Privacy Policy

1. Who We Are

GlamVault is operated by XTC-TEK, an AI application studio based in Hamburg, Germany. For any privacy-related questions, contact us at info@xtc-tek.com.

2. What Data We Collect

When you use GlamVault, we may collect the following types of information:

• Account Information: Your name, email address, and profile picture when you sign in with Google Sign-In.
• Selfie Photos: The photos you upload or capture through the app to use as the base for your style transformations. These are uploaded to our secure server for processing.
• Generated Images: The AI-generated images created based on your selfies and selected styles. These are stored in your personal vault.
• Style Preferences: Your saved styles, favorites, and vault collections.
• Purchase Data: Records of credits purchased through Stripe, including transaction IDs and timestamps (we do not store your full payment card details — Stripe handles all payment processing).
• Usage Data: Anonymous analytics about app usage, feature interactions, and error logs to help us improve the app.

3. How We Use Your Data

We use your data exclusively to provide and improve the GlamVault service:

• To create AI-generated style transformations using your selfies
• To store your generated images in your personal vault for later access
• To manage your account, credits, and purchases
• To display your style history and favorites
• To communicate with you about your account or app updates
• To debug issues and improve the app experience

We do not use your images for any purpose other than creating your requested style transformations. We do not use your photos to train AI models.

4. AI Processing & Third-Party Services

To generate your style transformations, your selfie photos are transmitted to the following third-party AI service:

• Google Gemini API — Your selfie and selected style parameters are sent to Google's Gemini AI for image generation. Google processes this data in accordance with their API Terms of Service. Google does not use your data to train or improve their models.

Other third-party services we use:

• Google Sign-In — For account authentication. Google's privacy policy applies to the sign-in process.
• Stripe — For payment processing. Stripe handles all payment information securely. See Stripe's Privacy Policy.

5. Data Storage & Security

All your data — including account info, selfies, generated images, and preferences — is stored on secure servers hosted by DigitalOcean in the European Union (Frankfurt, Germany).

We implement industry-standard security measures:

• All data transmissions are encrypted via HTTPS/TLS
• Images are stored securely with access controls
• Authentication uses industry-standard JWT tokens
• Passwords are hashed using bcrypt

6. Data Retention

We retain your data for as long as your account is active. If you delete your account:

• All your selfie photos are permanently deleted
• All your generated images are permanently deleted
• Your account information and preferences are permanently deleted
• Purchase records may be retained as required by tax and accounting laws

You can delete your account at any time from within the app (Profile → Settings → Delete Account), or by contacting us at info@xtc-tek.com.

7. Your Rights (GDPR)

As GlamVault is operated from Germany, you have the following rights under the EU General Data Protection Regulation (GDPR):

• Right of Access: You can request a copy of all personal data we hold about you.
• Right to Rectification: You can correct any inaccurate personal data.
• Right to Erasure: You can request deletion of all your personal data ("right to be forgotten").
• Right to Restrict Processing: You can limit how we process your data.
• Right to Data Portability: You can receive your data in a structured, machine-readable format.
• Right to Object: You can object to the processing of your personal data.

To exercise any of these rights, email us at info@xtc-tek.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

8. Children's Privacy

GlamVault is not intended for use by children under the age of 13 (or 16 in certain EU jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Permissions We Use

The GlamVault Android app requests the following permissions:

• Internet & Network Access: Required for all app functionality — API calls, image upload/download, AI generation, and authentication.
• Camera (optional): Only when you choose to take a new selfie photo within the app.
• Photo Library (optional): Only when you choose to upload an existing photo from your device.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" at the top of this page and notify you through the app or via email for significant changes. Continued use of GlamVault after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how your data is handled, please reach out:

📧 info@xtc-tek.com
🏢 XTC-TEK, Hamburg, Germany