Last Updated: September 24, 2025

1. Introduction

This Privacy Policy explains how Glowio (“App”) collects, uses, and protects your information. Glowio is an AI-powered photo editing app for iOS. We are committed to safeguarding your privacy and being transparent about our data practices.

Contact Information:

Name: Egemen Tokgoz
Email: egementt35@gmail.com
Address: Izmir, Turkey

2. Information We Collect

2.1 Images and Media Content
- Uploaded Images: Photos you upload for AI editing.
- Generated Content: Edited or AI-generated results.
- Image Metadata: Resolution, format, and size for processing.

2.2 Authentication Data
- Apple Sign In / Anonymous Sign In: For user sessions.
- Session Data: Keeps you logged in and saves preferences.
- Device Information: Device type, OS version, and app version for troubleshooting.

2.3 Usage Analytics
- App Usage Patterns: Features used, editing preferences, session length.
- Performance Data: Error rates, crash reports, and load times.
- Technical Logs: For debugging and improvements.

2.4 Communication Data
- Support Requests: Information you provide when contacting us.
- Feedback: Suggestions and feature requests you share.

3. How We Use Your Information

3.1 Primary Purposes
- Image Processing: To edit and enhance your photos with AI.
- Service Delivery: To provide app functionality.
- Authentication: To manage your sign-in and anonymous sessions.
- Support: To respond to inquiries and resolve issues.

3.2 Optional Uses (With Consent)
- Service Improvement: Analyzing usage for better features.
- Analytics: Understanding user behavior.
- Marketing Updates: Sending new feature info (only if you opt in).

3.3 Legal Basis (GDPR)
- Contract Performance: Processing your images to provide services.
- Legitimate Interests: Security, functionality, and fraud prevention.
- Consent: For analytics and marketing.
- Legal Compliance: Where required by law.

4. Third-Party Services

4.1 AI Providers
- Replicate
- Purpose: Image editing via specialized AI models.
- Data Shared: Uploaded images and processing instructions.
- Retention: Temporary; no permanent storage beyond processing.
- Policy: https://replicate.com/privacy
- Google Gemini AI
- Purpose: Advanced image editing and generation.
- Data Usage: Used only for processing.
- Retention: No retention by Google.
- Policy: https://policies.google.com/privacy

4.2 Authentication and Analytics
- Firebase (Google)
- Purpose: Anonymous authentication, crash reporting, analytics.
- Data Shared: Anonymous IDs, crash reports, usage data.
- Retention: Accounts removed after inactivity; analytics retained up to 2 years.
- Policy: https://firebase.google.com/support/privacy
- Supabase
- Purpose: Database, storage, and backend services.
- Data Shared: User session data, stored images.
- Retention: Uploaded images stored up to 1 week, then deleted.
- Policy: https://supabase.com/privacy

4.3 Payments
- RevenueCat
- Purpose: Subscription and in-app purchase management.
- Data Shared: Transaction details (no card info).
- Policy: https://www.revenuecat.com/privacy

5. Data Retention and Deletion
- Uploaded Images: Deleted after 1 week.
- Generated Images: Stored only in your session.
- Anonymous Sessions: Deleted after 30 days of inactivity.
- Analytics Data: Retained max 2 years.
- Support Requests: Retained up to 3 years.
- Users can request immediate deletion anytime (see Section 8).

6. Data Security
- Encryption in Transit: TLS 1.3
- Encryption at Rest: AES-256
- Secure APIs: Authenticated API usage
- Processing: Temporary and isolated environments
- Audits: Regular security checks

7. International Data Transfers
- Data may be processed globally where providers operate.
- Transfers are safeguarded by Standard Contractual Clauses.

8. Your Privacy Rights
- Access: See what data we hold.
- Correction: Fix inaccurate data.
- Erasure: Request deletion.
- Portability: Export your data.
- Object/Restrict: Limit or stop processing.
- Withdraw Consent: Opt out of analytics or marketing.
- Requests: egementt35@gmail.com (response within 30 days).

9. AI Transparency
- Automated Processing: All edits are AI-based.
- No AI Decisions: We don’t make personal-impacting decisions.
- Model Training: Your images are not used for AI training.

10. Cookies & Local Storage
- Essential: Session data, preferences, auth tokens.
- Optional: Analytics (opt-in).

11. Children’s Privacy
- We do not knowingly collect data from children under 13 (or local minimum age).

12. Changes to Privacy Policy
- Updates notified via app.
- 30-day review period for major changes.

13. Regional Rights
13.1 EU (GDPR)
- All rights in Section 8 apply.
- Data Protection Officer: Egemen Tokgoz
- Supervisory Authority: You may lodge complaints locally.
13.2 California (CCPA)
- Right to Know what’s collected.
- Right to Delete your data.
- Right to Opt-Out (we don’t sell your data).
- Non-Discrimination: Equal service for all users.

14. Data Breach
- User notification within 72 hours.
- Regulatory reporting as required.

15. Business Transfers
- If acquired/merged, your data will remain under same protections.

16. Contact
- Email: egementt35@gmail.com
- Response: 48h initial, 30 days full resolution

Effective Date: September 24, 2025
Version: 1.0

By using Glowio, you acknowledge you have read and agreed to this Privacy Policy.