Privacy Policy

Effective Date: [Date]
Last Updated: [Date]

Table of Contents

1. Introduction and Scope
2. Key Definitions
3. Information We Collect
4. How We Use Your Information
5. How We Share or Disclose Information
6. Data Security and Storage
7. International Data Transfers
8. Data Retention
9. Your Rights and Choices
10. Children's Privacy
11. Compliance with Regional Privacy Laws
12. Changes to This Policy
13. Contact Us

1. Introduction and Scope

Glowgent Inc. ("Glowgent," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we handle your personal information. This Privacy Policy explains our data practices for all users of Glowgent's wellness services, whether you're using our consumer app directly or accessing it through a business program.

We follow applicable privacy regulations, including the EU's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and U.S. health privacy laws like HIPAA where applicable. Our commitment is to give you control over your information while providing you with personalized wellness insights.

Important: By using Glowgent, you agree to the data practices described in this policy. We've written this in plain language so you can easily understand how your information is handled.

2. Key Definitions

• "Users" or "you": Individuals who use Glowgent services, either directly or through a business program
• "Business Users": Organizations that provide Glowgent to their employees or members
• "Personal Data": Any information that identifies you or can be linked to you
• "Sensitive Data": Health information, biometric data, and other specially protected categories of personal information
• "Services": All Glowgent applications, websites, and related services
• "Processing": Any operation performed on your data, including collection, storage, analysis, and sharing

3. Information We Collect

3.1 Information You Provide Directly

Account Information

• Name, email address, password, and profile details
• Age, gender, and basic demographic information
• Organization affiliation (for business program users)

Wellness and Health Data

• Sleep patterns, duration, and quality metrics
• Physical activity data (steps, workouts, exercise routines)
• Nutrition logs and hydration tracking
• Weight, body measurements, and fitness goals
• Mental health indicators (mood, stress levels, anxiety)
• Wellness goals and preferences

Biometric and Image Data

• Skin analysis photos (if you use our skin health features)
• Voice recordings (if you use voice features)
• Other biometric data you choose to share

Communications and Feedback

• Messages you send to our support team
• Survey responses and product feedback
• AI chat interactions and queries

3.2 Information We Collect Automatically

Device and Technical Information

• Device type, operating system, and browser information
• IP address and general location (city/country level)
• App usage patterns and feature interactions
• Error logs and crash reports
• Session duration and frequency of use

Analytics Data

• How you navigate and use our services
• Features you access most frequently
• Performance metrics and response times

3.3 Information from Third Parties

Health App Integrations (with your permission)

• Data from Apple Health, Google Fit, Fitbit, or similar services
• Wearable device data you choose to sync

Business Program Data

• Information provided by your employer or organization
• Eligibility and enrollment status

4. How We Use Your Information

4.1 Core Service Delivery

We use your information to:

• Provide personalized wellness insights and recommendations
• Power our AI-driven health coaching features
• Track your progress toward wellness goals
• Customize content and features to your preferences
• Maintain and improve our services

4.2 AI-Powered Features and Privacy Protection

Our AI assistant analyzes your data to provide personalized guidance. To protect your privacy, we employ our Adaptive Confidence-Driven Anonymization Engine (ACDAE), which:

• Removes or pseudonymizes personal identifiers before AI processing
• Uses unique tokens instead of your actual name or identifying information
• Separates analysis data from identity data with strict access controls
• Ensures AI processing occurs on de-identified data wherever possible

4.3 Service Improvement and Analytics

We analyze aggregated, anonymized data to:

• Understand usage patterns and improve features
• Develop new wellness insights and recommendations
• Conduct research on wellness trends (with anonymized data only)
• Ensure service stability and performance

4.4 Communications

We may contact you for:

• Essential communications: Security alerts, service updates, policy changes
• Service communications: Progress updates, wellness tips, feature announcements
• Marketing communications: Newsletters, promotional offers (opt-in only)
• Support communications: Responses to your inquiries and assistance requests

4.5 Legal and Safety Purposes

We may process your information to:

• Comply with legal obligations and valid legal requests
• Protect our rights, property, and safety
• Prevent fraud, abuse, or violations of our terms
• Enforce our agreements and policies

5. How We Share or Disclose Information

5.1 We DO NOT Sell Your Personal Information

Glowgent does not sell, rent, or trade your personal information to third parties for their marketing purposes or profit.

5.2 Service Providers and Partners

We share limited data with trusted service providers who help us operate Glowgent:

Cloud Infrastructure and Storage

• Supabase: Secure database hosting with end-to-end encryption
• Cloud storage providers: Encrypted backup and data storage
• All providers operate under strict data processing agreements

AI Processing Partners

• Google (Gemini AI) and OpenAI: AI model services for personalized recommendations
• Data is pseudonymized before processing
• Providers cannot use your data for their own purposes
• Processing occurs under strict contractual protections

Communication Services

• Email delivery services for essential and opted-in communications
• Push notification services for app alerts
• Customer support tools for assistance requests

Analytics and Performance

• Crash reporting and performance monitoring
• Usage analytics (with anonymized data only)
• Security monitoring and fraud prevention

5.3 Business Program Sharing

For users in organizational programs:

• Individual data privacy: Your personal wellness details remain private by default
• Aggregate reporting: Organizations may receive anonymized group statistics
• Explicit consent: Any individual data sharing requires your clear consent
• Professional programs: Licensed healthcare providers may access data with your permission

5.4 Legal Disclosures

We may disclose information when required by law or to:

• Respond to valid legal process (subpoenas, court orders)
• Protect rights, property, or safety of users or the public
• Investigate fraud, security incidents, or policy violations
• Comply with regulatory requirements

5.5 Business Transfers

If Glowgent is acquired or merged, your information may be transferred as part of that transaction. You would be notified of any such change and your rights under this policy would continue to apply.

