Privacy Policy — AI GlowUp
Effective Date: February 19, 2026 · Last Updated: February 19, 2026
AI GlowUp (“the App,” “we,” “us,” or “our”) is operated by Arka AI. This Privacy Policy describes how we collect, use, store, share, and protect your information when you use the AI GlowUp mobile application.
By using AI GlowUp, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
1. Overview of the Service
AI GlowUp is a profile photo optimization app that analyzes photos for quality, composition, and effectiveness across dating, professional, and social contexts. The App provides scoring, actionable coaching tips, multi-photo ranking, and optional AI-generated photo enhancements. The App evaluates photo quality and presentation — it does not rate attractiveness, perform facial recognition, or identify individuals.
2. Information We Collect
2.1 Photos and Image Data
When you use the App's analysis, ranking, or enhancement features, you select photos from your device's Photo Library (via Apple's PhotosUI framework) or capture a photo using your device's camera. Before transmission, photos are:
- •Compressed on-device (resized to a maximum of 1200px on the longest edge at 0.8 JPEG quality)
- •Stripped of EXIF metadata (location, camera details, timestamps)
- •Converted to Base64 format for secure transmission
2.2 On-Device Photo Analysis
Before any data leaves your device, the App uses Apple's on-device Vision framework (VNDetectFaceRectanglesRequest) solely to detect whether a face is present in the selected photo and to assess basic composition metrics (blur detection, brightness). This processing:
- •Runs entirely on your device
- •Does not extract facial geometry, landmarks, or biometric identifiers
- •Does not transmit any data to our servers or third parties
- •Is used only to provide an instant preview score and validate that the photo contains a face
2.3 Account and Device Information
- •Device identifier: A unique, anonymous device ID used for rate limiting and associating your data with your account
- •Apple subscription ID: If you subscribe to AI GlowUp Pro, your Apple subscription identifier is stored to verify your entitlement
- •Sign in with Apple: If you sign in, we receive only the name and anonymized email relay provided by Apple
2.4 Usage Data
We collect basic usage metadata including:
- •Feature usage (number of analyses, rankings, and enhancements performed)
- •Timestamps of requests (for daily quota enforcement)
- •Error logs and performance metrics (for service improvement)
We do not collect location data, contacts, browsing history, or any information unrelated to the App's core functionality.
3. Face Data — Collection, Use, and Handling
This section specifically addresses how the App handles face data, in compliance with Apple's requirements.
3.1 What Face Data Does the App Collect?
The App does not collect face data or biometric identifiers.
- •On-device: Apple's Vision framework is used solely to detect whether a face is present in a photo (a bounding rectangle) and to assess photo composition. No facial geometry, facial landmarks, faceprint, or biometric data is extracted, stored, or transmitted.
- •Server-side: User photos are sent to our server for AI-powered photo quality analysis. The AI models evaluate photo-level attributes — lighting, sharpness, framing, background, expression clarity, and overall presentation. The AI does not perform facial recognition, generate facial templates, extract biometric identifiers, or attempt to identify individuals.
3.2 How Face Data Is Used
The limited on-device face detection is used exclusively to:
- Confirm that the selected photo contains a face (required for meaningful analysis)
- Assess basic composition (face positioning within the frame)
- Provide an instant on-device preview score before server-side analysis
The server-side AI analysis evaluates:
- •Photo quality traits: lighting, sharpness, clarity, background, framing
- •Presentation signals: approachability, confidence, trust, expression clarity
- •Contextual effectiveness: how the photo performs for dating, professional, or social profile use
- •Actionable improvements: specific coaching tips ranked by impact
At no point is face data used for identification, authentication, tracking, surveillance, or any biometric purpose.
3.3 Face Data Sharing with Third Parties
User photos (which may contain faces) are transmitted to the following third-party AI services for processing:
| Service | Provider | Purpose |
|---|---|---|
| OpenRouter | OpenRouter, Inc. | API routing proxy for AI model access |
| Google Gemini (2.0 Flash, 2.5 Flash) | Google LLC | Primary AI model for photo analysis, content moderation, and image enhancement generation |
| GPT-4o / GPT-4o-mini | OpenAI, Inc. | Fallback AI models for photo analysis |
These services process photos in real-time to generate analysis results. Per their respective data processing agreements:
- •Photos are processed transiently and are not retained by these providers for model training or other purposes beyond fulfilling the API request
- •No facial recognition or biometric processing is performed by these services on our behalf
We do not sell, rent, or share face data or user photos with any other third parties.
3.4 Face Data Storage
- •Original user photos are not stored on our servers. Photos are held in server memory only for the duration of the API request (typically a few seconds) and are discarded after processing.
- •AI-generated enhancement images (not the user's original photos) are stored in our database so users can retrieve their generated variants. These are AI-created images, not copies of the original photo.
- •Analysis results (numerical scores, text-based coaching tips) are stored in our database. These results contain no image data.
