Privacy Policy for Glossity
Effective Date: 14th April 2026
Last Updated: 14th April 2026
Welcome to Glossity! Glossity (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Glossity mobile application (the “App”) and our AI-powered beauty product scanning services.
If you reside in the European Economic Area (EEA), the United Kingdom (UK), or the United States (US), specific provisions apply to you as detailed in Sections 6 and 7 of this policy.
For the purposes of the GDPR and UK GDPR, [Insert Glossity Legal Entity Name] is the “Data Controller” responsible for your personal data.
1. Information We Collect
To provide our AI beauty product scanning services, we collect various types of information, including:
Information You Provide to Us
• Account Data: Name, email address, password, and profile information.
• Beauty Profile: Information you voluntarily provide (e.g., skin type, allergies, beauty concerns). Note: Information regarding severe allergies or skin conditions may be considered health data (Special Category Data) under the GDPR.
• Communications: Messages, feedback, or support requests.
Information Collected via the App
• Camera and Image Data: Images you scan to identify beauty products, read ingredient labels, and receive AI analyses.
• Usage Data: Interaction data, including products scanned, features used, time spent, and scan history.
• Device Information: Hardware model, operating system, unique device identifiers, and network information.
2. How We Use Your Information & Our Legal Bases
Under the GDPR and UK GDPR, we must have a valid legal basis to process your data. We use your information for the following purposes based on the corresponding legal grounds:
Purpose of Processing | Data Used | Legal Basis (EEA/UK) |
|---|---|---|
To Provide the Service: Processing scanned images through our AI models to identify products and ingredients. | Image Data, Device Info | Performance of a Contract |
To Personalize Your Experience: Tailoring recommendations based on your Beauty Profile. | Account Data, Beauty Profile | Consent (specifically for any health/allergy-related data) |
To Improve Our AI and App: Analyzing anonymized and aggregated scanning data to train our AI algorithms. | Image Data, Usage Data | Legitimate Interests (improving our core product) or Consent (if required by local law) |
To Communicate with You: Sending technical notices, security alerts, and support messages. | Account Data, Communications | Performance of a Contract / Legitimate Interests |
To Enforce our Terms: Monitoring for fraud and protecting App security. | Usage Data, Device Info | Legitimate Interests / Legal Obligation |
3. How We Disclose or Share Your Information
We may share, disclose, or sell your information in the following circumstances:
• Commercial Partners and Third Parties: We may share or sell certain categories of personal data (such as usage data, anonymized scan history, or device identifiers) to third-party advertising networks, data analytics providers, or brand partners for marketing and research purposes.
• Service Providers: With third-party vendors providing services on our behalf (e.g., AWS, Google Cloud, AI processing APIs, customer support).
• Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred as part of the transaction.
• Legal Requirements: If required by law, or in response to valid requests by public authorities.
4. International Data Transfers
Glossity is headquartered in the United States. If you are accessing the App from the EEA or the UK, your data may be transferred to, stored, and processed outside of your home jurisdiction.
When we transfer your personal data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by utilizing safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
5. Data Retention and Security
• Retention: We retain your account data for as long as your account is active. Raw images uploaded for scanning are securely deleted from our active servers after 1 year unless you specifically save them. If you delete your account, we will delete or anonymize your data in accordance with applicable laws.
• Security: We use industry-standard encryption, access controls, and security measures to protect your data.
6. Specific Rights for EEA and UK Residents (GDPR & UK GDPR)
If you are located in the EEA or the UK, you have the following rights:
• Right of Access & Portability: Request a copy of your personal data in a structured, machine-readable format.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure (“Right to be Forgotten”): Request the deletion of your personal data.
• Right to Restriction of Processing: Request we suspend the processing of your data.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time (e.g., for processing allergy data, AI training, or sharing data with third parties), without affecting the lawfulness of processing before the withdrawal.
• Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects.
To exercise these rights, contact us. You also have the right to lodge a complaint with your local Data Protection Authority (e.g., the ICO in the UK).
7. Specific Rights for United States Residents
This section applies to residents of certain US states that have enacted comprehensive privacy laws, including California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and others.
Notice at Collection
In the preceding 12 months, we have collected the categories of personal information listed in Section 1. We use this data for the business purposes described in Section 2 and may disclose or sell it as described in Section 3.
Your State Privacy Rights
• Right to Know / Access: You may request information about the categories and specific pieces of personal data we have collected about you, as well as the categories of third parties to whom data is sold or shared.
• Right to Delete: You may request the deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request the correction of inaccurate personal data.
• Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell your personal information or share it for cross-context behavioral advertising. You can exercise this right by clicking the “Do Not Sell or Share My Personal Information” link located in the App settings and on our website footer.
• Right to Limit the Use of Sensitive Personal Information: You can limit our use of your sensitive data (e.g., health/allergy information) strictly to providing the services requested. We will not sell sensitive personal information without your explicit opt-in consent.
• Right to Non-Discrimination: We will not discriminate against you (e.g., by denying services or changing prices) for exercising your privacy rights.
8. Children’s Privacy
Glossity is not intended for use by children under the age of 13 in the US, or under the age of 16 in the EEA/UK (unless parental consent is provided according to local law). We do not knowingly collect or sell personal data from children. If we discover we have collected such data inadvertently, we will securely delete it immediately.
9. Changes to This Privacy Policy
We may update our Privacy Policy periodically. We will notify you of material changes via an in-app alert or email, and update the “Effective Date” at the top of this document.
10. Contact Us
If you have questions, wish to exercise your privacy rights, or need to contact our Data Protection Officer (DPO) / EU Representative, please use the following details:
• Email: admin@glossity.app
• Mailing Address: 17350 State Hwy 249, Ste 220, Houston TX 77064
• EU/UK Representative: Devin Liggins, Clyde Udunna
• Data Protection Officer: Devin Liggins, Clyde Udunna