GB Logo

Privacy Policy

Last updated: October 26, 2025

This Privacy Policy explains how Gloss & Bow, LLC ("we," "us," or "our"), the company behind Gloss & Bow, collects, uses, stores, and shares your personal information when you use our website and services ("Services"). This includes when you:

  • Visit our website at https://glossandbow.com or any linked pages referencing this Privacy Policy.
  • Interact with us, including making purchases, subscribing, providing feedback, or contacting support.

If you do not agree with this policy or our practices, please do not use our Services. For any questions, contact us at hi@glossandbow.com.

Summary of Key Points

  • What we collect: We process personal information you provide (e.g. - name, email, payment details, preferences) and technical data collected automatically when you use the platform.
  • Sensitive information: We may process sensitive sexual preference data only with your explicit consent to personalize your experience.
  • Third-party data: We do not buy or receive personal data from external sources.
  • Use of data: We use your information to provide and secure services, process payments, enforce policies, and comply with the law.
  • Sharing: We share data only with trusted service providers (e.g., payment and infrastructure partners). We do not sell or share your data for advertising.
  • Security: We use strong security measures (encryption, secure infrastructure) but no system is 100% secure.
  • Your rights: Depending on where you live, you may have rights to access, correct, delete, or restrict use of your data.
  • How to exercise: You can email us at hi@glossandbow.com to exercise your privacy rights.

Table of Contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on?
  4. When and with whom do we share your information?
  5. What is our stance on third-party websites?
  6. Do we use cookies and tracking technologies?
  7. How do we handle your social logins?
  8. How long do we keep your information?
  9. How do we keep your information safe?
  10. Do we collect information from minors?
  11. What are your privacy rights?
  12. Do-Not-Track controls
  13. U.S. state-specific privacy rights
  14. International privacy rights
  15. Updates to this policy
  16. Contact information
  17. How to review, update, or delete your data

1. What Information Do We Collect?

A. Personal Information You Provide

We collect the information you voluntarily give us when using our Services. This includes:

  • Basic details: Name, email address, gender, sexuality, and billing information.
  • Sensitive data: Information related to sexual preferences, fantasies, or interests — only with your explicit consent and only to personalize your experience.
  • Payment data: Payment details processed securely through Ko-fi. For credit cards used via Privacy.com, we do not collect billing data directly.
  • Social logins: If you register through Google or other providers, we collect basic profile information for account creation and authentication.

All information must be accurate and up to date.

B. Information Collected Automatically

When you use our platform, we automatically collect certain technical and interaction data, such as:

  • IP address, browser type, operating system, device type, language settings, and time of visit.
  • Referring URLs, error logs, and usage patterns for troubleshooting and performance.
  • General location based on your IP address (no GPS or precise location).

We use this data only to maintain security, improve performance, and ensure smooth operation. We do not use third-party analytics or advertising trackers.

2. How Do We Process Your Information?

We process your information strictly to provide, protect, and improve our Services. We do not sell or share your data for advertising. Our processing includes:

  • Account creation & authentication: To register your account and manage secure access.
  • Service delivery: To generate personalized stories, images, audio, and other requested features.
  • Payment processing: To complete transactions, handle refunds, and meet accounting obligations.
  • Support & feedback: To respond to inquiries and improve our services through aggregated, anonymized insights.
  • Service notifications: To send essential communications such as account or policy updates.
  • Affiliate tracking: We use built-in tracking to manage referrals using anonymous order IDs and session cookies.
  • Error monitoring: We use PostHog to detect bugs and maintain stability without storing personal identifiers.
  • Fraud prevention & security: To detect suspicious activity and enforce our Acceptable Use Policy.
  • Usage analysis: We review anonymized usage data to improve performance and features.
  • Legal compliance: To meet legal obligations or respond to lawful requests.

3. What Legal Bases Do We Rely On?

If you are located in the EU or UK, we process your data under these legal bases:

  • Consent: When you give explicit permission (e.g., for processing sensitive data or receiving marketing emails).
  • Contract: When needed to provide Services you requested, such as content generation, payments, or refunds.
  • Legitimate Interests: For security, fraud prevention, service improvements, and essential communications, provided these interests don't override your rights.
  • Legal Obligations: When required by law or regulatory authorities.
  • Vital Interests: In exceptional cases to protect your safety or the safety of others.

