GlowMD · Legal

Biometric Data Consent

Last updated: April 22, 2026

This document explains, in plain language, how GlowMD processes the facial images you upload and what you are being asked to consent to. Under Article 9 of the General Data Protection Regulation (GDPR), facial images used for identification or analysis are special category ("sensitive") personal data, and we cannot process them without your explicit consent.

What you are consenting to

By accepting, you authorize Aesthetic Studio Creator S.R.L. (the "data controller") to:

  1. Receive and store the facial photographs you choose to upload (frontal view, left profile, right profile, and optional neck/décolletage view);
  2. Transmit those images to our AI analysis pipeline in order to produce a personalized skin analysis (detection of zones of concern, estimated skin age, severity scoring);
  3. Store the original photographs, the derived analysis, and the associated metadata on secure servers located inside the European Union (Supabase, EU region, AES-256 encryption at rest, TLS 1.3 in transit);
  4. Keep a timestamped record of your consent for audit and compliance purposes.

What we will NOT do with your images

  • We will not sell your images or analyses to any third party, data broker, advertiser, or marketplace.
  • We will not use your images to train AI models. No public or proprietary model is trained on GlowMD user photos.
  • We will not use your images in marketing, advertising, social media, or promotional materials — not even anonymized or with consent overlays.
  • We will not share your images with anyone outside the processors listed in our Privacy Policy. No friends, family, insurers, employers, or public authorities, except where required by law.
  • We will not match your face across databases or attempt to identify you from external sources.

Your rights

You can exercise the following rights at any time, free of charge:

| Right | How to use it | |---|---| | Access the images and analyses we hold about you | Email privacy@glowmd.io | | Rectify incorrect information | Email privacy@glowmd.io | | Delete your facial data (and analyses derived from it) | Use "Clear my data" in your profile, or email us | | Withdraw this consent at any time | Same as delete — withdrawal stops future processing | | Restrict or object to specific processing | Email privacy@glowmd.io | | Data portability — receive your data in JSON | Email privacy@glowmd.io | | Lodge a complaint | Romanian DPA (ANSPDCP) — www.dataprotection.ro |

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Retention

  • Photographs: Automatically deleted 12 months after you delete your GlowMD account, unless you ask for earlier deletion (processed within 30 days of request).
  • Derived analyses (numeric scores, zone labels): Retained for the same period as photographs, then permanently deleted.
  • Consent record (timestamp of this consent): Retained for 3 years after consent withdrawal to demonstrate compliance with GDPR audit requirements.

Legal basis

  • GDPR Art. 9(2)(a) — explicit consent for processing special categories of personal data.
  • For users located in Illinois (USA), processing is also conducted under the Biometric Information Privacy Act (BIPA), 740 ILCS 14/.
  • For users located in California (USA), processing falls within the scope of the California Consumer Privacy Act (CCPA); "sensitive personal information" rights apply. See our Privacy Policy for CCPA-specific rights (opt-out of sale/share, limit use).

Consent checkbox text

When you accept this consent in the application, you will see the following statement:

I have read and understood the Biometric Data Consent. I explicitly consent to GlowMD processing my facial images for personalized skin analysis. I understand I can withdraw this consent at any time.

Your consent is recorded with a timestamp (consent_biometric_given_at) in the profiles table associated with your user account.

Contact

For any question related to how we process your facial data, or to exercise your rights, contact our privacy team: privacy@glowmd.io

Aesthetic Studio Creator S.R.L. (Data Controller) B-dul Decebal, Nr. 12, Camera 1, Bl. S7, Sc. 1, Et. 5, Ap. 15, Sector 3, București, România CUI: RO45931173 · J: J40/6657/2022