Privacy Policy

Effective Date: April 5, 2026
Last Updated: April 5, 2026

This Privacy Policy describes how Gleame Inc. ("Gleame," "we," "us," or "our") collects, uses, shares, and protects information in connection with the Gleame Shopify application, the widget-embed.js storefront widget, the Gleame website, and any related services (collectively, the "Service").

Gleame provides AI-powered virtual try-on technology that allows shoppers on Shopify merchant storefronts to upload a photograph of themselves and preview how beauty and skincare products may appear on their face.

This Policy applies to two distinct categories of individuals:

Merchants — Shopify store owners and their authorized staff who install and use the Gleame app.
End Users / Shoppers — individuals who interact with the Gleame virtual try-on widget on a merchant's storefront.

If you are a shopper and have questions about how a specific store uses your data, please also review that merchant's own privacy policy. Each merchant is an independent data controller for the personal data of its own customers; Gleame acts as a data processor on the merchant's behalf when operating the widget.

1. Information We Collect

1.1 Information from Merchants

When a merchant installs or uses the Gleame app, we collect:

Shopify account data provided via Shopify OAuth: shop domain, shop ID, store name, contact email, country, plan, currency, timezone, and the access scopes granted to the app.
Product and catalog data: product titles, descriptions, variants, images, metafields, tags, and related catalog information retrieved through the Shopify Admin API in order to configure virtual try-on.
Order and analytics data: order events, cart tokens, checkout and conversion data (via orders/create and related webhooks) used to attribute purchases to try-on sessions and to compute pricing tiers based on Shopify monthly sessions.
Merchant configuration: product-to-parameter mappings, AI prompt configurations, widget style choices, reference images uploaded by the merchant, and similar settings.
Billing data: subscription status, plan tier, and transaction metadata managed through Hey Mantle. We do not store full payment card numbers; billing is handled by Shopify and Mantle.
Support and communications: information you provide when you contact us (name, email, message contents).

1.2 Information from End Users (Shoppers)

When a shopper interacts with the Gleame widget on a merchant's storefront, we may process:

Facial images / selfies that the shopper voluntarily uploads or captures for the purpose of generating a virtual try-on preview. These images depict the shopper's face and, under certain laws (including Illinois BIPA and similar statutes), may be considered biometric information or sensitive personal data. See Section 5.
Transformed output images generated by the AI models.
Limited usage data: event type (widget viewed, transformation requested, product added to cart), the product and widget style involved, the shop domain, and a timestamp. We transiently use the shopper's IP address to enforce rate limits on the transform endpoint, but we do not store IP addresses, user-agent strings, device fingerprints, or approximate location derived from IP.
Cart and conversion linkage: the Shopify cart token associated with a try-on session so that a subsequent purchase can be attributed to the session via the orders/create webhook.
Cookies and browser storage: the Gleame standalone try-on widget does not set cookies or write to localStorage or sessionStorage. If a merchant enables the Gleame AI Chat Assistant, it writes a small conversation-state record to the shopper's browser sessionStorage that is automatically cleared by the browser when the tab or window closes; see Section 15.2. In neither case do we set advertising cookies, tracking pixels, or cross-site identifiers.

1.3 Information We Do Not Knowingly Collect

We do not knowingly collect personal data from children under the age of 13 (or the applicable minimum age in your jurisdiction). The Service is not directed at children. See Section 10.
We do not request government identifiers, financial account numbers, health records, or precise geolocation from shoppers.

2. How We Use Information

We use the information described above for the following purposes:

Providing the Service: authenticating merchants through Shopify, rendering the try-on widget, processing images through AI models, generating output previews, and returning results to the shopper's browser.
AI image transformation: temporarily sending uploaded images and prompt instructions to our AI sub-processors (see Section 4) to produce virtual try-on results.
Analytics and attribution: measuring widget usage, conversion rates, and try-on performance, and reporting these metrics to the merchant.
Billing and tier assignment: determining the merchant's pricing tier based on Shopify monthly sessions and managing subscription status via Hey Mantle.
Security, abuse prevention, and rate limiting: detecting fraudulent, abusive, or unlawful activity, including protection of the /api/storefront/transform-image endpoint.
Product improvement: diagnosing errors, debugging, and improving quality of the Service. Gleame does not use shopper facial images to train or fine-tune any AI models operated by Gleame, and does not retain source images beyond the transient processing described in Section 5.2. Shopper images are transmitted to Gemini or OpenAI only for the duration of the transform request; how those providers handle inputs on their side is governed by their own data-use policies applicable to the API tier used.
Customer support and communications: responding to inquiries, sending service-related messages, and notifying merchants of important changes.
Legal compliance: complying with applicable law, lawful requests from authorities, and enforcement of our Terms of Service.

