Privacy Policy
Who we are
Glimra is built and operated by an independent developer ("we", "us"), not a corporation with a data business. For anything in this policy, contact support@glimra.app.
What we process, and where it goes
1. Data that never leaves your phone
Your scan history and scores, routine and completion streaks, quiz answers, chat history with the coach, and app settings are stored only on your device. We run no server that stores them, and we cannot see them. Deleting the app, or using Profile → Delete all my data, permanently erases them.
2. Photos, only with your consent
Skin analysis requires sending your selfie to an AI provider. This happens only after you explicitly agree on the scan screen. The photo is transmitted securely, used to produce your skin scores, and is not stored by us. Our current analysis providers:
- Vision analysis: [Provider name, e.g. Moonshot AI]: processes the photo to produce skin scores.
- Text generation (coach replies, routine text, daily tips): [Provider name, e.g. DeepSeek]: receives your questions and skin profile context, never your photos.
Providers process this data under their own terms as our processors; we do not permit them to use your photos to train their models where the provider offers that control.
3. Purchases
Subscriptions are processed by Apple or Google and managed through RevenueCat, which holds a pseudonymous purchase record (no name, no card details; payment data stays with Apple/Google).
4. Analytics
We use PostHog to count anonymous product events (e.g. "scan completed", "paywall viewed") so we can improve the app. No photos, scores, or messages are included.
5. Shop links
Product "View on…" buttons open the retailer's site with an affiliate code. We may earn a commission at no extra cost to you; the retailer's own privacy policy applies from the moment their site opens. We receive no record of what you buy.
What we don't do
- No accounts, no email collection, no user database.
- No sale or sharing of personal data for advertising.
- No third-party ad trackers.
Legal bases (EEA/UK)
- Consent: sending your photo for analysis; you can decline and the feature simply doesn't run.
- Contract: delivering the subscription you purchased.
- Legitimate interest: minimal, pseudonymous product analytics.
International transfers
Our AI and analytics providers may process data outside your country, including outside the EEA. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.
Retention
On-device data stays until you delete it. Photos sent for analysis are used to generate your results and are not retained by us. Analytics events are retained by PostHog per our configuration.
Your rights
Depending on where you live (GDPR, UK GDPR, CCPA and similar), you may have rights to access, correct, delete, or port your data, and to withdraw consent. Because your data is on your device, the app itself is the most direct tool: consent can be withdrawn in Profile, and Delete all my data erases everything locally. For anything involving our processors, email support@glimra.app and we will help. You may also lodge a complaint with your local supervisory authority.
Children
Glimra is for users aged 13 and up. It is not directed at children under 13, and we do not knowingly process their data.
Changes
We'll update this page when the policy changes and update the date above. Material changes will be highlighted in the app.