← Back to Glaw

Privacy Policy

Last updated: 6 July 2026

This Privacy Policy explains how Glaw ("Glaw", "we", "us") collects, uses, and protects your information when you use the Glaw mobile app. We built Glaw to keep as much of your data on your own device as possible. Please read this alongside our Terms of Service.

1. Who we are

The data controller responsible for your information is Aleksandr Saliukov (Vienna, Austria). You can reach us any time at support@glaw.app.

2. The short version

3. Face data

Glaw collects the front and side selfies you choose to capture or import for a scan. Those selfies are face data. Glaw also sends the related scan profile, age, and goals you provide so the analysis can use the rubric and context you selected.

We use face data only to prepare your scan images, send them for AI analysis, generate your appearance scores and routine recommendations, show your results, and support local progress tracking in the app. Face data is not used to identify you, verify your identity, train AI models, sell advertising, or rank you publicly.

For analysis, Glaw sends the scan request through our secure backend infrastructure hosted by Cloudflare, then to Google Gemini through OpenRouter, our third-party AI service path for generating the analysis. These providers process the data only to provide Glaw's app functionality and are required to provide the same or equal protection for user data as described in this Privacy Policy and required by the App Store Review Guidelines.

Before any scan is uploaded, the app asks for your agreement on the capture screen, which lists this data and names these recipients — the upload only starts when you tap Agree & Continue. Nothing is sent unless you agree; going back instead keeps your photos on your device.

Your scan photos are not retained on Glaw servers. They are processed to produce your analysis and then discarded by Glaw's backend. Your scan photos, thumbnails, scores, routine history, and progress history are stored locally on your device until you delete them or delete the app. You can delete local scan data in the app from Settings > Privacy and consent > Delete my data.

4. What we collect and why

Photos & scan details

When you scan, your photos — along with the age and improvement goals you provide — are sent securely to our processing backend and on to a third-party AI provider that generates your appearance analysis. We do not retain your photos on our servers — they are processed to produce your scores and then discarded, and they are not used to train AI models. Your photos and results stay on your device unless you choose to delete them.

Your analysis & app activity

Your scores, routines, progress history, and preferences are stored locally on your device. We do not keep a server-side copy of your results.

We use PostHog EU Cloud to collect limited product analytics events, such as onboarding step views, coarse analysis status, paywall handoff, retry taps, premium activation, and app backgrounding. These events help us understand where people leave onboarding and improve the product. We do not use PostHog session replay, heatmaps, interaction autocapture, or identity profiles, and we do not send photos, base64 image strings, scan results, exact scores, raw age, names, emails, request IDs, scan IDs, device hashes, IDFA/IDFV, or AppsFlyer IDs to PostHog.

Subscription information

If you subscribe, your purchase is processed by Apple and managed through our subscription provider, RevenueCat. We receive your subscription status (active, expired, trial) — never your card number or full payment details.

Device verification (anti-fraud)

To protect Glaw from abuse and keep usage fair, our backend uses Apple's App Attest and stores a one-way hashed device identifier derived from it, together with simple usage counts. This is pseudonymous, is not linked to your identity, and is never used for advertising.

Device & advertising data (only with your permission)

If you grant permission through Apple's App Tracking Transparency prompt, we and our attribution partner AppsFlyer collect your device's advertising identifier (IDFA) and app/event information to measure which advertising campaign (for example, a TikTok ad) brought you to Glaw. If you decline the prompt, this tracking does not occur. You can change your choice any time in iOS Settings → Privacy & Security → Tracking.

Diagnostics & usage

To keep Glaw stable, we rely on Apple's built-in crash and performance reports, which Apple provides to us in aggregate. We do not run our own analytics servers. Product analytics are handled by PostHog EU Cloud as described above. Any usage data tied to advertising is described above and is only collected with your permission.

Support messages

If you email us, we receive your email address and whatever you choose to tell us, used only to help you.

5. Who we share data with

We don't sell your data. We share limited information with service providers strictly to run Glaw:

6. Legal bases (EU/UK users)

Where the GDPR applies, we process your data on these bases: performance of a contract (to deliver the analysis and subscription you ask for), your consent (advertising measurement via the tracking prompt, which you can withdraw at any time), and our legitimate interests (keeping the app secure and functional, understanding onboarding, and improving the product).

7. Data retention

Photos are not retained on our servers after analysis. Your results stay on your device until you delete them or delete the app. Product analytics, subscription, and advertising-measurement records are kept by our providers for as long as needed for those purposes and to meet legal obligations.

8. Your rights

Depending on where you live (including under the GDPR and CCPA), you may have the right to access, correct, delete, or export your data, to object to or restrict processing, and to withdraw consent. Because most of your data lives on your device, you can remove the bulk of it simply by deleting the app. For anything held by us or our providers, contact support@glaw.app and we'll action your request. You also have the right to complain to your local data protection authority.

9. International transfers

Some of our providers process data outside your country, including in the United States. Where required, these transfers are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

10. Children

Glaw is not intended for anyone under 16, and we do not knowingly collect data from children. If you believe a child has used Glaw, contact us and we'll delete any associated data.

11. Security

Data is transmitted over encrypted connections, and we keep your most sensitive information (your results) on your device by design. No method of transmission or storage is ever 100% secure, but we work to protect your information.

12. Changes

We may update this policy as Glaw evolves. We'll revise the "last updated" date above, and significant changes will be reflected in the app.

13. Contact

Questions or requests? Email support@glaw.app.