To provide you with the MyGlowApp service, we process the following categories of data:

A) Registration and Profile Data

• Data: Email address, name (optional), age, gender, and authentication method used (email, Google, or Apple).
• Purpose: To create and manage your user account, personalize the service according to your profile, and communicate with you.
• Legal Basis: Performance of the contract (Terms and Conditions).

B) Facial Image, Skin Data, and AI Analysis

• Data: We collect the static images of your face that you voluntarily upload for skin analysis. We do not collect biometric identifiers, facial geometry (Face ID), or depth maps. We only process standard 2D photographs. We also collect the information extracted by our AI (e.g., skin type, texture, presence of imperfections), your responses about skin type, goals, concerns, current care level, as well as your weekly subjective assessment during Check-ins.
• Purpose: Images are processed by our Artificial Intelligence algorithms (OpenAI) solely to detect visible skin characteristics (such as texture, acne, redness) and generate your personalized routine, propose smart product suggestions, and allow you to track your progress.
• Storage and Security: Before uploading any image to our servers, our system automatically removes all metadata (EXIF, GPS) and resizes the image locally on your device for maximum privacy.
• Legal Basis (Explicit Consent): Your affirmative action. By pressing the action button ("Analyze", "View results" or similar) within the Application and accepting the processing, you grant us your explicit consent.

C) Product Photographs

• Data: Photographs of cosmetic products you scan using the Scanner feature, along with the information extracted by our AI.
• Purpose: To analyze the product composition and evaluate its compatibility with your skin type.
• Legal Basis: Performance of the contract.

D) Usage, Technical, and Marketing Data

• Data: Usage frequency, anonymized technical device identifiers, IP address, error data (crash logs), and referral source.
• Purpose: To improve the accuracy of our algorithms, fix technical issues, and measure campaign effectiveness.
• Legal Basis: Legitimate interest. We do not collect your device's Advertising Identifier (IDFA) without explicit permission.

3. Retention Policy and Timeframes

We designed our system to protect your privacy, keeping your information only for the time necessary:

• A) Profile Photo: Retained indefinitely while you maintain an active account, until you decide to change or delete it manually.
• B) Initial Analysis Photo: The photograph from your first analysis is retained linked to your profile to serve as a baseline reference ("Starting point") at the beginning of your treatment. This image is stored while your account remains active to allow you to compare your long-term progress, and will be permanently deleted only when you request account deletion.
• C) Tracking Photos (Check-ins): We apply a strict data minimization principle. To allow you to see your "Before and After" progress, our system retains only the 2 most recent photographs. Any previous photograph is automatically and permanently deleted from our servers when a new check-in is uploaded.
• D) Scanned Product Photos: Product photographs are retained while they are linked to your active routine. Those no longer in use are automatically deleted when the system detects they are no longer needed.
• E) Account Data: Your profile and activity data are retained while your account remains active. If it remains inactive for 24 months, we may proceed with its deletion.
• F) Complete Deletion: If you decide to delete your account through the Application (Profile > Account > Delete account) or by requesting it via email, an immediate deletion process will be triggered that will permanently remove all your photographs from our storage servers (Firebase Storage) and all your personal data from our databases. This process is permanent and irreversible.

4. Recipients and International Transfers

We do not sell your personal data. We share strictly necessary data with technology providers ("Data Processors"):

• OpenAI, L.L.C. (USA): AI-powered image analysis. Images are not stored or used by OpenAI to train their models.
• Google – Firebase (USA/EU): Cloud infrastructure and secure storage.
• RevenueCat (USA): Subscription management.
• Tenjin, Inc. (USA/Germany): Marketing attribution.
• Formspree, Inc. (USA): Support.
• Brevo (France/EU): Transactional emails.

We ensure that international transfers are carried out under adequate legal mechanisms (Data Privacy Framework or Standard Contractual Clauses).

5. Automated Decisions

The Application uses AI to generate aesthetic recommendations. These decisions do not produce legal effects on you. The final decision to follow the recommendations is always yours.

6. Your Rights

You can exercise your rights by writing to myglowappsoporte@gmail.com:

• Access, Rectification, and Deletion: Request a copy, correct, or delete your data (including account deletion from the App).
• Objection and Restriction: Object to the use of your data or restrict it.
• Portability: Request your data in JSON format.
• Withdraw Consent: Stop using the analysis feature at any time.

You have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es).

7. Data Security

We implement encryption in transit and at rest, automatic removal of metadata (GPS) from photos before saving them, and validation through Firebase App Check.

8. Minors

MyGlowApp is not intended for minors under 18 years of age. If we detect data from a minor without verification, we will delete it immediately.