Legal Bases (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

Contract — to deliver the Service requested by a merchant or shopper.
Legitimate interests — to operate, secure, and improve the Service, provided those interests are not overridden by your rights.
Consent — for the processing of facial images/biometric data by shoppers (obtained at the point of upload) and for any optional features that require consent.
Legal obligation — to comply with applicable laws.

A shopper may withdraw consent at any time by declining to upload an image or by contacting us or the merchant as described in Section 8. Withdrawal does not affect the lawfulness of processing before withdrawal.

3. How We Share Information

We share information only as described below. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

With merchants: shopper-level analytics (in aggregated and, where relevant to conversion attribution, individual session form) are made available to the merchant whose storefront the shopper used.
With Shopify: as required to operate as a Shopify app, including webhooks and Admin API calls.
With sub-processors (see Section 4).
With professional advisors: lawyers, auditors, and accountants under obligations of confidentiality.
In a corporate transaction: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to standard confidentiality protections.
To comply with law or protect rights: to respond to lawful requests, enforce our Terms, or protect the rights, property, or safety of Gleame, our users, or others.

4. Sub-Processors

We use the following categories of sub-processors to deliver the Service. Each is bound by written terms requiring appropriate security and confidentiality:

Sub-processor	Purpose	Data processed
Shopify Inc.	App platform, OAuth, Admin API, webhooks	Merchant and store data
Google LLC (Gemini API)	Primary AI image transformation	Shopper facial images and prompt text, transiently during the API call
OpenAI, L.L.C.	Secondary / fallback AI image transformation	Shopper facial images and prompt text, transiently during the API call
Supabase, Inc.	Primary application database (PostgreSQL) and storage	Merchant accounts, product/variant configuration, analytics events, reference images
Render, Inc.	Application hosting and compute	All data in transit through the Service
Hey Mantle	Subscription billing and usage-based metering	Merchant billing metadata (no card data)
Resend	Transactional email delivery	Merchant contact email addresses
Intercom, Inc.	In-app merchant support chat	Merchant identifiers and support conversation contents

We will update this list as sub-processors change. Shopper facial images are sent to Gemini or OpenAI only for the transient purpose of generating a requested try-on preview.

5. Biometric / Facial Data — Special Notices

Gleame's core functionality requires processing images of human faces. Depending on jurisdiction, these images and any features derived from them may be considered biometric identifiers, biometric information, or sensitive personal data.

5.1 Purpose and Consent

Facial images are processed solely for the purpose of generating a virtual try-on preview requested by the shopper. Before uploading, shoppers are shown a notice and must affirmatively proceed, which constitutes their consent to processing for this purpose.

5.2 Retention and Deletion

Uploaded source images (shopper selfies) are not stored on Gleame servers. When a shopper uploads a photo, the image is held in server memory only for the duration of the transform request: it is resized, transmitted over TLS to the AI sub-processor, and discarded when the HTTP response is returned. Gleame does not write the source image to any database, disk, object store, log, or backup.
Transformed output images are not stored on Gleame servers either. The AI-generated preview is returned directly to the shopper's browser in the API response and rendered client-side. Gleame does not persist generated previews.
No biometric templates or faceprints. We do not construct, store, or query persistent biometric templates, faceprints, embeddings, or face-recognition identifiers from shopper images. The Service does not perform identification, verification, matching, or re-identification of individuals.
Merchant-uploaded reference images (product photographs or style references uploaded by the merchant from the admin app) are stored in Supabase for the duration of the merchant's installation and are deleted when the merchant removes them or uninstalls the app.

5.3 No Sale, No Profiling, No Secondary Use

We do not sell, lease, trade, or otherwise profit from biometric information. We do not use shopper facial images for advertising, for building identification databases, or for training AI models.

5.4 Illinois BIPA and Similar State Laws

For shoppers in Illinois, Texas, Washington, and other jurisdictions with biometric privacy statutes, you are hereby notified that:

The Service collects facial images that may constitute biometric information.
The specific purpose of collection is virtual try-on preview generation.
The length of time for which the information will be stored and used is described in Section 5.2 and Section 7.
Your affirmative action to upload an image constitutes your written consent to collection, storage, and use for the stated purpose.
We will not disclose biometric information except as described in Sections 3 and 4, or as required by law.

If you do not consent, do not upload an image.

6. International Data Transfers

Gleame is operated from the United States and uses sub-processors located in the United States and other jurisdictions. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in countries whose data protection laws differ from those of your own jurisdiction.

Where required, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, and equivalent mechanisms. A copy of the relevant safeguards is available on request.

