Nuron Inc.

Privacy Policy - GlamMax

Operator: Nuron Inc. Effective date: June 3, 2026

This Privacy Policy describes how Nuron Inc. (“we,” “us,” or “our”) handles information when you use the GlamMax mobile application (the “App”).

Summary

GlamMax provides AI-assisted appearance guidance based on photos, chat messages, and any text you submit for analysis. The App can also help you build an on-device profile of descriptive feature labels from camera captures you choose. The App uses Sign in with Apple through Supabase Auth so profile sync, credits, purchases, referrals, chat access, and entitlement state stay connected to your account.

We use the information you submit only to provide the requested analysis, operate the App, protect the service, and support purchases where applicable. We do not sell your personal information or use your photos for advertising.

Photos and Face Data

When you choose to run an analysis or build a profile, GlamMax processes the photo or photos you select or capture. These photos may include your face.

GlamMax does not collect Face ID data, faceprints, biometric identifiers, or biometric templates. Profile capture may record on-device face geometry and quality metadata to guide framing and save your local profile session, but we do not use this information to identify you, verify your identity, or recognize you across other services.

Photos are used to generate the analysis or profile labels you request, such as understanding how a look reads, comparing photos, improving a photo toward a goal, or labeling descriptive profile fields. Descriptive labels such as face shape, eye shape, brow shape, contrast, undertone, or hair texture are general visual categories; they are not biometric measurements or templates.

We use submitted photos and face-related visual information only to provide the analysis you request. We do not use photos for identity verification, face recognition, biometric templates, advertising, or selling data.

TrueDepth Camera and ARKit Face Geometry

On supported devices, GlamMax may use Apple’s TrueDepth camera through ARKit during profile capture.

TrueDepth/ARKit face-geometry data is processed on device for profile capture guidance and quality checks. It is not sent to our servers or third parties and is not used for identity verification, face recognition, advertising, or biometric templates. Local capture history can be deleted from the Profile screen or by deleting the App.

Face Data Retention

GlamMax does not retain face data on its backend.

Photos submitted for analysis or profile labeling may include a user’s face. Nuron Inc. does not intentionally store submitted photos, faceprints, biometric identifiers, or biometric templates on its backend as account history.

Submitted photos and face-related visual information are processed on the backend only for the time needed to generate the requested analysis or profile-labeling response. Profile-labeling jobs may temporarily store submitted image payloads while the job is pending or running, and those payloads are cleared when the job completes or fails. After the request is completed or fails, Nuron Inc. does not intentionally retain submitted photos or face data on its backend.

Profile captures, on-device geometry metadata, and profile labels may be stored locally in the App’s Application Support storage so the profile can be displayed and re-used on your device. Profile capture directories are excluded from iCloud backup by default. After profile labeling completes, the App prunes raw profile-capture photos and duplicate frame sidecars while keeping the local profile summary and capture-session geometry metadata. You can also delete local profile capture history from the profile sheet. The lightweight profile summary and latest Understand metadata mirror may remain on device unless you delete the App.

We do not log raw photos, raw base64 image payloads, prompt text, or full request bodies. Technical and operational logs may retain metadata, such as request time, app version, request status, error category, approximate network information, and abuse-prevention signals, but not raw photos or face data.

The reason for temporary backend processing is to provide the requested Understand, Compare, Improve, or profile-labeling result. We do not store backend face data for future identification, authentication, recognition, advertising, or model training.

Text Inputs and Results

Depending on the mode you select, you may be required or invited to provide text, such as a goal in Improve mode, optional context in Compare mode, or messages in Beauty Advisor chat. We use this text to generate the requested analysis or chat response.

Beauty Advisor chat may store chat text, message metadata, thread metadata, and action-card state so the conversation can continue across sessions. Chat image attachments may be temporarily stored only when needed to support a confirm-before-charge action; image payloads are stripped when no action is proposed, when the action is completed, cancelled, or expires.

The App may display analysis results and locally stored profile labels on your device. GlamMax does not currently provide account-based cloud history for photos, profile captures, or standalone analysis results.

Technical and Operational Data

We may process limited technical, operational, and product interaction information needed to run, secure, debug, and improve the App and related services. This may include device or app information, request metadata, approximate network information, service status, error information, abuse-prevention signals, screen or flow events, subscription flow events, and analysis success or failure status.

Account and credit records: We use Supabase to manage Sign in with Apple sessions and to store account records such as your Supabase user ID, Apple sign-in identifier, email if Apple provides it, entitlement status, credit ledger entries, in-app purchase transaction references, referral code, referral status, profile metadata, chat thread and message records, and request idempotency records.

Anonymous client identifier: A random UUID is generated the first time you run the App and stored in your device’s Keychain. This identifier is sent as a request header with analysis and app-event requests to help detect abuse, understand app flow completion, and troubleshoot reliability. It is not used to track you across apps or services.

