GLOW Privacy Policy


Effective date: July 10, 2026 Last updated: July 10, 2026 Applies to: the GLOW mobile application (iOS), the GLOW websites and web-billing pages, and related services (collectively, the "Service").

This Privacy Policy explains how Glow ("Glow," "we," "us," or "our") collects, uses, discloses, and safeguards personal information when you use the Service. Please read it together with the sibling documents referenced throughout, in particular the Terms of Service, the Coins Terms, the Creator Agreement, the Biometric Data Consent & Retention Schedule, the Community Guidelines & Safety Policy, and the Modeling Marketplace Terms.


1. Scope, Roles, and Important Limits

1.1 Who we are. Glow is a Canadian company and is the organization responsible for (the "controller" / "person accountable for") personal information handled through the Service, except where this Policy states that a third party acts on its own behalf.

1.2 Age restriction. The Service is strictly 18+. It is not directed to, and we do not knowingly collect personal information from, anyone under 18. See Section 12 (Age Restriction and No Minors).

1.3 Geographic scope. The Service is offered worldwide except in the European Union / European Economic Area at launch, and except in jurisdictions where adult-oriented streaming is illegal or where provision would violate sanctions or export-control law. We use location signals to geo-block such jurisdictions.

1.4 GDPR out of scope at launch. Because the Service is not offered in the EU/EEA at launch, this Policy is not drafted to satisfy the EU General Data Protection Regulation (GDPR) or the UK GDPR. It is designed to align with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the California Consumer Privacy Act, as amended by the CPRA (the "CCPA"), and to reflect other applicable North American privacy requirements. If we later launch in the EU/EEA, we will publish a separate or supplemented notice.

1.5 This Policy is not a contract for services. Your use of the Service is governed by the Terms of Service and, for Creators, the Creator Agreement. This Policy describes our privacy practices.


2. Defined Terms

Capitalized terms not defined here have the meaning given in the Terms of Service.


3. Summary of What We Collect and Why

The table below is a plain-language summary. Sections 4–7 give the detail. Section 8 explains disclosures.

CategoryExamplesPrimary purposes
Account & profileUsername, display name, email, password/credential, profile photo, bio, birthdate/age signalCreate and secure your account; enforce 18+ rule; provide the Service
Identity & biometric (Creators; some Viewers for age assurance)Government ID images, liveness/face scan, verification result, Biometric ReferenceAge verification; identity verification; one-face-one-account ban index; fraud and safety; legal compliance
Transaction (Viewers)Coin purchases via Apple IAP, spend history (gifts, paid DMs, private minutes)Deliver purchased features; support; fraud prevention; recordkeeping
Payout (Creators)Bank/PayPal/wire details, tax identifiers, payout history, Stripe Connect dataPay Creators; tax and financial reporting
Marketplace (Creators/Clients)$500/mo access subscription (web, Stripe), listing/profile dataProvide and bill marketplace access
Content & interactionsStreams, shorts, messages/DMs, gifts, private 1:1 video sessions, reports you fileOperate the Service; moderation and safety; abuse and CSAM detection
Device & usageIP address, device identifiers, app version, coarse location/region, logs, crash dataSecurity, fraud prevention, geo-blocking, analytics, reliability
Support & communicationsMessages you send us, survey responsesRespond to you; improve the Service

4. Information You Provide

4.1 Account and profile. When you register, we collect your username, email address, a credential, and profile details you choose to add. You must confirm you are 18 or older.

4.2 Creator onboarding. To become a Creator, you must complete ID verification and a liveness (face) check and provide payout information. See Sections 5 and 6.

4.3 Content and communications. We collect the content you create, send, or transmit through the Service — including public streams and shorts, direct messages (including paid DMs), gifts, and private 1:1 video sessions — and reports or appeals you submit. How this content is moderated and retained is described in Section 7 and in the Community Guidelines & Safety Policy.

4.4 Support. When you contact support@glowsocial.app or in-app support, we collect the information in your request.


5. Payment and Payout Information

5.1 Viewer purchases (Coins) via Apple. Coins are purchased exclusively through Apple In-App Purchase. Apple processes your payment; we do not receive or store your full card number or Apple credentials. We receive transaction confirmations and records needed to credit Coins, provide support, prevent fraud, and meet recordkeeping obligations. Coins are a non-refundable, non-transferable license, are not redeemable for cash, and expire approximately 12 months after purchase; see the Coins Terms. Apple's handling of your payment is governed by Apple's privacy policy.

5.2 Creator payouts via Stripe Connect. Creator earnings (currently a 70% share of gross, as stated in the Creator Agreement) are paid through Stripe Connect (bank transfer, PayPal, or wire). Stripe collects and processes your payout and identity/tax details as a payment processor and, for certain purposes, as an independent controller under its own terms and privacy policy. We receive payout status and records needed for accounting, tax, and compliance.

