Privacy Policy

Your data, handled with care.

Effective May 22, 2026 · Last Updated June 11, 2026

This Privacy Policy describes how Glow AI ("Glow," "we," "us") collects, uses, and protects your information when you use our mobile application. We aim to be transparent about what we collect and why, and to give you meaningful control over your data.

01Who we are

Glow AI is developed and operated by Ece Yaren Sarımaden, an independent developer based in Istanbul, Türkiye ("Service Provider"). For privacy matters, the Service Provider acts as the data controller for personal data processed through the Application.

02How AI generation works

Glow AI provides AI-based image and video generation. Here is a high-level description of how the core generation flow works, so you can make informed decisions about your data:

You select a style or feature and provide one or more input images and/or text prompts within the Application.
Your inputs are sent to our backend, hosted on cloud infrastructure in the European Union.
The backend dispatches a generation request to a third-party AI inference provider (such as fal.ai), which routes it to the appropriate AI model (such as Google Veo or Imagen, Black Forest Labs FLUX, OpenAI Sora, or similar).
The AI model produces the output and returns it through the same path.
The output is stored in your library on our infrastructure so you can revisit it. Your original input images are deleted from our processors' systems shortly after generation (typically within 24 hours).
We do not use your personal data or your inputs to train AI models, and we do not permit our processors to use them for general model training without your explicit consent.

03Information we collect

Information you provide

Account information. When you upgrade to an email-based account, we collect your email address and a securely hashed form of your password. We never store your password in plain text.
User content. Photos and images you upload to the Application as input for AI generation, along with any text inputs (prompts, style selections, parameters) you provide.
Generated content. AI-generated images and videos produced from your inputs.
Gender information. When relevant features require it (for example, gender-aware style selection), we collect your selected gender preference solely to personalize generation results. See Section 07.
Support communications. Information you provide when you contact us, including the content of your messages.

Information collected automatically

Device identifiers. Identifier for Vendors (IDFV) and other device-level identifiers provided by iOS.
Technical data. IP address, device model, operating system version, application version, language and region settings.
Usage data. Features used, generation history, time and frequency of use, error and crash diagnostics.

Device permissions we request

The Application requests the following iOS permissions in order to provide its features. You can grant or revoke any of these at any time from your device's iOS Settings.

Photo Library (read). Required so you can select photos from your library as input for AI generation.
Photo Library (add). Required so you can save your AI-generated content back to your device's photo library.
Camera. Optional. If granted, you can take new photos directly inside the Application for use as AI input.
Notifications. Optional. If granted, we can notify you when a generation completes or when there is an important account or service update.
App Tracking Transparency (ATT). Where applicable, we will request your permission before any third-party attribution partner accesses your device's advertising identifier (IDFA). Declining will not prevent you from using the Application.

Information from third parties

Purchase data. When you purchase a subscription or coin package, Apple and our subscription management partner (RevenueCat) provide us with transaction status, subscription state, and receipt validation data.

Content reports & safety data

To keep the Application safe and to comply with platform requirements, we collect limited information when content is reported or flagged for safety:

Content reports. When you report content from within the Application, we collect your account identifier and/or device identifier, the type and identifier of the reported content, the screen you reported it from, the report category you selected, and any free-text description you choose to add.
Flagged uploads. If our on-device safety check determines that an image you are about to upload appears to contain explicit content, that image, along with the model's classification label and confidence, may be sent to us and stored in a restricted location for review. This check runs on your device; we receive the flagged image only when content is blocked.
Technical metadata. A hashed (non-reversible) representation of the IP address associated with a report may be stored for abuse-prevention purposes.

Access to report and flag data is restricted to authorized personnel for the purpose of reviewing and acting on reports. Child-safety reports are handled through a separate, more strictly access-controlled process. We retain report and flag data only as long as necessary to review and resolve the report, to enforce our Terms of Use, and to meet our legal obligations, after which it is deleted on a standard rolling schedule. Where the law requires preservation of certain material (for example, in connection with child-safety reporting obligations), we will retain that material for the period required by law and disclose it only to the competent authorities.

04How we use information

We use the information described above to:

Provide the core AI generation services you request.
Authenticate you and maintain your account.
Process and validate purchases, manage subscriptions, and grant entitlements.
Maintain a record of your generated content so you can revisit it.
Improve the Application, debug issues, and develop new features.
Personalize your experience based on stated preferences (such as gender for style relevance).
Communicate with you about important account or service events.
Detect, prevent, and address fraud, abuse, and violations of our Terms of Use.
Comply with applicable legal obligations.

05AI processing & service providers

To operate the Application — including AI generation, account management, purchases, analytics, and customer engagement — we share certain information with a network of third-party service providers. The specific providers we use may evolve over time as we add features, change partners, or expand into new capabilities. This section describes the categories of providers we work with and gives illustrative examples; the list of named providers is not exhaustive.

