Privacy Policy — GlowdUp

Last updated: 19 May 2026

    GlowdUp is available globally. This policy complies with the
    Protection of Personal Information Act (POPIA) — South Africa,
    the General Data Protection Regulation (GDPR) — European Union / EEA,
    and the California Consumer Privacy Act (CCPA/CPRA) — United States.
    Relevant sections are labelled
    POPIA
    GDPR
    CCPA.
  

1. Who we are

GlowdUp is a skincare analysis application operated by LifeReady ZA (the "Controller" under GDPR / the "Business" under CCPA / the "Responsible Party" under POPIA).

Contact: privacy@lifereadyza.co.za
Website: https://glowdup.lifereadyza.com

We do not have a formal EU/EEA establishment. EU/EEA users may direct inquiries to the contact address above; we will respond within the timeframes required by GDPR.

2. Information we collect

Category	Examples	Purpose	Legal basis (GDPR)
Account identifiers	Phone number, device ID	Account creation & authentication via WhatsApp OTP	Contract performance
Profile data	Name, date of birth, skin type, concerns	Personalise your experience	Consent (you fill it in voluntarily)
Biometric / health-adjacent data	Selfie photos submitted for analysis	Generate skin-analysis scores	Explicit consent (required before each scan)
Scan results	Skin scores, concern metrics, skin-age estimate	Show history & trends in-app	Contract performance
Payment information	Order reference, amount, payment status	Process credit purchases	Contract performance
Push subscription token	Browser push endpoint & keys	Deliver scan & payment notifications (opt-in only)	Consent
Referral data	Referral code, visit timestamp	Attribute referrals; no PII shared with referrer	Legitimate interest
Usage data	Feature usage, app version, error logs	Improve reliability and user experience	Legitimate interest

We do not collect precise GPS location, browsing history, or advertising identifiers. We do not sell your personal information.

3. How we use your information

Provide and operate the skin-analysis service.
Display your scan history and score trends.
Send scan-result and payment-confirmation notifications (WhatsApp and/or push — opt-in only).
Process payments and credit top-ups.
Improve app performance and fix errors.
Comply with legal obligations.

4. Third-party services

Perfect Corp (YouCam) — processes your selfie to generate skin-analysis scores. Images are transmitted securely and are not retained by Perfect Corp after analysis is complete. Their processing is governed by Perfect Corp's Privacy Policy.
WHAPI — delivers WhatsApp messages on our behalf. Your phone number is shared only to the extent required to send messages.
Paystack — handles payment processing. We do not store card or banking details. Governed by Paystack's Privacy Policy.

All third-party processors are bound by data-processing agreements and are required to handle your data in accordance with applicable privacy laws.

5. International data transfers GDPR

Our servers are located in Germany (Hetzner Cloud). Skin-analysis processing by Perfect Corp may involve transfers to servers outside the EEA. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) or the recipient's adequacy decision to ensure your data receives equivalent protection.

6. Data retention

We retain your account data and scan history for as long as your account is active. Push-notification tokens are deleted when you disable notifications in the app or when the token is reported as expired by the push service. Anonymised, aggregated statistics may be retained indefinitely.

Upon account deletion or an erasure request, personal data is permanently deleted within 30 days.

7. Your privacy rights

All users

Access — request a copy of the data we hold about you.
Correction — request that inaccurate data be corrected.
Deletion / Erasure — request permanent deletion of your data.
Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

EU / EEA residents GDPR

In addition to the above, you have the right to:

Data portability — receive your data in a structured, machine-readable format.
Restrict processing — ask us to pause processing while a dispute is resolved.
Object — object to processing based on legitimate interest.
Lodge a complaint with your local EU/EEA data-protection supervisory authority (e.g. find your authority here).

South African residents POPIA

All rights in §23 of POPIA apply, including the right to complain to the Information Regulator of South Africa (inforegulator.org.za).

California residents CCPA

Right to know — the categories and specific pieces of personal information collected about you.
Right to delete — request deletion of personal information we have collected.
Right to correct — request correction of inaccurate personal information.
Right to opt-out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising. No opt-out mechanism is required, but you may contact us to confirm.
Right to non-discrimination — we will not discriminate against you for exercising any CCPA right.

To exercise any of these rights, use the "Delete My Data" option in the app (More → Privacy → Delete My Data) or email privacy@lifereadyza.co.za. We will respond within 30 days (or within 45 days for CCPA requests where an extension is needed, with notice).

8. We do not sell your personal information CCPA

GlowdUp does not sell, rent, or share your personal information with third parties for their own marketing or advertising purposes. We do not engage in cross-context behavioural advertising.

9. Notifications

GlowdUp may send notifications via WhatsApp and/or browser push. You can opt out at any time using the Notifications toggle in the app (More → Notifications) or by revoking permission in your device settings. Opting out does not affect your ability to use the app.

10. Security

All data is transmitted over HTTPS (TLS 1.2+). Your account is protected by WhatsApp OTP verification. Skin photos are not stored beyond what is needed to produce your analysis report. We apply industry-standard controls to protect data from unauthorised access, disclosure, or loss.

11. Children's privacy

GlowdUp is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 (or under 16 where required by local law). If you believe a child has provided personal information without parental consent, please contact privacy@lifereadyza.co.za and we will delete it promptly.

12. Cookies and local storage

GlowdUp is a Progressive Web App and does not use advertising or tracking cookies. We use browser localStorage and sessionStorage solely to store your session token, scan history cache, and app preferences on your own device. This data never leaves your device unless explicitly sent to our API as part of normal app operation.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. For material changes we will notify users via an in-app notice. Continued use of the app after an update constitutes acceptance of the revised policy.

14. Contact & complaints

LifeReady ZA — Privacy
privacy@lifereadyza.co.za
https://glowdup.lifereadyza.com

EU/EEA users may also lodge a complaint with their national supervisory authority. South African users may contact the Information Regulator at inforegulator.org.za. California users may contact the California Privacy Protection Agency at cppa.ca.gov.