7. Data Retention

We retain information only as long as necessary for the purposes described in this Policy:

Shopper source images (selfies): not retained. Processed in memory only during the transform request, as described in Section 5.2.
AI-generated preview images: not retained server-side. Returned directly to the shopper's browser.
Analytics events and conversion records (event type, product, shop domain, cart token, timestamp): retained for the duration of the merchant's installation to power the analytics dashboard and to support accurate conversion attribution over time. These records are deleted when the merchant uninstalls the app or upon a valid shop/redact request.
Merchant account and configuration data (shop record, products, variants, reference images, AI prompt configurations): retained for the duration of the merchant's installation and deleted when the merchant uninstalls the app or upon a valid shop/redact request.
Billing records (subscription status, usage metering metadata): retained by Gleame and by Hey Mantle as required by applicable financial recordkeeping laws.
Support communications (Intercom, email): retained for as long as reasonably necessary to provide ongoing support and to maintain a history of reported issues.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access — request a copy of personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure ("right to be forgotten") — request deletion of your data.
Restriction — restrict processing in certain circumstances.
Portability — receive your data in a portable, machine-readable format.
Objection — object to processing based on legitimate interests.
Withdrawal of consent — withdraw consent at any time without affecting prior lawful processing.
Non-discrimination — exercise your rights without retaliation (CCPA/CPRA).
Opt out of sale or sharing — not applicable, because we do not sell or share personal data for cross-context behavioral advertising.
Lodge a complaint — with your local supervisory authority.

How to Exercise Your Rights

Shoppers: contact the merchant whose storefront you used; they are the data controller. You may also contact us at aaron@gleame.ai and we will route your request appropriately.
Merchants: email aaron@gleame.ai from the address associated with your Shopify store.

We will respond within the timeframes required by applicable law (generally 30 days under the GDPR, 45 days under the CCPA, extendable where permitted). We may need to verify your identity before fulfilling a request.

9. Security

We implement commercially reasonable technical and organizational measures to protect personal data, including:

TLS 1.2+ encryption in transit for all API traffic.
Encryption at rest for databases and object storage, via our hosting providers.
Least-privilege access controls, audit logging, and secret management.
Shop-domain verification on the storefront API to prevent cross-shop data access.
Rate limiting on public endpoints to mitigate abuse.
Regular dependency patching and vulnerability review.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify affected individuals and authorities of any personal data breach as required by applicable law.

10. Children

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. For shoppers in the EEA / UK, the minimum age is 16 unless a lower age is provided by applicable local law. If you believe a child has provided us with personal information, please contact us and we will delete it.

Merchants are responsible for ensuring that their own use of the Service complies with laws applicable to minors in the jurisdictions in which they operate.

11. Cookies and Tracking Technologies

The Gleame standalone try-on widget (banner, button, and embedded variants) does not set cookies, pixels, or cross-site trackers, and does not write to localStorage or sessionStorage. The AI Chat Assistant, when enabled by a merchant, writes a small conversation-state record to the shopper's browser sessionStorage that is automatically cleared by the browser when the tab or window closes; the contents, scope, and controls for this record are described in Section 15.2. In neither case do we set advertising cookies, tracking pixels, or cross-site identifiers. Conversion attribution continues to be performed by reading the Shopify cart token already present on the storefront page at the moment of the try-on request and matching it server-side against the subsequent orders/create webhook — no client-side tracking identifier is stored on the shopper's device.

The Gleame merchant admin app (accessible only to authenticated merchants inside the Shopify admin) uses cookies and session storage to the extent required by Shopify App Bridge, Shopify OAuth, and our support-chat provider (Intercom). These are not present on shopper-facing storefronts.

Merchants remain responsible for any additional cookies set by their own storefront theme and for displaying any cookie banners required by law (e.g., the EU ePrivacy Directive).

12. California Privacy Rights (CCPA / CPRA)

California residents have the rights described in Section 8. In the preceding 12 months we have collected the categories of personal information described in Section 1 for the business purposes described in Section 2. We have not sold and have not shared personal information for cross-context behavioral advertising. We do not knowingly collect or sell the personal information of minors under 16.

To exercise your rights, contact aaron@gleame.ai. An authorized agent may submit a request on your behalf with proof of authorization.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top and, for material changes, provide additional notice (for example, via email to merchants or a prominent notice in the app). Your continued use of the Service after the updated Policy takes effect constitutes acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact:

Gleame Inc.
Attn: Privacy
2722 S. Figueroa St.
Los Angeles, CA 90007
USA
Email: aaron@gleame.ai

15. AI Chat Assistant

Some merchants enable the Gleame AI Chat Assistant ("Chat Assistant"), a conversational interface that appears as a floating pill on the storefront and helps shoppers discover products through a short guided flow: a style preference, an optional photo upload, and up to five personalized virtual try-on previews rendered as product cards with links to the merchant's product pages.

