Privacy Policy — Made Glow

Version 1.0 · Effective May 20, 2026

Made Glow, Inc. ("Made Glow," "we," "us," or "our") is a Florida corporation that operates a two-sided technology marketplace connecting consumers ("Consumers") with independent, licensed beauty professionals ("Beauty Pros" or "Pros") who travel to a location chosen by the Consumer — typically the Consumer's home — to perform beauty services. This Privacy Policy explains what information we collect when you use our mobile applications, our website at madeglow.com, our web application at app.madeglow.com, and any related products and services we operate (collectively, the "Services"); how we use it; who we share it with; how long we keep it; and the rights and choices you have.

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services. Where required by law, we will ask for your consent before processing your personal information for specific purposes, and you can withdraw that consent as described below.

1. Who we are

Made Glow, Inc. is a Florida corporation with its principal place of business in the State of Florida. We currently operate the Services in Florida and are launching service area by service area. Made Glow is a marketplace; we are not the provider of the beauty services themselves. Beauty Pros are independent contractors. References to "your Pro" or "your provider" mean the independent Beauty Pro you matched with through the platform, not Made Glow.

For questions about this policy or to exercise the rights described below, contact our privacy team at [email protected].

2. Information we collect

2.1 Information you give us directly

Account information. Name, email address, mobile phone number, password (hashed), date of birth (used only to confirm you are 18 or older), and profile photo.
Service preferences (Consumers). The beauty service categories you are interested in, the address(es) at which you would like to receive service, and any service-specific notes (allergies, skin or hair sensitivities, accessibility needs, parking instructions).
Identity and licensing information (Pros only). Government-issued photo ID, a live selfie, your state-issued cosmetology, esthetician, nail-technician, barber, or massage license, your federal tax-classification information (W-9), and the bank account or debit card to which your earnings are paid.
Booking information. Service booked, scheduled date and time, service address, special requests, prices, downpayment, tip, total charged, and post-service rating and review.
Payment information. Cardholder data is collected and tokenized directly by our payment processor, Stripe, Inc. ("Stripe"). Made Glow does not store full credit-card numbers, CVV values, or full bank-account numbers. We retain only a non-sensitive token from Stripe (e.g., last four digits, brand, expiration) so we can show you which card is on file.
Photos and uploads. Profile photos, portfolio images (Pros), and inspiration/reference photos you choose to upload to help your Pro understand the look you want. Photos may be processed by our AI matching and recommendation systems described below.
Communications. Messages exchanged between Consumers and Pros via in-app chat, support tickets you open with us, and feedback you submit.

2.2 Information we collect automatically

Device and technical information. Device model, operating system and version, browser type, IP address, mobile network operator, time zone, language preference, advertising identifier (where permitted), and crash logs.
Location information. If you grant permission, we collect precise (GPS-level) device location to find and match you with Pros near you, to estimate travel and arrival times, to enable real-time arrival tracking during a booking, and (for Pros) to manage your service area. Precise geolocation is treated as sensitive personal information. You can revoke location permission at any time in your device settings; doing so may limit core matching and tracking features.
Calendar information. If you choose to add an appointment to your device calendar, and you grant calendar permission, the app writes the booking details (title, date, time, and location) to your selected calendar. We use calendar access only to create or update that event at your request; we do not read, scan, or upload your other calendar entries.
Usage information. Screens you visit, features you use, search queries, in-app interactions, time spent, referring page, and similar diagnostic information.
Cookies and similar technologies. See Section 8 below and the dedicated Cookie Policy for the full table.

2.3 Information we receive from third parties

Identity-verification and background-check results from Checkr, Inc. ("Checkr") for Pros (confirmation that ID matched the selfie, summary criminal-record information limited to fields permitted by the FCRA and applicable state law).
Payment, payout, and dispute events from Stripe.
Push delivery status from Apple Push Notification service ("APNs"), Firebase Cloud Messaging ("FCM"), and Expo Push.
Sign-in information from Apple, Google, or Facebook if you choose to sign in using their identity providers (we receive only the minimum profile fields you authorize).
Anti-fraud signals from Cloudflare Turnstile and Firebase App Check, which help us confirm requests come from real devices and humans.

3. How and why we use information (legal bases)

We use the information we collect for the purposes below. For users in jurisdictions that require it (such as the EU, UK, and EEA), the legal basis we rely on is shown in parentheses.