If you are located in Canada, we rely on explicit or implied consent, and in limited cases, legal exceptions such as fraud prevention, legal compliance, or emergencies.

You may withdraw consent at any time without affecting prior lawful processing.

4. When and With Whom Do We Share Your Information?

We share your personal information only with trusted service providers and when legally required. Third parties are contractually obligated to use your data only for the services we request.

Our current service providers include:

PurposePartnerNotes
Authentication & SecurityGoogle Sign-In, Better Auth, Cloudflare TurnstileBasic profile info (Google); session & token handling securely stored; Turnstile uses anonymous tokens.
Hosting & InfrastructureVercel, Cloudflare, AWS S3 SDK, Cloudflare R2Hosting, CDN, and storage on secure EU/US servers; no direct personal data stored in CDN layer.
Database & ORMProprietary PartnersSecure storage of account data, story data, and related app records; encrypted at rest.
Styling & UITailwind CSS, Radix UI, Google Fonts, shadcn/ui, Lucide React, class-variance-authority, clsx, tailwind-mergeNo personal data processed — these are frontend libraries only.
AI & Media ProcessingProprietary PartnersUsed for content generation and media rendering; only story or generated content processed — no user PII shared externally.
Background Jobs & ProcessingProprietary ParntersHandles internal job metadata (e.g., IDs, timestamps); no sensitive personal data shared.
Email & CommunicationsResend, React EmailEmail addresses used for transactional messages only; no marketing without explicit consent.
Analytics & MonitoringPostHog (via EU/US proxy)Anonymized or pseudonymized usage data for error and performance monitoring; no raw PII stored.
Payments & MonetizationKo-fi, Privacy.comPayment info processed directly by Ko-fi or Privacy.com; no credit card data stored on our servers.
Validation & Data SafetyZodSchema validation; no data stored or shared.
Development & QAVitest, Happy DOM, Husky, Biome, Ultracite, ESLintDeveloper-side testing and linting tools; no user data involved.

Other cases where we may share your data:

  • Business transfers: During mergers, acquisitions, or sale of assets.
  • Affiliates: With parent companies or subsidiaries under the same control, bound by this Policy.
  • Legal disclosures: If required by law, court order, or regulatory request.
  • Anonymized data: We may share non-identifiable aggregated data with partners for operational improvements or research.

We never sell or share your personal information with advertisers, data brokers, or unrelated third parties.

5. What Is Our Stance on Third-Party Websites?

Gloss & Bow may include links to external websites, platforms, or promotions operated by third parties. We do not control or endorse the content, policies, or practices of these sites.

If you choose to interact with a third-party site, any information you share will be governed by their privacy policy, not ours. We are not responsible for any loss, misuse, or unauthorized disclosure of your data resulting from third-party interactions.

→ Always review third-party privacy policies before providing personal information.

6. Do We Use Cookies and Other Tracking Technologies?

We use only essential cookies and similar technologies to keep our platform secure and functional. This includes session management, authentication, preference storage, and fraud prevention.

We do not use cookies for advertising, tracking outside our platform, or behavioral profiling.

You can disable cookies in your browser settings at any time. Doing so may limit functionality or access to certain features.

7. How Do We Handle Your Social Logins?

If you register or sign in using a username, email, and password, we collect this information to:

  • Create and authenticate your account.
  • Personalize your user experience.
  • Keep your login secure.

Your password is stored in a hashed and salted form — we never store plain text passwords. We don't share your login credentials with any third parties, and you can delete your account at any time from your settings.

If you register or sign in using a Google account, we receive limited profile information — typically your name, email, and profile picture — to:

  • Create and authenticate your account.
  • Personalize your user experience.
  • Keep your login secure.

We don't control how Google handles your information outside our platform. To learn more, review Google's privacy policy and settings at Google Privacy Policy.

8. How Long Do We Keep Your Information?

We keep your personal information only as long as it's needed to:

  • Provide and maintain your account,
  • Comply with legal obligations (e.g., financial or regulatory), or
  • Resolve disputes and enforce agreements.

When your account is deleted, your data is permanently erased within 24 hours, except for limited information we may retain securely if required by law.

If data is retained for legal reasons, it's isolated from any further use until it can be deleted.

