Privacy Policy

1. Who We Are

Glowwry is a technology-enabled beauty and wellness platform operated by Ironage Technologies Private Limited, a company incorporated under the Companies Act, 2013, with its registered office in Bhubaneswar, Odisha, India.

Glowwry connects customers with verified beauty professionals for at-home and in-salon services. Our platform is accessible via our website at glowwry.com and mobile applications available on the Google Play Store and Apple App Store.

For the purposes of applicable data protection law, including the Digital Personal Data Protection Act, 2023 (DPDPA) of India, Ironage Technologies Private Limited is the Data Fiduciary responsible for the personal data collected through the Glowwry platform.

2. Data We Collect

We collect information that you provide directly, information generated through your use of the platform, and information received from third-party services.

2.1 Information You Provide

• Account data: Full name, mobile number, email address, and password (or social login token) when you register.
• Profile data: Profile photo, gender, date of birth, skin type or beauty preferences (if voluntarily provided).
• Booking data: Service selections, appointment dates and times, service location address, special instructions.
• Payment data: Payment method details processed via Razorpay (we do not store full card numbers; only transaction references are retained).
• Communication data: Messages sent through our in-app chat, support enquiries, feedback, and reviews.
• Partner/professional data: For service providers — business name, GST number, bank account details for payouts, professional certifications, and government-issued ID for verification.

2.2 Information We Collect Automatically

• Device data: Device type, operating system, unique device identifiers, app version.
• Usage data: Pages visited, services browsed, bookings made, time spent, click patterns, and search queries within the platform.
• Location data: Approximate or precise location (with your permission) to show nearby services and enable live tracking of service professionals.
• Log data: IP address, browser type, referring URL, access times, and error logs.

2.3 Information From Third Parties

• Facebook / Meta: If you use Facebook Login, we receive your public profile information including name, email address, and profile picture as permitted by your Facebook privacy settings and the permissions you grant. See Section 3 for details.
• Google: If you use Google Sign-In, we receive your name, email address, and profile photo from your Google account.
• Razorpay: Payment status and transaction identifiers from our payment processing partner.

3. Facebook Login & Meta Platform Data

Glowwry offers "Continue with Facebook" as a convenient sign-in option, powered by the Meta (Facebook) Login product. This section explains exactly how Facebook data is used on our platform in accordance with Meta Platform Policy.

3.1 Permissions We Request

• public_profile — your name, profile picture, and user ID.
• email — your email address associated with your Facebook account.

We do not request access to your friends list, timeline, posts, messages, photos, or any other Facebook data beyond those listed above.

3.2 How We Use Facebook Data

• To create or log in to your Glowwry account without a separate password.
• To pre-fill your name and email during the registration process.
• To display your profile picture within the Glowwry app.

Facebook data is never used for advertising, re-targeting, or sold to third parties.

3.3 Data Storage & Deletion

We store only the data fields listed in 3.1 above. We do not cache or store your Facebook access token beyond the authenticated session. If you delete your Glowwry account, all associated Facebook-derived data is permanently deleted within 30 days. You may also revoke Glowwry's access to your Facebook account at any time from your Facebook Settings → Apps and Websites.

3.4 Compliance with Meta Platform Policy

Our use of Facebook Login complies with the Meta Platform Terms and Meta Platform Policies. We do not transfer Facebook-received data to data brokers, advertising networks, or analytics companies.

4. How We Use Your Data

We process personal data for the following purposes and on the following legal bases:

4.1 Service Delivery (Contractual Necessity)

• Processing and managing your bookings and appointments.
• Connecting you with the appropriate service professional.
• Sending booking confirmations, reminders, and receipts.
• Enabling live tracking of your service professional en route.
• Processing payments and managing refunds.

4.2 Platform Improvement (Legitimate Interest)

• Analysing usage patterns to improve app performance and user experience.
• Detecting and preventing fraud, spam, and abuse.
• Troubleshooting technical issues.
• Training AI-powered beauty recommendation features.

4.3 Communication (Consent / Contractual)

• Sending service-related notifications (booking updates, cancellations).
• Responding to your enquiries and support requests.
• Sending promotional offers and newsletters — only with your explicit consent and subject to your opt-out rights.