Before product or operational events are sent to our analytics provider, account and client identifiers are replaced with separate one-way hashed identifiers. We do not send the analytics provider your raw Supabase user ID, Apple sign-in identifier, email, name, or raw client UUID. After sign-in, the two hashed identifiers may be linked so we can measure pre- and post-sign-in flows without disclosing the underlying identifiers.

Analytics and operational events do not include raw photos, base64 image payloads, prompt text, full request bodies, or the free-form goal/context text you enter for analysis.

We use this information to provide the App, prevent misuse, troubleshoot issues, enforce service limits, understand feature usage, and maintain reliability and security.

Purchases

Subscriptions and in-app purchases are processed by Apple through StoreKit. We do not receive your full payment card number or Apple ID. Apple’s terms and privacy policy apply to purchases, renewals, cancellations, refunds, and related payment processing.

We store limited Apple transaction identifiers and product identifiers so we can verify purchases, maintain subscription entitlement state, grant consumable credits, handle refunds or revocations, and prevent duplicate credit grants.

Service Providers

We may use service providers to help operate GlamMax, including providers for AI processing, hosting, app distribution, purchases, security, analytics, and infrastructure.

GlamMax uses Supabase, Inc. for authentication, database, and account infrastructure. Supabase stores the account, entitlement, credit ledger, referral, and purchase-verification records described above. The iOS app uses only the Supabase publishable key; secret service-role access is used server-side only.

GlamMax may use one or more third-party AI processing providers to generate requested analyses and profile labels from submitted photos and text. These providers may include Google LLC, OpenAI, L.L.C., Anthropic, PBC, and Hugging Face, Inc.

We do not disclose specific model names, model versions, routing logic, or testing logic because these may change over time. However, any provider that receives submitted photos or text is used only to generate the requested analysis, operate the service, maintain safety and reliability, and prevent abuse.

Submitted photos may include a user’s face. We share photos and face-related visual information with these AI processing providers only when needed to provide the analysis or profile-labeling feature requested by the user. We do not authorize these providers to use submitted photos or face data for advertising, identity verification, face recognition, biometric templates, or unrelated user profiling.

These service providers process information only as needed to provide their services to us or as otherwise described in their own terms and privacy policies. We require service providers that process personal information for us to protect that information in a manner consistent with this Privacy Policy and applicable law.

For product analytics, GlamMax may use PostHog, Inc. to process pseudonymous, metadata-only product and operational events. PostHog Person profiles use only one-way hashed identifiers; we do not send PostHog raw account/client identifiers, email, name, Apple identifiers, raw photos, base64 image payloads, prompt text, full request bodies, or free-form analysis goals/context. Pseudonymous profiles are used only to measure flows, unique usage, reliability, and aggregate product performance.

Third-Party AI Storage Practices

The AI processing providers listed above may temporarily process or retain submitted content according to their own business/API terms, privacy policies, data processing terms, abuse-prevention policies, and security requirements.

Google Gemini API: Google states that paid Gemini API prompts, associated files such as images, and responses are not used to improve Google products. Google may log prompts and responses for a limited period for safety, security, abuse prevention, and legal or regulatory reasons. Google documentation states that Gemini API logs expire after 55 days by default where logging applies.

OpenAI API: OpenAI states that API data is not used to train OpenAI models unless the customer explicitly opts in. OpenAI may retain abuse-monitoring logs containing customer content by default for up to 30 days, unless longer retention is required by law or needed to protect services or third parties.

Anthropic API: Anthropic states that retained API data is not used for model training without express permission and that certain API arrangements may support zero data retention. Anthropic may retain data where required by law or to combat usage-policy violations or malicious use.

Hugging Face Inference Providers: Hugging Face states that it does not store user data for training purposes when routing inference requests through Hugging Face, does not store request bodies or responses when routing requests, and keeps debugging logs for up to 30 days without user data or tokens.

Provider policies:

What We Do Not Do

In the current version:

Retention

We retain information only for as long as reasonably necessary to provide the App, operate and secure the service, comply with legal obligations, resolve disputes, and enforce our terms.

Photos, face data, and any text submitted for standalone analysis or profile labeling are used to provide the requested response and are not intentionally retained by Nuron Inc. after the request completes or fails. We do not currently provide account-based storage or history for standalone analysis photos/results or profile captures.

Beauty Advisor chat text, message metadata, thread metadata, and action-card state may be retained while your account is active so chat can function across sessions. Chat image payloads are temporary and are stripped as described above.

Technical and operational records may be retained for security, debugging, abuse prevention, and reliability.

Account, credit ledger, entitlement, referral, and purchase-verification records may be retained while your account is active and as needed to operate purchases, prevent fraud or duplicate credits, comply with legal obligations, resolve disputes, and enforce our terms.

Children

GlamMax is not directed to children under 13. We do not knowingly collect personal information from children under 13.

International Users

If you use GlamMax outside the United States, your information may be processed in the United States or other regions where we or our service providers operate.

Your Choices

Changes

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide additional notice when appropriate.

Contact

Nuron Inc. support@nuroninc.com GlamMax privacy inquiries