5.3 Modeling Marketplace billing. Access to the Modeling Marketplace is a $500/month subscription billed externally via Stripe on the web — not through Apple. Gig payments for marketplace work are made directly between Creator and client; Glow takes 0%, does not custody funds, and does not adjudicate disputes. We therefore do not collect or hold the payment details exchanged for individual gigs. See the Modeling Marketplace Terms.

5.4 We are not a bank. Coins are not a deposit, stored-value instrument, or money-transmission balance, and the Service is not a payments or escrow service.


6. Identity, Age, and Biometric Information

This Section summarizes practices set out in full in the Biometric Data Consent & Retention Schedule. That document, together with your separate, explicit consent, governs biometric handling. In case of conflict, the Biometric Data Consent & Retention Schedule controls for biometric matters.

6.1 Separate, explicit consent. Before any facial/biometric processing, we obtain your explicit, separate opt-in consent, distinct from your acceptance of this Policy and the Terms of Service. You may decline; however, Creators cannot be verified or paid without completing verification, and certain Viewer features may require age assurance.

6.2 What we collect and how.

Verification is performed using Amazon Web Services (AWS) as our Service Provider.

6.3 How biometric data is stored — minimization.

6.4 Retention and destruction. We maintain a published retention and destruction schedule for identity and biometric data. Biometric References tied to safety bans may be retained on a one-way basis as part of the ban index and abuse recordkeeping, as described in Sections 7 and 10 and in the Retention Schedule.

6.5 Legal basis and sensitivity. Biometric and identity information is sensitive Personal Information. We collect and use it only for the purposes stated here and in the Retention Schedule, and we do not sell or "share" it (as those terms are used in the CCPA — see Section 9).


7. Safety, Moderation, and CSAM Compliance

Safety practices are described in full in the Community Guidelines & Safety Policy. This Section explains the privacy-relevant handling.

7.1 Public content moderation. Public streams and shorts are subject to automated and human moderation. This is a CLEAN lane: no explicit content is permitted. Moderation may process content, associated metadata, and reports.

7.2 Private 1:1 rooms — safety floor, not zero oversight. Private 1:1 video is not unmonitored. A safety floor applies: (a) a report-triggered evidence buffer that preserves relevant material when a report is made, and (b) automated CSAM hash-scanning. We do not conduct general human surveillance of private sessions outside these safety mechanisms. Because these safeguards exist, do not assume private sessions are fully private for unlawful purposes — they are not permitted, and prohibited material will be detected and reported.

7.3 Reporting and blocking. Report and block tools are available throughout the Service. Reports may include the reported content, identifiers, and context.

7.4 Enforcement outcomes. We may suspend or terminate accounts. Being hard-blocked by a threshold number of Creators results in a permanent ban. Bans may be face-pinned using the Biometric Reference to prevent ban evasion (Section 6.3).

7.5 CSAM detection and mandatory reporting. We use PhotoDNA (and comparable hash-matching) to detect CSAM. When CSAM is detected, we are legally obligated to report to the National Center for Missing & Exploited Children (NCMEC) in the United States and to Cybertip.ca in Canada, and to preserve related evidence. Such evidence and reports are preserved, not deleted, including after account deletion (Section 10). This obligation overrides deletion, access, and opt-out requests to the extent required by law.

7.6 Cooperation with authorities. We may disclose information to law enforcement and child-protection authorities as required or permitted by law (Section 8.4).


8. How We Disclose Personal Information

We do not sell Personal Information for money. We disclose Personal Information only as described here.

8.1 Service Providers. We share information with vendors that process it on our behalf under contract, including:

These providers are permitted to use the information only to provide services to us, except where they act as independent controllers under their own terms (e.g., Apple and Stripe for aspects of payment processing).

8.2 Between Users. Content you make public (profile, streams, shorts) is visible to others. Messages, gifts, and private-session participation are shared with the counterparties you interact with.

8.3 Corporate transactions. If we are involved in a merger, acquisition, financing, or asset sale, Personal Information may be transferred subject to appropriate confidentiality and continuity of this Policy's protections.

8.4 Legal, safety, and rights protection. We may disclose information to comply with law, respond to lawful requests and legal process, enforce our terms, prevent fraud, protect the safety of users or the public, and address CSAM and other abuse (Section 7).

8.5 Cross-border transfers and processing. Glow is based in Canada, and our Service Providers (including AWS, Stripe, and Apple) may process and store information in the United States, Canada, and other countries. Information processed outside your country may be accessible to courts, law enforcement, and authorities in those jurisdictions under their laws. We use contractual and security measures with our Service Providers consistent with PIPEDA.


9. Your California Privacy Rights (CCPA)

This Section applies to California residents. Terms in this Section have their CCPA meaning.

9.1 Categories collected. In the past 12 months we have collected the categories described in Section 3, including sensitive personal information (e.g., government identifiers, account log-in credentials, and biometric information used for verification and identification).