- •On-device: Thumbnails and analysis results are cached locally on your device (maximum 20 entries) for your convenience.
3.5 Face Data Retention
| Data Type | Retention Period | Storage Location |
|---|---|---|
| Original user photos | Not retained — processed in memory only | Server (transient) |
| On-device face detection data | Not retained — processed in memory only | Your device (transient) |
| AI analysis results (scores, text) | Until account deletion | Our database (Neon Postgres on Vercel) |
| AI-generated enhancement images | Until account deletion | Our database (Neon Postgres on Vercel) |
| On-device thumbnails and results | Until you clear history or delete the app | Your device |
4. How We Use Your Information
We DO:
We DO NOT:
5. Content Moderation
Before processing, all uploaded photos are screened by an automated content moderation system (powered by Google Gemini) to detect and reject explicit, suggestive, violent, or otherwise inappropriate content. This moderation:
- •Runs on our server before AI analysis begins
- •Rejects photos classified as inappropriate
- •Does not store rejected images
6. Data Security
We implement the following security measures to protect your data:
- •Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
- •Request authentication: API requests are signed with HMAC-SHA256 to prevent unauthorized access
- •Rate limiting: Per-user rate limits prevent abuse
- •EXIF stripping: Photo metadata (location, camera details) is removed on-device before transmission
- •Image compression: Photos are compressed on-device to minimize data exposure during transit
- •Content moderation: Automated screening rejects inappropriate content
7. Third-Party Services
The App uses the following third-party services:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| OpenRouter | OpenRouter, Inc. | AI model API proxy | Compressed photos (Base64), analysis prompts |
| Google Gemini | Google LLC | Photo analysis, content moderation, image generation | Compressed photos (Base64), analysis prompts |
| OpenAI GPT-4o | OpenAI, Inc. | Fallback photo analysis | Compressed photos (Base64), analysis prompts |
| Vercel | Vercel, Inc. | Backend hosting | API requests and responses |
| Neon | Neon, Inc. | Database hosting | Analysis results, account data (no original photos) |
| Apple StoreKit | Apple Inc. | In-app purchases and subscriptions | Subscription status |
| RevenueCat | RevenueCat, Inc. | Subscription management | Apple subscription ID, entitlement status |
Each third-party service is governed by its own privacy policy. We encourage you to review them.
8. Your Rights and Controls
8.1 Delete All Data
You can delete all your data at any time by navigating to Account → Delete My Data in the App. This permanently deletes:
- •Your user account
- •All analysis history and results
- •All generated enhancement images
- •All usage logs
- •All subscription and credit records
Deletion is immediate and irreversible. Data is removed via cascading deletion from our database.
8.2 Clear Local History
You can clear locally cached thumbnails and results by navigating to Settings → Clear Local History.
8.3 Photo Library Access
The App uses Apple's PhotosUI limited library access, meaning you choose exactly which photos to share with the App. The App cannot access your full Photo Library without your explicit selection.
8.4 Withdraw Consent
The AI Data Disclosure consent you provide before first use can be effectively withdrawn by deleting your data and ceasing to use the App's analysis features.
9. Children's Privacy
AI GlowUp is not intended for children under 17. We do not knowingly collect information from children under 17. If we become aware that we have collected data from a child under 17, we will promptly delete it.
10. Data Transfers
Your data may be processed in the United States and other countries where our third-party service providers operate. By using the App, you consent to the transfer of your information to these jurisdictions.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last Updated” date at the top of this page. Your continued use of the App after changes constitutes acceptance of the updated policy.
12. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- •Know what personal information we collect and how it is used
- •Request deletion of your personal information
- •Opt out of the sale of personal information (we do not sell personal information)
To exercise these rights, use the in-app deletion feature or contact us at the address below.
13. European Privacy Rights (GDPR)
If you are located in the European Economic Area, you have additional rights including:
- •Access to your personal data
- •Rectification of inaccurate data
- •Erasure of your data ("right to be forgotten")
- •Restriction of processing
- •Data portability
- •Objection to processing
Our legal basis for processing your data is your explicit consent (provided via the AI Data Disclosure screen) and the performance of our contract with you (providing the App's services).
To exercise these rights, use the in-app deletion feature or contact us at the address below.
14. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Arka AI
support@arka-ai.com15. Summary of Key Points
| Question | Answer |
|---|---|
| Do you collect face data or biometrics? | No. We detect face presence on-device only. No biometric data is extracted. |
| Are photos stored on your servers? | No. Original photos are processed in memory and discarded. |
| Who processes the photos? | Google Gemini (primary), OpenAI GPT-4o (fallback), via OpenRouter. |
| Is facial recognition performed? | No. Analysis focuses on photo quality, not identity. |
| Can I delete my data? | Yes. Account → Delete My Data removes everything immediately. |
| How long is data retained? | Analysis results are kept until you delete your account. Original photos are never stored. |