Create, secure, and maintain your account; authenticate logins; recover lost accounts (performance of contract; legitimate interest).
Match Consumers and Pros based on location, service type, ratings, availability, and price; recommend services; rank search results (performance of contract; legitimate interest).
Process bookings, charges, downpayments, tips, refunds, payouts, and chargebacks via Stripe (performance of contract; legal obligation).
Send transactional notifications (booking confirmations, status updates, reminders, receipts, safety alerts) via push, SMS, and email (performance of contract).
Verify Pro identity and license, and run permitted background screening at onboarding (legal obligation; legitimate interest in marketplace integrity).
Provide customer and safety support, including investigating reports and disputes (performance of contract; legitimate interest; legal obligation).
Detect, prevent, and respond to fraud, abuse, security incidents, harassment, and Terms-of-Service violations (legitimate interest; legal obligation).
Improve, debug, and develop the Services through analytics, A/B testing, and product research (legitimate interest; consent where required).
Train and improve our AI-powered matching, recommendation, and image-understanding features (legitimate interest; you may opt out of using your photos for AI improvement — see Section 9 below).
Send marketing communications about Made Glow products, promotions, and services (consent where required; legitimate interest where permitted; you can unsubscribe at any time).
Comply with applicable laws, respond to lawful legal process, and enforce our agreements (legal obligation).

4. How we share information

We do not sell your personal information for money. We do not share your personal information with third parties for their own cross-context behavioral advertising. We share information only as described below.

4.1 Between matched Consumers and Pros

When a booking is confirmed, we share with the matched Pro your first name, profile photo, service address, scheduled time, and any service-specific notes. The Consumer sees the Pro's name, profile photo, license verification status, ratings, reviews, portfolio, and price list. We do not share phone numbers or email addresses; in-platform chat is the only direct channel.

4.2 Service providers (data processors) acting on our behalf

We share information with vendors who process it under our instructions and a written data-processing agreement. Our principal processors are:

Stripe, Inc. — payment processing, payouts, identity verification on Pro Connect accounts, and fraud prevention. Stripe collects and tokenizes payment-card and bank-account data directly; Made Glow does not receive or store full card or bank-account numbers.
Google LLC / Firebase — authentication, app crash analytics, real-time and cloud database, cloud messaging (FCM), App Check anti-abuse, SMS one-time-passcode delivery, and hosting.
Twilio Inc. — delivery of transactional SMS text messages, such as one-time verification codes and booking notifications, to your verified mobile phone number.
Cloudflare, Inc. — content delivery, DDoS protection, Turnstile bot prevention, and edge caching for the marketing site.
Resend (Tincre, Inc.) — transactional email delivery (booking confirmations, password resets, receipts).
Expo (650 Industries, Inc.) — mobile application infrastructure, over-the-air updates, build services, and push-notification routing for our React Native applications.
Checkr, Inc. — Pro identity verification and consumer-report background screening.
Apple Inc. and Google LLC — operators of the App Store and Play Store; push-notification services (APNs, FCM); and optional Sign in with Apple / Sign in with Google identity.
Anthropic, PBC and OpenAI, OpenCo LLC — large-language-model providers used to power AI matching, search ranking, and customer-support summarization. Inputs sent to these providers are minimized and do not include payment-card data.
Sentry (Functional Software, Inc.) — application error and crash monitoring.

Each processor is contractually obligated to use the information only to perform its services for us, to keep the information secure, and to delete it on request.

4.3 Legal, safety, and compliance

We may disclose information when we reasonably believe it is necessary to: (a) comply with a law, regulation, court order, subpoena, or other valid legal process; (b) protect the safety of any person or the public; (c) investigate or respond to suspected fraud, abuse, or violations of our Terms; or (d) defend Made Glow's legal rights. Where permitted, we will notify you before disclosure.

4.4 Business transfers

If Made Glow is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you (e.g., by email or in-app notice) before your information becomes subject to a different privacy policy.

4.5 With your direction or consent

We may share information with other parties at your direction (for example, when you ask us to send a referral) or with your consent.

5. How long we keep information (retention)

We keep information only as long as we need it for the purposes described in this policy or as required by law.