What we send to AI providers

The image(s) you select as input.
The text prompt or style parameters you choose.
Technical metadata necessary to route the request.

We do not train AI models on your personal data, and we do not permit our AI providers to do so on identifiable personal data without your explicit consent.

Categories of service providers

AI inference infrastructure — providers that route generation requests to underlying AI models. Example: fal.ai.
AI model providers — companies whose foundation models generate your content (reached either directly or through inference infrastructure). Examples: Google (Veo, Imagen, Gemini-based models), Black Forest Labs (FLUX series), OpenAI (Sora, GPT Image), Luma AI, Pika Labs, Runway, Kuaishou (Kling), ByteDance (Seedance), MiniMax, Tencent (Hunyuan), Alibaba, ShengShu Technology (Vidu), Ideogram, Higgsfield, PixVerse, and similar providers.
Subscription & in-app purchase management — handles subscription state, entitlements, receipt validation, and consumption events. Example: RevenueCat.
App platform & payments — handles in-app purchase processing and platform services. Example: Apple (App Store, StoreKit).
Cloud infrastructure & storage — hosts our backend services, databases, and stored media. These services are provided by cloud hosting and object-storage providers.
Analytics & product insights — helps us understand how the Application is used so we can improve it and diagnose problems. Examples: Firebase Crashlytics, Amplitude, or similar, where implemented.
Push notifications & user engagement — delivers notifications and helps us communicate about your account or important events. Example: OneSignal or similar, where implemented.
Marketing & monetization partners — supports user acquisition, attribution, and measurement of marketing campaigns (for example, attributing whether an ad you clicked led to an install or purchase). These partners do not serve advertisements inside the Application — Glow AI is a premium app and does not display third-party advertising. Where these partners require access to your device's advertising identifier (IDFA), we will request your consent through Apple's App Tracking Transparency framework; you may decline, and your decision will not prevent you from using the Application.
Customer support tools — used to receive and respond to your messages when you contact us.

This list is illustrative and may change over time. We may add, remove, or replace specific providers within these categories without amending this Policy each time. We will, however, update this Policy and notify you within the Application before we introduce a fundamentally new category of data sharing that materially changes how your data is processed (for example, if we ever begin sharing personal data with advertising networks for cross-context behavioral advertising — which we currently do not do).

All service providers process your data on our behalf or as independent processors and are contractually or legally bound to handle your data in accordance with applicable data protection laws. We do not permit them to use your personal media for their own independent purposes.

06Face data policy

The Application may process images that contain faces in order to apply AI-based portrait styles, transformations, or similar effects.

No biometric identification. We do not use face data to identify or authenticate users, to create biometric templates, faceprints, or to build facial recognition databases.
No facial recognition. We do not perform facial recognition on uploaded images or generated outputs.
No long-term retention. Face data is processed transiently in order to generate the requested output. We do not retain face-specific representations beyond what is necessary to produce and store the resulting image or video.
Partner deletion. Our AI processing partners are required to delete input media shortly after generation, typically within 24 hours.
AI content disclaimer. AI-generated outputs are artistic renderings produced from your inputs. They do not constitute real-life representations of any person and must not be used for identity verification, medical, legal, or similar purposes.

07Gender as sensitive information

Certain features within the Application — such as gender-aware style selection — work better when we know your gender preference. When you optionally select a gender, we use that information solely to personalize generation results.

Gender is treated as sensitive personal information under several privacy laws (including Australian privacy law and certain CCPA categories) and is collected only with your express choice within the Application.
You can change or remove your gender preference at any time from within the Application.
We do not share your gender information with third parties for marketing or advertising purposes.
We do not use your gender information for purposes other than personalizing generation results and improving relevant features.

08Subscription & purchase data

Glow AI offers auto-renewing subscriptions and one-time consumable purchases (coin packages). Purchases are processed by Apple through the App Store and managed by RevenueCat on our behalf. We do not see or store your full payment card information; we receive only the data necessary to grant entitlements and reconcile transactions: transaction identifiers, subscription state, original purchase date, expiration date, and validation receipts.

09Sharing data with Apple for refunds

If you request a refund for an in-app purchase through Apple's App Store, we may provide Apple with limited information regarding your usage of the Application and the specific in-app purchase, so that Apple can make an informed refund decision. The data we may share with Apple for this purpose includes:

The time elapsed since the Application was installed
The total time the Application has been used
Anonymous account identifiers (not your name or email)
Whether the in-app purchase was consumed (for example, whether Coins were spent)
Whether a free trial was used
The total purchase amount
The total amount previously refunded

This data is shared solely to help Apple evaluate refund requests and is handled in compliance with applicable privacy laws. By continuing to use the Application, you consent to this data sharing for refund-handling purposes. If you wish to opt out of this data sharing, please contact us; please note that opting out may affect Apple's ability to process refund requests in your favor.

