Last updated: 26 February 2026

Privacy Policy

EN FR

1. Introduction

Glaura is committed to protecting your personal data in accordance with the GDPR and French legislation under the supervision of the CNIL. This policy applies to all users aged 16 and over. Users under 16 must provide explicit parental consent by contacting dpo@glaura.ai.

You can view this policy at any time in the Glaura app under Profile (or Account) → Settings (or Account Settings) → Privacy Policy (or Terms and Privacy).

2. Data Collected

  • Identification data: Name, email (retained for account duration + 5 years)
  • Contact details: Phone number (until account deletion)
  • Financial data: Payments (retained for transaction + 5–10 years)
  • Location data: Real-time location to display nearby salons (max 2 months)
  • History and usage: Bookings, chat, notifications
  • OAuth data: Secure Google/Apple sign-in
  • IP logs: 1 year
  • Cookies: Max 13 months
  • Marketing consent: 3 years after last activity
  • Voice recordings: 6 months (5 years for contractual calls)

3. Device Identifiers and Other Identifiers

Our application automatically collects certain technical identifiers necessary for the proper functioning of our services:

  • Firebase Identifier (Firebase Installation ID): Used for push notifications, authentication and real-time features
  • Android Device ID: Used to uniquely identify your device to ensure account security and prevent fraud
  • Device information: Device model, OS version, device language (used for app optimization and technical support)
  • Session identifiers: Used to maintain your connection and improve your user experience

Purpose: These identifiers are collected exclusively to:

  • Send relevant push notifications (appointment reminders, confirmations)
  • Ensure secure authentication of your account
  • Prevent fraud and ensure application security
  • Improve performance and diagnose technical issues

Retention: These identifiers are retained for the duration of use of the application. They are deleted within 30 days of account deletion or app uninstall.

4. Data from Social Networks (Instagram / Meta)

When Service Providers (Glowers / SP) choose to connect their Instagram account to the Glaura app, we may collect certain data via Meta's official APIs (Instagram Graph API), only after explicit consent from the user concerned.

Data collected via Instagram

Depending on the permissions granted, we may access the following data:

  • Public content published on Instagram (videos and media)
  • Metadata associated with posts (captions, hashtags, publication date)
  • Connected Instagram professional account identifier

Data minimization: We only request and use the minimum data necessary for this feature: your professional account identifier and only media that contains the hashtag #glaura.

We never access:

  • private messages (DMs)
  • full follower lists
  • followers’ personal data
  • private content or stories
  • posting on your behalf

Purpose of Instagram integration

Instagram data is used exclusively to:

  • Automatically display on Glaura videos published by the Provider containing the hashtag #glaura
  • Showcase the Provider's professional profile in the app
  • Improve visibility of services offered

No external advertising use or data resale is carried out.

Legal basis for processing (GDPR)

Processing of data from Instagram is based on:

  • Explicit consent of the Provider when connecting their Instagram account
  • Performance of the contract between the Provider and Glaura

The Provider may withdraw consent at any time by disconnecting their Instagram account from the app.

Retention – Instagram data

Instagram media is displayed as long as:

  • the content exists on Instagram
  • the hashtag #glaura is present
  • the account remains connected to Glaura

Upon disconnection of the Instagram account or deletion of the Glaura account, content is deleted immediately or within 30 days at most.

Sharing and Meta compliance

  • Glaura strictly complies with Meta Platform Terms and Instagram Graph API Policies
  • No Instagram data is sold, transferred or used outside the functional scope described
  • Meta may process certain data in accordance with its own privacy policy

Meta policy: https://www.facebook.com/privacy/policy

Security and user control

  • Secure connection via OAuth (Meta)
  • Access revocable at any time
  • Logging and internal access controls

The technical data required to maintain your Instagram connection (e.g. access token) is stored securely and only for as long as the connection is active; it is deleted when you disconnect your account.

5. Purposes of Processing

We use your data to:

  • Manage accounts and bookings
  • Process payments via Stripe (PCI-DSS compliant)
  • Provide secure messaging and notifications
  • Display location-based services via Google Maps API
  • Improve the app and ensure its integrity
  • Provide customer support
  • Marketing with explicit consent
  • Comply with legal obligations

6. Legal Bases

  • Contract performance
  • Legitimate interest
  • Consent (location, marketing, contact sharing)
  • Legal obligation (EU compliance)

7. Data Sharing

We do not sell or share your data with third parties. We use:

  • Stripe for payments
  • Google Maps API for location
  • Firebase or other GDPR-compliant hosting

8. Hosting and Transfers

All data is hosted in the EU. Transfers outside the EU use Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

9. Data Security

We apply encryption, HTTPS protocols, regular security audits, penetration testing, access traceability and internal policies. Staff receive regular training.

10. User Rights (GDPR)

You have the right to access, rectify, erase, restrict, object to processing, request portability and set post-mortem directives. Contact: dpo@glaura.ai. Proof of identity may be required.

11. Retention Period

Data is retained only as long as necessary for the purposes described. Upon account deletion, all data is permanently erased within 30 days, except where required by law.

12. Account Deletion

You have the right to delete your account and all associated data at any time.

How to request deletion:

  • In-App: Log in to the app, go to Profile > Settings, and tap "Delete Account".
  • By Web/Email: If you cannot access the app, you can request deletion by emailing our Data Protection Officer at dpo@glaura.ai with the subject line "Account Deletion Request". Please provide your registered email address or phone number so we can verify your identity.

Data Deletion & Retention:

  • What is deleted: Your profile information, chat history, usage data, and authentication tokens will be permanently removed.
  • Timeline: Data is deleted within 30 days of your request.
  • What is kept: We may retain certain financial record data (e.g., transaction invoices) for a period of 5-10 years solely to comply with legal tax obligations.

13. Children's Privacy

Our application is not intended for children under 13. We do not knowingly collect their data. Users under 16 must provide parental consent.

14. Cookies

Cookies are used to improve the user experience and are retained for a maximum of 13 months. See our Cookie Policy for more details.

15. Complaints and CNIL

For any concerns, contact our DPO at dpo@glaura.ai or the CNIL:

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07
Phone: 01.53.73.22.22
https://www.cnil.fr