Account information — for as long as your account is active, plus a 90-day grace period after deletion to support account recovery and to investigate fraud and disputes. After that, account records are deleted or de-identified.
Booking, payment, and tax records — at least seven (7) years to comply with U.S. federal and Florida state tax, accounting, and consumer-protection requirements. Payment data we send to Stripe is retained by Stripe under Stripe's privacy policy.
In-app chat messages — up to two (2) years from the booking date, then automatically purged. Messages relating to an open safety, fraud, or legal investigation are preserved until the matter is resolved.
Background-check reports (Pros) — for as long as the Pro is active on the platform plus the period required by the FCRA and applicable state law (currently a minimum of seven years after the Pro's account is closed).
Analytics and product-improvement data — typically twenty-five (25) months in identifiable form, then aggregated.
Backups — encrypted backups are retained for up to thirty-five (35) days for disaster recovery, after which deletion propagates.

6. Your rights and choices

You have the choices below regardless of where you live. If you live in a jurisdiction with a specific privacy law (California, Colorado, Connecticut, Utah, Virginia, the EU, the UK, or the EEA), additional rights are described in the subsections below.

Access and update. View and edit your profile, address, payment method, and notification preferences in the app under Account → Profile.
Location. Revoke location permission in your device's Settings → Made Glow → Location.
Notifications. Disable push, SMS, or email notifications in the app under Account → Notifications.
Marketing emails. Use the unsubscribe link in any marketing email, or email [email protected].
Account deletion. Tap Account → Delete Account in the app, or email [email protected] from the address tied to your account. We will permanently delete your personal information within thirty (30) days, except information we are required by law to retain (such as tax records).

6.1 California residents — your CCPA / CPRA rights

If you are a California resident, you have the right to:

Know the categories and specific pieces of personal information we have collected about you in the past twelve months and the purposes for collection.
Delete personal information we hold about you (subject to legal exceptions).
Correct inaccurate personal information.
Opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising. Made Glow does not sell or share personal information for cross-context behavioral advertising. A Global Privacy Control ("GPC") signal sent by your browser will be treated as an opt-out.
Limit use of sensitive personal information (such as precise geolocation) to what is reasonably necessary to provide the Services.
Be free from discrimination for exercising any of these rights — we will not deny services, charge a different price, or provide a different level of quality because you exercised a privacy right.

To exercise these rights, email [email protected] with the subject "California Privacy Request" or write to the postal address in Section 13. We will verify your identity using account information already on file. You may use an authorized agent; the agent must provide written permission and we may ask you to confirm directly.

6.2 EU/UK/EEA residents — your GDPR rights

If you are in the European Union, the United Kingdom, or another country whose laws give effect to the GDPR, you have the right to:

Access the personal data we hold about you and receive a copy.
Rectification of inaccurate or incomplete data.
Erasure ("right to be forgotten"), subject to legal exceptions.
Restriction of processing in certain circumstances.
Data portability — receive a structured, commonly used, machine-readable copy of data you provided to us.
Object to processing based on legitimate interest, including direct marketing.
Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing).
Lodge a complaint with your local supervisory authority. We would, of course, appreciate the chance to address your concerns first — please contact [email protected].

6.3 Florida residents — your Florida Digital Bill of Rights

Made Glow is a Florida company and Florida is our launch market. To the extent the Florida Digital Bill of Rights (Fla. Stat. § 501.701 et seq.) applies to you and to Made Glow, you have the right to:

Confirm and access. Confirm whether we are processing your personal information and access that information.
Correct. Correct inaccuracies in your personal information, taking into account its nature and our purposes for processing it.
Delete. Delete personal information that we have collected about you, subject to legal exceptions (such as records we must retain for tax or compliance purposes).
Obtain a copy. Obtain a portable copy of the personal information you previously provided, in a readily usable format.
Opt out of the sale of personal information, of targeted advertising, and of certain profiling. Made Glow does not sell your personal information and does not use it for targeted advertising or for profiling that produces legal or similarly significant effects.
Opt out of voice/facial collection. Florida law gives you the ability to opt out of the collection of personal data through the operation of a voice-recognition or facial-recognition feature. Made Glow does not use voice-recognition or facial-recognition features to identify you.

To exercise these rights, email [email protected] with the subject "Florida Privacy Request" or write to the postal address in Section 13. We will verify your request using account information already on file. If we decline a request, we will explain why, and you may appeal that decision by replying to our response; you may also contact the Florida Department of Legal Affairs.

6.4 Other U.S. state residents

Residents of California, Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws have rights similar to those described above (access, correction, deletion, portability, opt-out of sale and targeted advertising). To exercise these rights, contact [email protected].