6. Data Security and Storage

6.1 Security Measures

We protect your information using industry-standard security practices:

Encryption

• All data encrypted in transit (TLS/HTTPS)
• Data encrypted at rest (AES-256 encryption)
• Encrypted backups and database storage

Access Controls

• Role-based access with principle of least privilege
• Multi-factor authentication for all team members
• Regular access reviews and monitoring
• Audit logs for all data access

Infrastructure Security

• Secure cloud hosting with certified providers
• Regular security audits and penetration testing
• Automated threat detection and monitoring
• Incident response procedures

6.2 HIPAA-Aligned Practices

For health-related data, we implement HIPAA-grade safeguards:

• Administrative, physical, and technical safeguards
• Business associate agreements with relevant partners
• Breach notification procedures
• Regular risk assessments

6.3 Data Minimization and Pseudonymization

We limit data collection and processing by:

• Collecting only necessary information
• Using pseudonymization techniques where possible
• Regular data purging of unnecessary information
• Separating identifiable data from analysis datasets

7. International Data Transfers

Your data may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where available
• Additional safeguards as required by applicable law
• Data localization options for sensitive jurisdictions

We maintain the same level of protection regardless of where your data is processed.

8. Data Retention

8.1 Active Accounts

We retain your data while your account is active to provide continuous service and maintain your wellness history.

8.2 Account Deletion

When you delete your account:

• Active data is deleted within 30 days
• Backups are purged within 90 days
• Some data may be retained for legal compliance (with notice to you)

8.3 Inactive Accounts

• Accounts inactive for 2+ years may be flagged for deletion
• We'll notify you before any action is taken
• You can reactivate to prevent deletion

8.4 Specific Retention Periods

• Wellness logs: Retained while account is active, deleted upon account closure
• AI interactions: Retained for service improvement, anonymized after 1 year
• Support communications: Retained for 3 years for quality assurance
• Security logs: Retained for 1 year for security purposes
• Aggregated analytics: Retained indefinitely (anonymized data only)

9. Your Rights and Choices

9.1 Universal Rights

Regardless of your location, you have the right to:

• Access: Request a copy of your personal data
• Correction: Update incorrect or incomplete information
• Deletion: Request removal of your personal data
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing

9.2 How to Exercise Your Rights

1. In-app controls: Use privacy settings within the app
2. Account settings: Manage preferences and data directly
3. Contact us: Email hello@glowgent.com for assistance
4. Automated tools: Use self-service data export/deletion features

Response time: We respond to requests within 30 days (or as required by local law)
Identity verification: We may need to verify your identity for security
No charge: Rights requests are free (reasonable limits apply)

9.3 Communication Preferences

You can control:

• Marketing emails: Unsubscribe links in every email
• Push notifications: Manage in app settings
• AI interactions: Clear chat history or limit AI features
• Data sharing: Opt out of research or analytics participation

9.4 Special Choices for Sensitive Data

• Health data: Choose what health metrics to track
• Biometric data: Control image and voice data collection
• AI processing: Opt out of AI analysis while keeping other features
• Third-party sharing: Control integrations with other health apps

10. Children's Privacy

Glowgent is not intended for children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children under these ages. If we discover we have collected information from a child under the applicable age:

• We will delete the information immediately
• We will not use the information for any purpose
• We will implement additional safeguards to prevent future collection

Parents who believe their child has provided information to us should contact us immediately.

11. Compliance with Regional Privacy Laws

11.1 European Union (GDPR)

For EU/EEA users, we ensure:

• Lawful basis for all processing activities
• Data protection by design and default
• Impact assessments for high-risk processing
• Appointment of Data Protection Officer (when required)
• Right to lodge complaints with supervisory authorities

11.2 United States

• HIPAA Compliance: When applicable, we act as a business associate and comply with all HIPAA requirements
• State Privacy Laws: We comply with CCPA, CPRA, and other state privacy laws
• FTC Compliance: We follow FTC guidelines for health apps and data security

11.3 Other Jurisdictions

We monitor and comply with privacy laws in all jurisdictions where we operate, including:

• Canada (PIPEDA)
• Brazil (LGPD)
• Australia (Privacy Act)
• Other applicable regional laws

12. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in our services or business practices
• New legal requirements or regulatory guidance
• Improvements to our privacy practices

12.1 How We Notify You of Changes

• Significant changes: Email notification and prominent app notice
• Minor updates: Notice in app and on website
• Continued use: Indicates acceptance of updated policy
• Right to object: You may close your account if you disagree with changes

We encourage you to review this policy regularly to stay informed about our privacy practices.

13. Contact Us

13.1 Privacy Team

Email: hello@glowgent.com
Response time: Within 5 business days for most inquiries

13.2 General Support

Email: hello@glowgent.com
Response time: Within 24-48 hours

13.4 Data Protection Officer (EU Users)

For EU-specific privacy matters:
Email: hello@glowgent.com

13.5 Rights and Complaints

If you believe we haven't addressed your privacy concerns adequately:

• Contact our Privacy Team first
• EU users: File complaints with your local supervisory authority
• US users: Contact relevant state attorney general or FTC
• Other jurisdictions: Contact your local privacy authority