10Storage & security

Our backend services and databases are hosted on cloud infrastructure located in the European Union (Germany). Generated media and encrypted backups are stored using a third-party object-storage provider; where such data is processed outside the European Union, the safeguards described in Section 12 (International data transfers) apply. Data is encrypted in transit using TLS and at rest using industry-standard encryption. Access to backend systems is limited to authorized personnel and protected by strong authentication.

We additionally apply the following safeguards:

Pseudonymization where technically feasible.
Access controls with role-based permissions.
Regular security reviews of our infrastructure and dependencies.
Confidentiality obligations binding all personnel and processors with access to personal data.

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If we become aware of a personal data breach that affects you, we will notify you and applicable authorities as required by law.

11Data retention

We retain personal data only for as long as necessary for the purposes described in this Policy, and we apply different retention practices to different categories of data based on the criteria below:

Account and content data is retained while your account is active and is removed from active systems when you delete your account or specific content. Some operational copies (such as backups) are purged on a standard rolling schedule thereafter.
Uploaded input images are processed transiently for AI generation; our AI processing partners are required to delete input media shortly after generation.
Generated outputs in your library are retained until you delete them or your account is closed.
Subscription and purchase records may be retained for longer periods to comply with applicable tax, accounting, and consumer-protection laws.
Operational data (such as server logs, error reports, and support communications) is retained only as long as necessary for security, debugging, and the resolution of your requests.

Where law requires a longer retention period — for example, for legal claims, fraud prevention, or financial recordkeeping — we will retain the relevant data for that period and no longer than necessary.

12International data transfers

Although our backend infrastructure is located in the European Union, your data may be transferred to third-party processors that operate in other countries (including the United States and other jurisdictions) to deliver AI generation, subscription management, analytics, and platform services. Where such transfers occur, we rely on appropriate legal safeguards, including:

Standard Contractual Clauses (SCCs) as adopted by the European Commission;
UK International Data Transfer Addenda or equivalent UK-approved mechanisms, where applicable;
Technical safeguards such as encryption in transit and at rest;
Transfer impact assessments where required by law.

13Your rights & choices

Depending on where you live, you may have the following rights regarding your personal data:

Access. Request a copy of the personal data we hold about you.
Rectification. Request correction of inaccurate or incomplete data.
Erasure. Request deletion of your data. You can also delete your account directly within the Application.
Restriction. Request that we limit the processing of your data in certain circumstances.
Portability. Request your data in a structured, commonly used, machine-readable format.
Objection. Object to processing based on our legitimate interests, including direct marketing.
Withdrawal of consent. Where processing is based on consent, withdraw consent at any time.
Object to AI processing. You may object to the processing of your personal data for AI generation. Where you do so, we will not proceed unless legally required.
Lodge a complaint. File a complaint with your local data protection authority.

To exercise any of these rights, contact us at the address below. We will respond within the timeframes required by applicable law (typically within 30 days, extendable to 45 or 90 days for complex requests under GDPR or CCPA).

14California (CCPA / CPRA) disclosures

This section supplements the rest of this Policy and applies to California residents under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Categories of personal information we collect

In the preceding 12 months, the following categories of personal information may have been collected:

Category	Collected
Identifiers (name, email, IP address, device IDs)	Yes
Customer records (e.g., email, payment-related information processed by Apple)	Yes
Protected classification characteristics (race, religion, etc.)	No
Commercial information (records of purchases, subscription history)	Yes
Biometric information	No
Internet / network activity (app usage, generation history)	Yes
Geolocation data (precise location)	No
Audio, visual, or similar information (uploaded photos, generated content)	Yes
Professional / employment information	No
Education information	No
Inferences drawn to profile preferences or characteristics	No
Sensitive personal information (gender, where voluntarily provided)	Yes

Sources of personal information

We collect personal information directly from you, automatically through your use of the Application, and from third parties such as Apple and RevenueCat in connection with purchases.

Sales and sharing of personal information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. In the preceding 12 months, Glow AI has not sold or shared personal information of any consumer, including consumers under 16 years of age.

Your CCPA / CPRA rights

Right to know what categories and specific pieces of personal information we have collected, the sources, the business purpose, and the categories of third parties with whom we share it.
Right to delete the personal information we have collected from you, subject to limited exceptions (such as completing a transaction, detecting security incidents, or complying with legal obligations).
Right to correct inaccurate personal information.
Right to opt-out of sales or sharing (not applicable to us since we do neither, but the right exists).
Right to limit use of sensitive personal information — you may limit our use of sensitive PI (such as gender) to what is necessary to provide the requested service.
Right to non-discrimination for exercising any of these rights.

