Glo
Privacy Policy
We are gtfol, LLC ("Company," "we," "us," "our"), a company registered in Delaware, United States at 131 Continental Dr, Suite 305, Newark, DE 19713.
We operate Glo, accessible from https://gloskin.app, the mobile application Glo (the "App"), as well as any other related products and services that refer or link to these legal terms (the "Legal Terms") (collectively, the "Services").
You can contact us by email at team@gtfol.inc, or by mail to our business address at 1950 Washington Street, Apt 3A, Boston, MA 02118, United States.
At Glo, one of our main priorities is the privacy of our visitors. This Privacy Policy describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
- Download and use our mobile application (Glo), or any other application of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
Consent
By using our website, you hereby consent to our Privacy Policy and agree to its terms.
1. What Information Do We Collect?
Personal Information You Disclose to Us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
- Face data (e.g., selfies).
To provide accurate skin analysis, we utilize a third-party service, OpenAI, to process the face data from your selfies. OpenAI does not retain any of this data during the process. For further details on how your data is handled by OpenAI, please review the OpenAI Enterprise Privacy Policy.
Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by Apple. You may find their privacy notice link(s) here: Apple Payments Privacy Notice.
Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s contacts, camera, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information Automatically Collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.
The information we collect includes:
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports, and hardware settings).
2. How Do We Process Your Information?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with the law.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
3. What Legal Bases Do We Rely On To Process Your Information?
In Short: We only process your personal information when we believe it is necessary, and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations.
- Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
4. When and With Whom Do We Share Your Personal Information?
In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.
Vendors, Consultants, and Other Third-Party Service Providers.
We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. They cannot share your information without our consent and must protect it as per our terms.
Categories of third parties we may share personal information with include:
- Data Analytics Services
- Data Storage Service Providers
We may also need to share your personal information in specific situations, such as business transfers or compliance with legal obligations.
5. What Is Our Stance on Third-Party Websites?
In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services.
The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties not affiliated with us. We cannot guarantee the privacy or security of data you provide to third parties.
6. Is Your Information Transferred Internationally?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States. If you are accessing our Services from outside the U.S., please be aware that your information may be transferred and processed by us in the U.S. and other countries.
7. How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice, up to a maximum of one year, unless otherwise required by law.
We will keep your personal information only for as long as necessary for legitimate business purposes.
8. How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.
9. Do We Collect Information From Minors?
In Short: We do not knowingly collect data from or market to children under 13 years of age.
We do not knowingly collect any Personal Identifiable Information from children under 13. If we learn that such information has been collected, we will delete it.
10. What Are Your Privacy Rights?
In Short: In some regions, such as the EEA, UK, Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing Your Consent
If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting Out of Marketing and Promotional Communications
You can unsubscribe from our marketing and promotional communications at any time by replying “STOP” or “UNSUBSCRIBE” to the SMS messages that we send, or by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
If you have questions or comments about your privacy rights, you may email us at team@gtfol.inc.
11. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
12. Do United States Residents Have Specific Privacy Rights?
In Short: If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you are granted specific rights regarding access to your personal information.
We have collected and disclosed the following categories of personal information for business or commercial purposes in the preceding twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name | YES |
| B. Personal information as defined in the California Customer Records statute | Name, contact information, education, employment, employment history, and financial information | YES |
| C. Protected classification characteristics under state or federal law | Gender and date of birth | NO |
| D. Commercial information | Transaction information, purchase history, financial details, and payment information | NO |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other similar network activity | Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements | NO |
| G. Geolocation data | Device location | YES |
| H. Audio, electronic, visual, thermal, olfactory, or similar information | Images and audio, video or call recordings created in connection with our business activities | NO |
| I. Professional or employment-related information | Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | NO |
| J. Education Information | Student records and directory information | NO |
| K. Inferences drawn from collected personal information | Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | YES |
| L. Sensitive personal Information | Face data, selfies | YES |
We use the collected personal information for the purposes outlined in this privacy notice and retain it as long as necessary to provide our services.
CCPA Privacy Rights
This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the following rights:
- Right to request deletion of your data
- Right to request information about what data we collect
- Right to non-discrimination for exercising your CCPA rights
To exercise these rights, please contact us at team@gtfol.inc.
13. Do Other Regions Have Specific Privacy Rights?
In Short: You may have additional rights based on the country you reside in.
We collect and process personal information under the obligations and conditions set by various privacy laws, including Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020.
You can request access to, correction of, or deletion of your personal information by contacting us. If you believe we are unlawfully processing your personal information, you have the right to submit a complaint to the relevant authorities in your country.
14. Do We Make Updates to This Notice?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you by prominently posting a notice of such changes or by sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
15. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at team@gtfol.inc or contact us by post at:
gtfol, LLC
1950 Washington St Apt 3A
Boston, MA 02118
United States
16. How Can You Review, Update, or Delete the Data We Collect From You?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us.