The Chat Assistant uses the same AI pipeline as the virtual try-on widget described elsewhere in this Policy. This Section describes the additional and differing data handling that applies specifically to Chat Assistant sessions.

15.1 What we process during a chat session

When a shopper interacts with the Chat Assistant, we process:

Style preference selection — the label of the option the shopper taps in response to a merchant-configured preference question (e.g., "Natural", "Bold"). This is sent to Gleame as a short text string alongside the transform request.
Facial images voluntarily uploaded or captured — handled identically to the try-on widget. See Section 5 (Biometric / Facial Data) for full treatment, including the in-memory-only processing model, BIPA notice, and confirmation that no biometric templates, faceprints, or embeddings are constructed or retained.
AI-generated preview images for each recommended product or variant, returned in the HTTP response.
Limited analytics events — chat_open, chat_recommend_start, chat_photo_upload, and chat_recommendation_shown, each tagged with the shop domain and a timestamp. These contain no shopper identifier and no image data.
Transient network metadata — the shopper's IP address is used solely to enforce rate limits on the /api/storefront/chat-recommend endpoint and is not written to any persistent store.

The shopper's free-text name, email, phone number, payment information, or location are not requested, collected, or inferred by the Chat Assistant.

15.2 Client-side conversation storage (sessionStorage)

Unlike the standalone try-on widget, the Chat Assistant does write a small amount of data to the shopper's browser sessionStorage under the key gleame-chat-state-v1. This is necessary so that a shopper who navigates between pages on the storefront does not lose their place in the conversation.

The sessionStorage record contains:

the sequence of messages exchanged during the current session (text labels for buttons tapped, bot prompts, the user's chosen preference, and — when storage capacity allows — the base64-encoded AI preview images returned by the server);
UI state flags (whether the panel is open, whether the greeting has been dismissed, whether the panel is in expanded mode); and
a flag indicating whether a recommendation request was in flight at the time of navigation.

Characteristics of this storage:

sessionStorage, not localStorage or cookies. The record is automatically and permanently deleted by the browser when the shopper closes the tab or browser window; it does not persist across sessions.
Scoped to the merchant's own origin. The record is readable only by scripts served from that specific storefront; neither Gleame nor any third party can read it from another site.
No cross-site tracking identifier. The record contains no Gleame-generated user ID, device fingerprint, advertising ID, or value designed to be correlated across shops.
Original shopper uploads are never written to sessionStorage. Only a placeholder marker is retained; the raw uploaded file never leaves the transform request's lifetime (see Section 5.2).
Manual clearing. Shoppers may clear the record at any time by closing the browser tab, by using the browser's Clear site data controls, or — where exposed by the merchant's theme — by invoking window.gleameChat.clearState() from the browser console.

15.3 Server-side conversation handling

Gleame does not retain a server-side log of chat transcripts, preference selections, uploaded photos, or generated previews. Each recommendation request is stateless: the server receives the image and preference, performs the rate-limit check, invokes the AI sub-processor(s) per Section 4, returns the result, and discards all inputs from memory. No conversation history, preference history, or image history is associated with an individual shopper across sessions.

The only persistent artifact of a chat session on Gleame's infrastructure is the same category of aggregated analytics event described in Section 1.2 (event type, shop domain, product, timestamp), used to power merchant-facing analytics and conversion attribution.

15.4 Shop-this links and conversion attribution

Each recommendation card contains a Shop This link that navigates the shopper to the merchant's product page on the storefront (/products/{handle}?variant={id}). The link is a standard navigation: Gleame does not inject tracking parameters, cookies, or pixels. Conversion attribution, where applicable, uses the same cart-token mechanism described in Section 1.2 and Section 11.

15.5 Merchant configuration of the Chat Assistant

Merchants choose whether to enable the Chat Assistant, configure its displayed name, bubble label, colors, greeting message, preference question, preference options, and the set of products eligible for recommendation. These configuration values are stored as part of the merchant's installation record (see Section 7). They contain no shopper personal data.

15.6 User control

Shoppers interacting with the Chat Assistant have the following controls:

Opt out by not engaging. The assistant does not collect personal data from shoppers who do not open it or who open it but do not upload a photo. The style preference alone is a non-identifying signal.
Decline the photo step. A shopper may open the assistant, receive the greeting, and leave at any time. No biometric processing occurs unless the shopper affirmatively uploads or captures a photo.
Withdraw consent for biometric processing. See Section 5 and Section 8.
Clear conversation state. As described in Section 15.2.

15.7 Children

The Chat Assistant inherits the age restrictions in Section 10. Merchants who operate stores directed at shoppers under the applicable minimum age should disable the Chat Assistant or obtain verifiable parental consent before enabling it.