← Back to EasyGlow

1. Introduction

Welcome to EasyGlow ("we," "our," or "us"), operated by VibeLabs. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the EasyGlow iOS application (the "App") available on the Apple App Store.

By using the App you consent to the practices described here. If you do not agree, please do not use the App.

2. Information We Collect

Information You Provide

• Account Data: We use anonymous authentication via Firebase. No email, password, or personal identity is required.
• Profile Information: Skin type, skin concerns, skincare goals, age range, and budget preferences you supply during onboarding.
• Photos: Facial images you capture for skin analysis. Photos are transmitted directly from your device to OpenAI's API (a third-party AI service) over an encrypted connection for analysis. They are not permanently stored on our servers. See Section 4 below for full details. OpenAI processes images under their API Data Usage Policy and does not use API data to train models.
• Product Data: Skincare products you log, including names, brands, and optional photos.

Information Collected Automatically

• Usage Data: Feature interactions, routine completion history, and gamification progress.
• Device Information: Device type, iOS version, and app version (collected by Firebase and Expo).
• Subscription Data: Subscription status and billing events processed by RevenueCat. We never see your payment card details — all payments are handled by Apple via the App Store.

3. How We Use Your Information

4. Face Data & Third-Party AI Service

Face data we collect

EasyGlow collects a single 2D selfie photograph taken voluntarily by the user via the device's standard camera. The app does not use ARKit, the TrueDepth camera, facial geometry mapping, facial recognition, or Face ID data. No biometric identifiers or facial feature maps are created or stored.

How face data is used

Your selfie is used exclusively to generate AI-powered skincare routine recommendations — assessing general skin wellness indicators such as hydration levels, skin tone evenness, and complexion brightness. It is never used for facial recognition, identity verification, advertising, user tracking, or AI model training.

Face data retention

• On our servers: Your selfie photo is never stored on EasyGlow's servers.
• On your device: The photo exists only in temporary memory during the analysis session. It is not saved to your photo library or device storage.
• On OpenAI's servers: Per OpenAI's API Data Usage Policy, API inputs (including images) may be retained for up to 30 days for abuse monitoring, then permanently deleted.

What data is sent to OpenAI

• Your selfie photo — the facial image you capture is converted to base64 on your device and transmitted directly to OpenAI's API.
• Your skin profile — skin type, age range, skin concerns, skincare goals, and budget preference (collected during onboarding) are included to personalize the analysis.

Who receives this data

The data is sent to OpenAI, Inc. via their Chat Completions API. OpenAI processes the data using the GPT-4o-mini model to generate skin analysis scores and skincare routine recommendations. No other third party receives this data.

Why this data is shared

EasyGlow does not operate its own AI models. OpenAI's API is used to analyze your photo and profile, generate hydration, glow, and clarity scores, identify skin observations, and recommend personalized skincare routines.

How the data is transmitted and protected

• Data is sent over an encrypted HTTPS connection directly from your device to OpenAI — it does not pass through EasyGlow's servers.
• OpenAI processes the data under their API Data Usage Policy, which states that API data is not used to train OpenAI's models.
• OpenAI retains API data for up to 30 days for abuse monitoring, then deletes it.
• Photos are not permanently stored on EasyGlow's servers or OpenAI's servers.

User consent

Before any data is sent to OpenAI, the app displays a consent dialog that explains what data is shared, who it is shared with, and why. You must explicitly agree before proceeding. You may decline at any time, in which case no data is transmitted and the analysis does not proceed.

We do not sell your photos, use them for advertising, or use them for model training.

5. Data Storage & Security

• All data is stored in Firebase (Google Cloud) with encryption at rest and in transit (TLS/HTTPS).
• Firebase Security Rules ensure each user can only access their own data.
• Anonymous authentication means no passwords or email addresses are required.
• Firestore offline persistence keeps your data available even without a network connection.

6. Third-Party Services

• Firebase (Google): Authentication, Firestore database, Cloud Storage, and hosting — Privacy Info
• OpenAI: AI skin analysis via API — Privacy Policy
• RevenueCat: Subscription management — Privacy Policy
• Expo: Build tooling and push notifications — Privacy Policy
• Apple: In-app purchase processing and app distribution

7. Data Sharing

We do not sell, rent, or trade your personal information. Data is shared with OpenAI for AI skin analysis (see Section 4 above) and with the other third-party services listed in Section 6 to provide the App's functionality. Data may also be disclosed when required by law.

8. Your Rights & Choices

• Access: Request a copy of your personal data.
• Deletion: Request deletion of your account and all associated data.
• Notifications: Disable reminders in App settings or iOS Settings at any time.
• Withdraw Consent: Stop using the App and request data deletion.
• Data Portability: Request your data in a portable format.

To exercise any right, email sbonelojunior@gmail.com. We will respond within 30 days.

9. Data Retention

We keep your data while your account is active. Upon a deletion request, all personal data is permanently removed within 30 days, except where retention is required by law.

10. Children's Privacy

EasyGlow is not intended for anyone under 13 (or 16 in the EEA). We do not knowingly collect data from children. If we learn a child has provided personal information, we will delete it promptly.

11. International Transfers

Your data may be processed in the United States (where Firebase and OpenAI servers are located). We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

12. California Residents (CCPA)

California residents may request to know what personal information we collect and request its deletion. We do not sell personal information. Contact us to exercise your CCPA rights.

13. European Residents (GDPR)

EEA residents have the right to access, rectify, erase, restrict processing, and port their data. Our legal basis is consent (which you may withdraw at any time) and legitimate interest in providing the service. Our data protection contact is sbonelojunior@gmail.com.

14. Changes to This Policy

We may update this policy. Material changes will be communicated in the App and the effective date above will be updated. Continued use after changes constitutes acceptance.