9.2 Sources and purposes. Sources and business/commercial purposes are described in Sections 3–7. We use sensitive personal information only for purposes permitted under the CCPA (such as verifying identity, providing the Service, and preventing fraud and abuse), and not to infer characteristics.

9.3 No sale; no "sharing" for cross-context behavioral advertising. We do not sell Personal Information and do not "share" it for cross-context behavioral advertising. We have not sold or shared the Personal Information of any consumer, and we do not knowingly sell or share the Personal Information of anyone under 16 (and the Service is 18+ regardless).

9.4 Your rights. Subject to legal exceptions, you may request to:

9.5 Exceptions. We may retain and decline to delete or correct information where an exception applies, including for legally required abuse/CSAM records, the one-way ban/identity hash, security, fraud prevention, and legal compliance (Sections 7 and 10).

9.6 How to exercise. Submit a request through the in-app privacy controls or at support@glowsocial.app. We will verify your identity before responding and will respond within the timeframes the CCPA requires. You may use an authorized agent as permitted by law.


10. Retention and Deletion

10.1 General retention. We keep Personal Information only as long as needed for the purposes in this Policy, to provide the Service, and to meet legal, tax, accounting, security, and dispute-resolution obligations, after which we delete or de-identify it. Identity and biometric retention follows the Biometric Data Consent & Retention Schedule.

10.2 In-app account deletion. You can request account deletion in the app. On deletion, we remove or de-identify your profile and content except as stated below.

10.3 Legal-obligation exception — what survives deletion. Even after account deletion, we retain, on a one-way / non-reversible basis where feasible:

These are retained because we are legally obligated to preserve them and to prevent banned or unlawful actors from returning. We do not use these retained records for any purpose other than safety, legal compliance, and enforcement.


11. Your PIPEDA Rights (Canada and Other Regions)

11.1 Access and correction. You may request access to the Personal Information we hold about you and ask us to correct inaccuracies, subject to legal exceptions.

11.2 Consent and withdrawal. Where we rely on consent (including the separate, explicit consent for biometric processing), you may withdraw it, subject to legal or contractual limits. Withdrawing consent may mean we can no longer verify you, pay you as a Creator, or provide certain features. Withdrawal does not affect processing that already occurred or records we must retain by law (Section 10.3).

11.3 How to exercise. Contact support@glowsocial.app. We will verify your identity and respond within the time required by law.

11.4 Accountability and complaints. We are accountable for Personal Information under our control, including information handled by Service Providers. If you have a concern, contact us first at support@glowsocial.app. You may also contact the Office of the Privacy Commissioner of Canada or your local privacy regulator.


12. Age Restriction and No Minors

The Service is 18+ only. We use ID and liveness verification, age signals, and safety systems to keep minors off the Service. We do not knowingly collect Personal Information from anyone under 18. If we learn that a user is under 18, we will terminate the account and delete associated Personal Information, except records we are legally required to preserve (including CSAM-related evidence under Section 7.5). If you believe a minor is using the Service, contact support@glowsocial.app immediately.


13. Security

We use administrative, technical, and physical safeguards designed to protect Personal Information, including access controls, encryption in transit, minimization of sensitive data (e.g., storing only a non-reversible Biometric Reference and briefly retaining raw ID images), and vendor security requirements. No system is perfectly secure, and we cannot guarantee absolute security. If a breach affecting your Personal Information occurs, we will notify affected users and regulators where required by applicable law (including PIPEDA breach-reporting and applicable state breach-notification laws).


14. Cookies, Analytics, and Similar Technologies

The Service uses device identifiers, logs, and similar technologies for authentication, security, fraud prevention, geo-blocking, reliability, and analytics. Our web pages (including Marketplace billing) may use cookies and similar technologies. We do not use these technologies for cross-context behavioral advertising (Section 9.3). Where required, we will provide cookie controls on our web properties.


15. Third-Party Services and Links

The Service integrates or links to third parties (e.g., Apple, Stripe, AWS) whose handling of your information is governed by their privacy policies. Gig arrangements in the Modeling Marketplace are directly between Creator and client; Glow does not control those parties' privacy practices and is not responsible for information you exchange with them. Review third-party policies before providing information.


16. Changes to This Policy

We may update this Policy. We will change the "Last updated" date and, for material changes, provide additional notice (e.g., in-app or by email) as required by law. Your continued use of the Service after an update takes effect signifies acceptance of the updated Policy, except where additional consent is legally required (such as for biometric processing).


17. How to Contact Us

Glow (Privacy Office) Email: support@glowsocial.app Mailing address: [COMPANY MAILING ADDRESS] Privacy Officer / person accountable under PIPEDA: [NAME / TITLE]

For related terms, see the Terms of Service, Coins Terms, Creator Agreement, Biometric Data Consent & Retention Schedule, Community Guidelines & Safety Policy, and Modeling Marketplace Terms.


End of draft. Placeholders, jurisdictional coverage, retention periods, vendor list, and all CCPA/PIPEDA disclosures must be verified and completed by qualified counsel before publication.