4.4 Legal Compliance

• Complying with applicable laws, tax obligations, and regulatory requirements in India.
• Responding to lawful requests from government authorities.

5. Sharing & Disclosure

We do not sell your personal data. We share data only as described below:

5.1 Service Professionals

When you book a service, we share your name, booking address, appointment time, and selected service with the assigned beauty professional. We do not share your payment details or social login information with service professionals.

5.2 Technology Partners (Data Processors)

• Firebase (Google LLC) — Authentication, real-time database, cloud storage, and push notifications.
• Razorpay Software Private Limited — Payment processing. Governed by Razorpay's own privacy policy and PCI-DSS compliance.
• Google Maps Platform — Location services and route mapping.
• Meta Platforms, Inc. — Facebook Login authentication.
• Anthropic PBC — AI-powered beauty advisor features (data is anonymised before transmission).

5.3 Legal Requirements

We may disclose your data to courts, law enforcement, or regulatory authorities when required by Indian law or valid legal process, or to protect the rights, property, or safety of Glowwry, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify affected users before any such transfer and ensure the successor commits to this privacy policy.

6. Cookies & Tracking Technologies

Our website uses the following types of cookies and similar technologies:

• Essential cookies: Required for the website and booking system to function correctly. Cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). Anonymised data only. You may opt out via your browser settings.
• Facebook Pixel: Used to measure the effectiveness of Facebook ads (if applicable). No personal data is shared with Meta beyond standard Pixel events. You may opt out via the Meta Ad Preferences tool.
• Preference cookies: Remember your settings, language, and service filters.

You can control cookies through your browser settings. Disabling non-essential cookies will not affect your ability to book services.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

• Account data: Retained for the duration of your account and for 3 years after deletion, unless a longer period is required by law (e.g., GST records).
• Booking & transaction records: 7 years from the date of transaction, as required under Indian tax and commercial law.
• Support communications: 2 years from resolution.
• Analytics data: Aggregated, anonymised data retained indefinitely; individual-level data deleted after 24 months.
• Facebook-derived data: Deleted within 30 days of account deletion or upon written request.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 (India) and other applicable laws, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to Grievance Redressal: File a complaint with our Data Protection Officer or with the Data Protection Board of India.
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time by unsubscribing or contacting us. This does not affect the lawfulness of processing before withdrawal.
• Right to Nominate: Nominate another person to exercise your data rights on your behalf in the event of death or incapacity.

To exercise any of these rights, please email privacy@glowwry.com. We will respond within 30 days. Identity verification may be required before processing your request.

9. Data Security

We implement industry-standard technical and organisational measures to protect your personal data:

• All data is transmitted over HTTPS/TLS encrypted connections.
• Passwords are hashed using bcrypt; we never store plaintext passwords.
• Firebase Security Rules restrict data access to authenticated users and their own records.
• Payment data is handled exclusively by Razorpay under PCI-DSS Level 1 compliance.
• Access to production systems is restricted to authorised personnel and logged.
• Regular security reviews and vulnerability assessments are conducted.

While we take all reasonable precautions, no system is completely immune to security risks. In the event of a data breach affecting your rights, we will notify you and relevant authorities in accordance with applicable law.

10. Children's Privacy

Glowwry's services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal data from persons under 18 years of age.

If you are a parent or guardian and believe that a minor has provided personal data to us without your consent, please contact us immediately at privacy@glowwry.com. We will take prompt steps to delete such data.

Our Facebook Login integration is configured to comply with Meta's policies regarding minors and is not directed at users under the age of 13.

11. Third-Party Links

Our platform may contain links to third-party websites, social media pages, or payment portals. This Privacy Policy applies only to Glowwry's own platform. We are not responsible for the privacy practices of external websites and encourage you to read their privacy policies before providing any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or product features. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Send an in-app notification or email to registered users.
• Require re-consent for any new processing activities that require consent.

Continued use of the Glowwry platform after the effective date of a revised policy constitutes your acceptance of the changes.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact our Data Protection Officer:

For Facebook-specific data deletion requests, please include "Facebook Data Deletion Request" in the subject line. We will process and confirm deletion within 30 days.

Related documents:   Data Deletion Instructions  |  Terms of Service