Privacy Policy

Effective Date: October 4, 2025

At GlowPro Labs, LLC ("we," "us," or "our"), a limited liability company formed in the State of Delaware with its principal place of business at 5350 Bridge Street, Suite 2406, Tampa, FL 33611, we are committed to protecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, disclose, and safeguard information when you use our mobile application available on iPhones and iPads (the "App"), website at www.glowpromd.com (the "Site"), and related services (collectively, the "Services").

By using the Services, you consent to the practices described herein. If you are a business using the Services on behalf of clients ("Customer"), this Policy applies to both Customer data and end-client data you process.

We follow HIPAA best practices for handling Protected Health Information ("PHI") as a "HIPAA light" organization, ensuring all photos and files are stored in HIPAA-compliant storage. We do not execute Business Associate Agreements ("BAAs").

1. Information We Collect

We collect information to provide and improve the Services. Categories include:

Personal Information

• From You: Name, email, phone, billing details, and business information during Account creation or transactions.
• From Use: IP address, device ID, usage data (e.g., session duration, features used).
• User-Provided Content: Client photos, notes, forms, and metadata (e.g., timestamps, annotations). This may include PHI if you are a healthcare practitioner.

Other Information

• Aggregated analytics (e.g., app usage trends).
• Cookies and tracking technologies for functionality and analytics (e.g., Google Analytics; see Section 9 for opt-out).

We do not collect sensitive information beyond what is necessary for the Services (e.g., no geolocation without consent).

2. How We Use Information

We use information for:

• Providing and maintaining the Services (e.g., storing User Content, processing photos).
• Billing and account management.
• Communicating with you (e.g., support, updates).
• Improving the Services (e.g., analytics, bug fixes).
• Compliance and security (e.g., fraud detection, HIPAA best practices).
• Marketing (with consent; opt-out anytime).

For PHI, uses are limited to those permitted under HIPAA best practices and applicable law.

3. How We Share Information

We do not sell your information. Sharing occurs only as needed:

• Service Providers: Third parties for hosting (e.g., AWS, HIPAA-compliant), payments (e.g., Stripe), analytics (anonymized).
• Business Transfers: In mergers, acquisitions, or sales (with notice).
• Legal Requirements: To comply with laws, subpoenas, or protect rights.
• With Consent: For marketing or other purposes you approve.

PHI disclosures are minimized and comply with HIPAA best practices. We require vendors to maintain HIPAA-compliant safeguards.

International transfers (if any) use Standard Contractual Clauses or adequacy decisions.

4. Data Security

We implement reasonable safeguards, including encryption (at rest and in transit), access controls, and regular audits, to protect information, aligned with HIPAA best practices for PHI. However, no system is impenetrable; you use the Services at your own risk.

5. Data Retention

We retain information as long as needed for the purposes above or legal requirements:

• Account data: Until deletion request or Account termination + 365 days.
• PHI: Until no longer needed for treatment/payment/operations, per HIPAA best practices.
• Logs: Up to 7 years for compliance.

You may request deletion via [email protected], subject to legal holds.

6. Your Rights and Choices

Depending on your location:

• Access/Update/Delete: Request via Account settings or email.
• Opt-Out: From marketing emails (unsubscribe link); cookies (browser settings).
• CCPA/CPRA: California residents may request disclosure, deletion, or opt-out of "sales" (we do not sell). Submit verifiable requests twice yearly.
• HIPAA: Clients have rights to access/amend PHI; direct requests to you as the Covered Entity.

We respond within legal timelines (e.g., 45 days for CCPA). Appeals available.

7. Children's Privacy

The Services are not for children under 13 (or 16 in some jurisdictions). We do not knowingly collect their data.

8. Third-Party Links

The Services may link to third-party sites (e.g., payment processors). We are not responsible for their practices; review their policies.

9. Cookies and Tracking

We use:

• Essential Cookies: For functionality.
• Analytics Cookies: For performance (e.g., Google Analytics; opt-out via tools.google.com).
• Do Not Track: We honor browser DNT signals where possible.

10. Changes to This Policy

We may update this Policy. Material changes will be notified via email or in-App. Continued use constitutes acceptance.

11. Contact Us

For questions, exercise rights, or HIPAA-related inquiries:

• Email: [email protected]
• Mail: GlowPro Labs, LLC, Attn: ZenBusiness Inc, 611 South Dupont Highway, Suite 102, Dover, DE 19901

Last Updated: October 4, 2025.