Privacy Policy

Service: glamAI
Effective Date: March 31, 2026

This Privacy Policy explains how glamAI ("we", "us", "our") collects, uses, discloses, and protects your personal data when you use our mobile apps, website, and related services (collectively, the "Service").

1. Information We Collect

We may collect the following categories of information:

• Account Information: name, email address, login identifiers, and profile details.
• User Content: photos, images, prompts, and generated outputs submitted in the Service.
• Payment Data: subscription status, transaction IDs, and billing metadata (processed by app stores/payment providers).
• Technical Data: device identifiers, IP address, app version, language, operating system, and crash logs.
• Usage Data: feature interactions, session events, and analytics signals.
• Biometric Data: facial geometry and related measurements derived from photos you upload for virtual try-on processing. This data is classified as biometric information under applicable state laws (including the Illinois Biometric Information Privacy Act and the CCPA/CPRA).

2. How We Use Information

• Provide, maintain, and improve glamAI features, including AI image generation and virtual try-on capabilities.
• Authenticate users, manage accounts, and provide customer support.
• Process subscriptions and prevent fraud, abuse, and security incidents.
• Analyze performance and usage trends to improve reliability and user experience.
• Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases for Processing (Where Applicable)

• Contract: processing necessary to provide the Service.
• Legitimate Interests: security, analytics, and service improvement.
• Consent: where required (for example, certain marketing communications or biometric data collection).
• Legal Obligation: compliance with applicable laws and lawful requests.

4. AI Processing, Image Data, and Biometric Information

• Photos and prompts you upload may be processed by AI systems to generate requested outputs.
• We may use trusted service providers to process data on our behalf under contractual safeguards.
• We do not knowingly use private user images for advertising without explicit consent.
• Generated outputs may be retained for operational, moderation, and debugging purposes as described in this policy.

Biometric Data Notice: When you use the virtual try-on feature, facial geometry and related biometric measurements may be extracted from photos you upload. We collect this biometric data solely to provide you with virtual try-on results. We will not sell, lease, trade, or otherwise profit from your biometric data. Biometric data is retained only for as long as necessary to fulfill the virtual try-on request and for limited operational purposes (such as debugging and abuse prevention), and in no event longer than three (3) years from your last interaction with the Service, or until you request its deletion, whichever occurs first. Upon expiration of the retention period, biometric data is permanently destroyed. By uploading photos and using the virtual try-on feature, you acknowledge and consent to the collection, use, and storage of biometric data as described in this section.

5. Data Sharing

We may share data with:

• Service Providers: hosting, analytics, payment, customer support, and AI infrastructure vendors.
• Legal/Regulatory Authorities: when required by law, court order, or to protect rights and safety.
• Business Transfers: in connection with merger, acquisition, financing, or sale of assets.

We do not sell personal data in exchange for monetary consideration. We also do not "sell" or "share" personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA), including for purposes of cross-context behavioral advertising. We do not sell, lease, or trade biometric data.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, including legal, accounting, fraud prevention, and dispute resolution requirements. Retention periods may differ by data type and jurisdiction. Biometric data retention is described in Section 4 above.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Where required, we use appropriate safeguards, such as standard contractual clauses or equivalent mechanisms.

8. Security

We implement technical and organizational safeguards to protect personal data, including biometric data, using a standard of care consistent with applicable law. No system is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on your state of residence, you may have the following rights regarding your personal data:

• Right to Know/Access: Request details about the categories and specific pieces of personal data we have collected about you.
• Right to Delete: Request deletion of your personal data, subject to certain legal exceptions.
• Right to Correct: Request correction of inaccurate personal data we maintain about you.
• Right to Portability: Receive your personal data in a portable, readily usable format.
• Right to Opt-Out: Opt out of the sale or sharing of your personal data (see Section 10 below).
• Right to Limit Use of Sensitive Personal Information: Where applicable, direct us to limit use of sensitive personal information to what is necessary for the Service.
• Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment.

To exercise any of these rights, contact us at info@teddosinc.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law (generally 45 days, which may be extended by an additional 45 days where reasonably necessary with notice to you).

You may designate an authorized agent to submit a request on your behalf. If you use an authorized agent, we may require proof that the agent has been authorized to act on your behalf, along with verification of your own identity.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), provides you with additional rights regarding your personal information.

Categories of Personal Information Collected: In the preceding 12 months, we may have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email address, IP address, device identifiers).
• Commercial information (subscription and transaction records).
• Internet or other electronic network activity (usage data, feature interactions, app analytics).
• Biometric information (facial geometry derived from photos for virtual try-on processing).
• Audio, electronic, visual, or similar information (photos and images uploaded by users).
• Inferences drawn from the above categories.

Sale and Sharing: We do not "sell" your personal information as defined by the CCPA, nor do we "share" your personal information for cross-context behavioral advertising purposes. We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.

Sensitive Personal Information: We may collect sensitive personal information, including biometric information (facial geometry from uploaded photos). We use this information only as necessary to provide the virtual try-on features you request and do not use it for purposes beyond what is permitted under the CCPA/CPRA.

Retention: We retain each category of personal information only for as long as reasonably necessary for the purposes described in this policy. Photos and biometric data processed for virtual try-on are retained only as long as needed to deliver results and for the limited operational purposes described in Section 4, unless you request earlier deletion.

Financial Incentives: We do not currently offer any financial incentives or price differences in exchange for the retention or sale of personal information.

"Shine the Light": Under California Civil Code Section 1798.83, California residents may request information about the disclosure of personal data to third parties for direct marketing purposes. We do not disclose personal data to third parties for their direct marketing purposes.

11. Additional US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy laws may have additional or overlapping rights, including:

• The right to confirm whether we are processing your personal data and to access that data.
• The right to correct inaccuracies, delete your data, or obtain a portable copy.
• The right to opt out of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.
• The right to appeal our decision regarding a privacy request by contacting us at info@teddosinc.com with the subject line "Privacy Rights Appeal." If your appeal is denied, you may contact your state attorney general.

We recognize and will process opt-out preference signals (such as the Global Privacy Control) as valid opt-out requests where required by applicable state law.

12. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no universally accepted standard for how online services should respond to DNT signals. We do not currently alter our data collection practices in response to DNT browser signals but will update this policy if a uniform standard is established. You can manage your privacy preferences by contacting us or adjusting your device or browser settings.

13. Children's Privacy

glamAI is not directed to children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children under 13. In compliance with the Children's Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe a child has provided personal data to us, please contact us at info@teddosinc.com so we can take appropriate action.

14. Third-Party Services

Our Service may link to or integrate with third-party platforms. Their privacy practices are governed by their own policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will post the updated version and update the effective date. Material changes may be notified through the Service or by other means as required by law.

16. Contact Us

For privacy questions or requests:
Email: info@teddosinc.com
Company: Teddos, Inc
Address: 1065 SW 8th St. PMB 5251, Miami, Florida, 33130, United States