7. SMS and text-message communications

When you provide your mobile phone number and verify it, you consent to receive transactional and service-related text messages (SMS) from Made Glow and our messaging providers (Twilio and Firebase). These include one-time verification codes, booking confirmations, appointment reminders, arrival and status updates, and important account or safety notices. These messages are part of the core functionality of the Services and are not marketing.

Message frequency varies based on your activity on the Services.
Message and data rates may apply depending on your mobile carrier and plan. Made Glow does not charge you for SMS, but your carrier may.
Opting out. You can reply STOP to most non-essential message threads to stop those messages, or adjust SMS preferences in the app under Account → Notifications. Reply HELP for help. Note that we may still send essential security messages, such as one-time verification codes, where needed to operate your account.
We do not share your mobile phone number with third parties for their own marketing, and we do not sell it.

8. Cookies and similar technologies

We and our service providers use cookies, local storage, and similar technologies to operate the Site, remember preferences, secure your session, and measure traffic. We classify them into four categories:

Strictly necessary — required for the Services to function (authentication, load balancing, security tokens). Cannot be disabled.
Functional — remember preferences such as theme and language.
Analytics — help us understand how the Site is used so we can improve it.
Advertising — currently not used on the marketing site. If we ever introduce advertising cookies, we will obtain consent and update this policy.

You can adjust or revoke your choices at any time using the cookie banner ("Cookie preferences" link in the footer). For the full list of specific cookies, lifespans, and third-party setters, see our Cookie Policy.

9. Photos and AI features

You can upload profile photos and reference or inspiration photos to help your Pro understand the look you want, and you may also send photos through in-app chat. We may process photos using machine-learning models — including third-party large-language and vision models — to recommend services, match you to a Pro, and improve search ranking. We do not use facial recognition to identify you, we do not use your photos to identify you to other users beyond the booking flow, and we do not share your photos with advertisers.

If you would prefer that your photos and review text not be used to train or improve our matching and recommendation models, you can opt out at Account → Privacy → AI training in the app or by emailing [email protected]. Opting out will not reduce the quality of the service you receive.

10. Children's privacy

The Services are intended only for adults and are not directed to children. You must be at least eighteen (18) years old to create an account, to be a Consumer, or to book or receive a Service. We apply age-gating at signup and we do not knowingly collect personal information from anyone under eighteen (18), and in no event from anyone under thirteen (13). If you believe a minor has provided us with personal information, contact [email protected] and we will delete it promptly.

11. Security

We use technical, administrative, and physical safeguards designed to protect your information, including:

Encryption in transit using TLS 1.2 or higher.
Encryption at rest using AES-256 (or stronger) for databases and backups.
Tokenization of payment-card data through Stripe; Made Glow servers never store card numbers.
Firebase App Check and Cloudflare Turnstile to reduce automated abuse.
Per-user and per-IP rate limiting on sensitive endpoints (sign-in, OTP, password reset, support submissions).
Role-based access controls inside Made Glow — only the minimum number of staff who need access to support, fraud, or safety functions can see your data, and that access is logged.
Regular vulnerability scanning, dependency-update review, and incident-response drills.

No method of electronic storage or transmission is one hundred percent secure. If we discover a breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

12. International data transfers

Made Glow is based in the United States and our Services and infrastructure are hosted in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S., where data-protection laws may differ from those in your jurisdiction. Where we transfer personal data of EU/UK/EEA residents to the U.S. or other countries that have not been recognized as providing an adequate level of data protection, we rely on the European Commission's Standard Contractual Clauses ("SCCs"), the UK International Data Transfer Addendum, or another lawful transfer mechanism, together with supplementary safeguards as required by law. To request a copy of the SCCs we use, email [email protected].

13. Contact us

For privacy questions, requests, or complaints, or to exercise any of the rights described in Section 6:

Email: [email protected]
Mail: Made Glow, Inc., Attn: Privacy Team, 441 S State Road 7, STE 1, Margate, FL 33068, United States.

We aim to respond to all privacy requests within forty-five (45) days, or sooner where required by law. We will verify your request using information already associated with your account.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to the Services, our practices, or applicable law. The "Effective" date at the top of this policy reflects the current version. If we make material changes, we will notify you by in-app notification, email, or banner on the Site at least thirty (30) days before the changes take effect, where required by law. Your continued use of the Services after a change becomes effective constitutes your acceptance of the updated policy.

Privacy policy.