9. How Do We Keep Your Information Safe?

We use a combination of technical, organizational, and procedural security measures to protect your personal information. These include:

  • Encryption of data in transit and at rest.
  • Secure server hosting with trusted providers.
  • Access restrictions to authorized personnel only.
  • Regular security monitoring and vulnerability assessments.

While no online service can guarantee absolute security, we continuously work to minimize risks and protect your information. You can help by keeping your account credentials private and using trusted devices to access our platform.

10. Do We Collect Information from Minors?

No. Gloss & Bow is intended for adults aged 18 and older only. We do not knowingly collect or store personal information from anyone under 18.

If we learn that data from a minor has been collected, we will:

  • Immediately deactivate the associated account, and
  • Permanently delete any related personal information.

If you believe we may have collected data from someone under 18, please contact us at hi@glossandbow.com so we can act quickly.

11. What Are Your Privacy Rights?

Depending on where you live, you may have legal rights over your personal data. These may include the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or outdated data.
  • Delete your data when it's no longer needed.
  • Restrict or limit how your data is processed.
  • Port your data to another service (where applicable).
  • Object to certain types of processing (such as marketing).
  • Withdraw consent at any time for consent-based processing.

You can exercise these rights by emailing hi@glossandbow.com or using your account settings. We will respond promptly and in line with applicable laws.

If you are in the EEA or UK, you may also contact your local data protection authority or the ICO (UK). Users in Switzerland may contact the Federal Data Protection and Information Commissioner.

Withdrawing Consent

If we process your information based on consent (explicit or implied), you may withdraw it at any time. This will not affect processing that occurred before withdrawal.

Marketing Preferences

You can opt out of promotional emails at any time by clicking "unsubscribe" or contacting us directly. You'll still receive essential service updates.

12. Do-Not-Track Controls

Most browsers and operating systems offer a "Do-Not-Track" (DNT) feature that lets you signal websites not to track your activity.

Currently, there is no universal standard for recognizing DNT signals. As a result:

  • Gloss & Bow does not respond to DNT signals.
  • We do not track your activity outside our platform or engage in targeted advertising.

If a standardized DNT protocol is adopted, we will update this policy accordingly.

13. U.S. State-Specific Privacy Rights

Residents of certain U.S. states — including California, Virginia, Colorado, Connecticut, and Utah — may have additional rights under state law. These include:

  • Right to Know & Access: Request details about the personal information we collect and how we use it.
  • Right to Correction: Request correction of inaccurate information.
  • Right to Deletion: Ask us to delete your data, subject to legal exceptions.
  • Right to Opt-Out: Refuse the sale or sharing of personal information (Gloss & Bow does not sell or share your data).
  • Right to Data Portability: Request a copy of your data in a usable format.
  • Right to Non-Discrimination: We will never penalize you for exercising these rights.

To exercise any of these rights, contact hi@glossandbow.com. We will respond within legally required timeframes.

14. International Privacy Rights

If you live outside the United States — for example in the EEA, UK, Switzerland, Canada, or Australia — you may have additional rights under your local privacy laws. These may include the right to:

  • Access and obtain a copy of the personal information we hold.
  • Correct inaccurate or incomplete information.
  • Erase ("Right to be Forgotten") your information in certain situations.
  • Restrict Processing of your information.
  • Object to processing based on legitimate interests or direct marketing.
  • Data Portability — receive your data in a structured, machine-readable format.
  • Avoid Automated Decisions that significantly affect you (we do not use automated profiling).

To exercise any of these rights, email hi@glossandbow.com. We'll respond promptly and in accordance with the laws of your region.

15. Do We Make Updates to This Policy?

Yes. We may update this Privacy Policy from time to time to reflect changes in our services, operations, or legal requirements.

Each update will include a "Last Updated" date. If changes are significant, we'll notify you by posting a clear notice on our site or emailing you directly.

We encourage you to review this Policy periodically to stay informed about how we protect your information.

16. How to Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, contact us at:

hi@glossandbow.com

or by mail (if required by law):
Gloss & Bow, LLC
Send us an email for our physical address

17. How to Review, Update, or Delete Your Data

You can review, update, or delete your personal information at any time by:

  • Logging into your account and adjusting your Manage Account settings; or
  • Emailing us at hi@glossandbow.com with your request.

Once verified, we'll process your request within legal time limits. If you request deletion, your account and associated data are permanently erased within 24 hours, except where retention is legally required (e.g., fraud prevention, accounting).