Glow Diary
← Home
Privacy Policy
Last updated: April 15, 2026 · Effective: April 15, 2026
In short: Glow Diary stores your photos, habits, and progress on your iPhone. We don't run a user database, we don't sell data, we don't track you. The only data that ever leaves your device is what you actively send to our AI features — and even then, nothing is stored.
1. Who we are
Glow Diary is published by an independent developer (sole proprietor) reachable at bilaliyisoy@gmail.com. For the purposes of the EU General Data Protection Regulation (GDPR), this developer is the data controller responsible for the limited personal data processed through the app.
2. What we collect
- Account data: None. Glow Diary has no sign-up, no login, and no user database.
- Habit and progress data: Your habits, daily logs, glow scores, progress photos, skin profile, and skin analysis results are stored exclusively on your iPhone using SwiftData and the app's Documents directory. They never reach our servers.
- AI inputs: When you use AI features (skin analysis, ingredient scanner, AI chat), the text or image you submit is sent through our secure proxy server and forwarded to OpenAI's API for processing. Inputs are not written to disk on the proxy or stored in any database — the response comes back, and the request ends.
- Anonymous request identifier: To prevent abuse of the AI proxy, we attach a randomly generated, anonymous device identifier to each AI request. This identifier is not linked to your name, email, Apple ID, or any other personal information, and it is used solely for rate limiting.
- Subscription state: Subscription purchases are handled by Apple via StoreKit. We never receive your payment details, name, or Apple ID — only an entitlement signal indicating whether you have an active subscription.
- Analytics: None. Glow Diary does not include any analytics SDK and does not record which features you use, which screens you open, or any other usage data.
3. How we use it (legal basis under GDPR)
For users in the European Union and United Kingdom, we process the limited data above on the following GDPR legal bases:
- Legitimate interest (Art. 6(1)(f)) — anonymous analytics and AI rate limiting, both necessary to operate the app fairly and prevent abuse.
- Contractual necessity (Art. 6(1)(b)) — processing your AI requests to deliver the feature you actively use.
- Consent (Art. 6(1)(a)) — by tapping an AI feature, you consent to your input being sent to our proxy and to OpenAI for that single request.
You can withdraw consent for AI processing at any time by simply not using AI features. The rest of the app works fully offline.
4. AI processing
AI features are powered by OpenAI's GPT-4o family, accessed through our secure Railway proxy at glowai-proxy-production.up.railway.app. Per OpenAI's API data usage policy, inputs sent through their API are not used to train OpenAI's models. Our proxy does not log or persist your requests.
5. Face data
When you use the AI Skin Analysis feature, Glow Diary uses Apple's Vision framework (VNDetectFaceRectanglesRequest) to detect your face in the selfie you take. This section explains exactly what face data is involved, how it is used, and where it goes.
- What face data is collected: The app detects your face and calculates a face bounding box (position coordinates: x, y, width, height). It then analyzes the pixel data within that facial region to derive skin metrics — brightness, evenness, redness, smoothness, texture, hydration, and pore visibility. The face bounding box coordinates and skin metrics are stored locally on your iPhone in the SkinAnalysisResult SwiftData model.
- How face data is used: Face detection is used solely to locate the skin area within your selfie so that skin metrics can be calculated accurately. The on-device Vision framework runs entirely on your iPhone — no face geometry, face coordinates, or biometric data is ever sent to any server. The face region coordinates are used locally to crop the analysis area, nothing more.
- What is sent to OpenAI: If you opt into enhanced AI analysis, only the photo itself (not face geometry or bounding box data) is sent through our secure Railway proxy to OpenAI's API. The photo is processed in real-time and is not stored on our proxy or on OpenAI's servers beyond the request lifecycle. Per OpenAI's API data usage policy, API inputs are not used to train their models.
- Third-party sharing: Face bounding box coordinates, face detection data, and on-device skin metrics are never shared with any third party. The only data that leaves your device is the photo itself (which contains your face), sent to OpenAI for AI analysis when you actively use that feature. It is processed in real-time and immediately discarded.
- Storage and retention: Face bounding box coordinates and skin metrics are stored locally on-device in the SkinAnalysisResult SwiftData model. They are deleted when you delete the specific analysis result or uninstall the app. No face data is stored on any server.
- No biometric data: Glow Diary does not create face prints, face maps, facial feature templates, or any biometric identifier from your face data. Apple's Vision framework is used only for face region detection (locating where the face is in the image) — not for facial recognition, identification, or any biometric purpose.
6. Where your data lives
- All personal content (habits, photos, logs, skin profile, glow scores) lives on your iPhone, in the app's SwiftData store and Documents directory. If you have iCloud Backup enabled, your data may be included in your encrypted backup, fully under your control.
- AI requests pass through Railway servers and OpenAI servers, both located in the United States. Nothing is written to disk on either system.
- We do not maintain any user database.
7. International data transfers
If you are located outside the United States and use AI features, your input is transferred to and processed in the United States. We rely on the safeguards provided by OpenAI's and Railway's standard data processing terms, which include Standard Contractual Clauses where applicable.
8. Data retention
Because we do not operate a user database:
- On-device data is kept until you delete it manually or uninstall the app.
- AI request data is retained for zero seconds beyond the request lifecycle — no logging, no archival.
- Anonymous analytics events have no expiration but cannot be linked back to you.
9. Your rights
Regardless of where you live, you can:
- Delete all your data instantly by uninstalling Glow Diary from your iPhone.
- Disable all AI features and use the app fully offline.
- Manage or cancel your subscription at any time via iPhone Settings → [your name] → Subscriptions.
- Contact us at bilaliyisoy@gmail.com with any privacy question.
EU / UK residents: You also have the right to access, rectification, erasure, restriction of processing, data portability, and objection under GDPR. Because we hold no personal data on our servers, most of these rights are satisfied automatically — you control all your data on-device.
California residents: Under the CCPA, you have the right to know what personal information is collected, the right to delete it, and the right to opt out of the "sale" of personal information. We do not sell or share personal information for any purpose.
10. Children's privacy
Glow Diary is intended for users aged 13 and over. We do not knowingly collect data from children under 13. If you believe a child has used the app and you would like us to address it, please contact us — though as noted above, we do not maintain any user records to delete.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. Continued use of the app after a change constitutes acceptance of the revised policy.
12. Contact
Privacy questions and data requests: bilaliyisoy@gmail.com