How to exercise rights

Submit a verifiable consumer request by emailing [email protected]. We will:

Confirm receipt within 10 business days;
Respond to verified requests within 45 days (extendable by 45 additional days when reasonably necessary, with notice);
Verify your identity using the information associated with your account.

You may also designate an authorized agent to make a request on your behalf, in accordance with CCPA requirements. We may deny a request from an authorized agent that does not submit proof of authorization.

"Shine the Light"

California Civil Code Section 1798.83 permits California residents to request certain information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

15Regional compliance addendum

This section provides supplemental disclosures for users located in specific jurisdictions. The general provisions of this Policy continue to apply in addition to the rights described below.

United Kingdom (UK GDPR)

If you are located in the United Kingdom, we comply with the UK General Data Protection Regulation. You have the rights of access, rectification, erasure, restriction, objection, and data portability. Cross-border transfers from the UK to other jurisdictions are protected using Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or other legally approved mechanisms.

Supervisory Authority: Information Commissioner's Office (ICO) · ico.org.uk

European Union

Users in EU member states benefit from the rights described above and may contact their national supervisory authority:

Italy

Garante per la protezione dei dati personali · garanteprivacy.it

Spain

Agencia Española de Protección de Datos (AEPD) · aepd.es

France

Commission Nationale de l'Informatique et des Libertés (CNIL) · cnil.fr

Germany

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) · bfdi.bund.de

Switzerland

Federal Data Protection and Information Commissioner (FDPIC) · edoeb.admin.ch

Australia

For users in Australia, we handle personal data in accordance with the Australian Privacy Principles (APPs). You have the right to access and correct your personal information and to lodge a complaint regarding our handling of it. Cross-border disclosures to third-party service providers (including those in the United States) are made under reasonable steps consistent with APP 8.

Supervisory Authority: Office of the Australian Information Commissioner (OAIC) · oaic.gov.au

Canada (PIPEDA)

For users in Canada, we process personal data in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and withdraw consent for the processing of your personal data, and to file complaints with the Office of the Privacy Commissioner of Canada. Your data may be stored on servers outside Canada (including the European Union and the United States); by using the Application, you consent to this cross-border transfer.

Supervisory Authority: Office of the Privacy Commissioner of Canada · priv.gc.ca

Türkiye (KVKK)

For users in Türkiye, we process personal data in accordance with the Law on the Protection of Personal Data (Kişisel Verilerin Korunması Kanunu, Law No. 6698). You have the rights set out in Article 11 of the KVKK, including the right to learn whether your personal data is processed, request information regarding processing, learn its purpose, and request correction or erasure. To exercise these rights, contact us at the address below.

Supervisory Authority: Kişisel Verileri Koruma Kurumu (KVKK) · kvkk.gov.tr

16Children's privacy

Glow AI is not directed to children. We do not knowingly collect personal information from children below the applicable minimum age. The minimum age depends on your jurisdiction:

United States: 13 years (COPPA)
United Kingdom & most EU member states: 13 years
Italy & Spain: 14 years
France: 15 years
Germany & Switzerland: 16 years

For users below the applicable age, processing of personal data requires verifiable parental or guardian consent. If we learn that we have collected personal information from a child below the applicable age without such consent, we will delete it promptly. Parents or guardians who believe their child has provided us with personal information may contact us at the address below.

The App Store age rating for Glow AI provides an additional layer of parental control through iOS Screen Time and Family Sharing.

17Push notifications

With your permission, we may send push notifications to inform you about completed generations, account events, or important service updates. You can disable push notifications at any time from your device's iOS Settings. You may also opt out of marketing-style notifications via the Application's settings while keeping critical service notifications enabled, where applicable.

18AI content disclaimer

Because the Application relies on third-party AI models that operate stochastically, we cannot fully control the outputs produced. AI-generated content does not represent the views, opinions, or positions of the Service Provider on any subject, including with respect to any individual, religion, ethnic group, organization, company, brand, product, or service. AI-generated outputs are artistic renderings and must not be relied upon as accurate representations of real persons, events, advice, or information.

19Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will revise the "Effective" and "Last Updated" dates at the top of this document and, where appropriate, notify you within the Application. For substantial changes (such as introducing a new category of data processing), we will provide reasonable advance notice. Continued use of the Application after such changes constitutes acceptance of the updated policy.

20Contact

For questions about this Privacy Policy or to exercise any of the rights described above, please contact:

Ece Yaren Sarımaden
Istanbul, Türkiye
[email protected]

By using Glow AI you acknowledge that you have read and understood this Privacy Policy. You can review our Terms of Use for the rules governing use of the Application.