Privacy Policy

Privacy Policy

Last updated: 25 May 2026

Glema ("we", "us") provides an AI-assisted skincare-routine app for iOS. This policy explains what personal information we collect, why we collect it, who we share it with, and how you can control it.

This is a draft prepared for App Store submission. The published version will be revised before public launch.

1. Who is the controller

The publisher of the Glema app is Sergey Zaturanov, the natural person operating the service. Contact: privacy@glema.app.

2. What we collect

Account data. When you sign in we receive an Apple identifier (from Sign in with Apple) and, if you choose the email option, an email address. If Apple relays a private email, that's what we store — we do not see your real address.

Profile and routine data. Information you enter to receive recommendations: skin type, concerns, the products on your shelf, and the routine calendar we generate from these inputs.

Skin photos. Photos you upload for analysis. We use them only to generate your recommendations and store them on your device and our servers. You can delete them at any time from inside the app.

Device and usage data. App version, iOS version, device model, push notification token, language, time zone, and approximate location (only when you grant Location permission for UV-index advice). We log error events and explicit product events for diagnostics and product improvement.

Subscription data. If you purchase a Pro subscription, Apple sends us your subscription status (not your card number). We never see your payment details.

We do not collect data from children. The service is intended for users 18 and over.

3. Why we use this data

  • To run the service: generate your routine, send reminders, sync state.
  • To improve recommendations: analyze patterns in anonymized usage.
  • To keep the service safe: detect abuse, debug crashes, monitor reliability.
  • To respond to legal obligations when we receive a valid request.

We do not sell your personal data and we do not use your data for advertising.

4. Who we share it with

We use third-party processors strictly to operate the service:

  • Amazon Web Services (US) — hosting, databases, file storage.
  • Apple (US) — Sign in with Apple, push notifications (APNs), in-app purchases, distribution via the App Store.
  • Anthropic — large-language model inference for routine generation, via AWS Bedrock. Your prompts are processed but not used to train models.
  • Google (Gemini, SerpAPI) — web-grounded search to enrich recommendations.
  • Sentry (US) — crash and error reporting (errors only, no replay).
  • PostHog (US) — product analytics on an explicit-events basis. Autocapture is disabled.

Each processor is contractually bound to use your data only on our instructions. We share the minimum data needed for each integration.

5. International transfers

Data is processed primarily in the United States (AWS us-east-1). If you use the app from outside the US, your data is transferred to the United States under standard contractual safeguards.

6. How long we keep your data

  • Account and routine data: as long as your account is active.
  • Skin photos: until you delete them or your account.
  • Error reports: 90 days.
  • Analytics events: 12 months.
  • Backups: up to 35 days (database point-in-time recovery).

When you delete your account we erase your personal data from production within 30 days. Anonymized aggregate data may persist for analytics.

7. Your rights

You can:

  • Access and export your data from the app's Profile screen.
  • Edit or delete your profile, products, and routine entries at any time.
  • Delete your account from Profile → Account → Delete account.
  • Contact privacy@glema.app for any other request, including under the GDPR, UK GDPR, or CCPA where applicable.

We respond to verified requests within 30 days.

8. Security

We encrypt data in transit (TLS) and at rest. Access to production systems is restricted to the publisher. We do not store passwords for the in-app account — Sign in with Apple and the email code flow do not require one.

9. Changes to this policy

We will update this page when the service or applicable law changes. Material changes will be highlighted in the app or by email when we have one.

10. Contact

privacy@glema.app