Privacy Policy

"Platform" – GlamApp mobile application, website/landing page, backend, and related services.

"Personal Data" – Any information that identifies a person directly or indirectly.

"Processing" – Collection, systematization, storage, alteration, use, transfer, deletion, etc., of data.

"Controller" – The entity that determines the purposes and means of processing personal data (primarily GlamApp).

"Processor" – A third party that processes data on behalf of the controller (e.g., hosting, SMS, payment providers).

"Partner" – A salon/stylist or other business entity providing services on the Platform.

The Platform is operated by "GlamApp" LLC (hereinafter "GlamApp," "we," "us").

Contact: admin@glamapp.az | +994 (50) 274 80 28 | Baku, Azerbaijan. You may use the same channels for inquiries regarding privacy and data protection.

3.1. Information Provided by the User

Personal details: Full name, phone number, email address (if added), profile picture (optional).

Booking information: Selected salon/stylist, service, date/time, notes (if provided by the user).

Reviews and content: Ratings, review text, complaints/feedback content.

Support inquiries: Content of correspondence, attached files, contact details.

3.2. Automatically Collected Technical and Usage Data

Device and App information: Device model, operating system, app version, language/region settings.

Network and identifiers: IP address, cookie/SDK identifiers, crash logs, performance metrics.

Usage behavior: Views, clicks, session duration, steps in the booking flow, in-app events (analytics).

3.3. Location Data

GPS/precise location is collected only with your explicit consent and is primarily used for features like "showing nearby salons" and "address/navigation." You can revoke this permission at any time via your device settings.

3.4. Payment Information

Sensitive payment data, such as card numbers and CVV, is generally not stored by GlamApp; payments are processed within the infrastructure of banks/payment providers. We only store transaction meta-data such as payment status, amount, currency, transaction identifier, and date/time.

Service provision: Registration, identification, booking and management, notifications.

Security: Fraud detection, account protection, log retention, auditing.

Support: Answering queries, investigating disputes, improving quality.

Analytics and product development: App functionality, performance, optimization of user experience.

Marketing (with consent): Campaigns, personalized offers, promotional notifications.

Data processing may be based on one of the following (as applicable):

Contractual necessity: Processing necessary for the provision of Platform services.

Legal obligation: Accounting, tax/reporting, law enforcement requests required by law.

Legitimate interest: Security, fraud prevention, product improvement (subject to a balancing test).

Consent: Marketing messages, precise location (GPS), certain analytics/SDK functions, etc. (consent may be withdrawn).

Personal data is shared only when necessary and in the minimum volume required. Personal data is never sold for commercial purposes.

6.1. Sharing with Partner Salons/Stylists

For the execution of a booking, details such as name, contact information (e.g., phone), selected service, date/time, and booking notes may be shared with the partner. The partner bears independent responsibility for providing their service and must act in accordance with applicable legislation.

6.2. Service Providers (Processors)

Hosting/infrastructure and database services; SMS/email delivery providers; Push notification services; Analytics and crash reporting tools; Payment providers and banks (for execution of payment transactions).

Contracts ensuring data protection and privacy requirements are signed with these parties, and they are granted access only to the necessary extent.

6.3. Legal Inquiries

Data may be disclosed if required by law or to protect our rights (court orders, investigations, requests from law enforcement, etc.).

Data is stored only for the duration necessary for its intended purpose. Retention depends on account activity, contractual obligations, legal requirements, and the need to resolve disputes.

Account data: Stored as long as the account is active, and after deletion for as long as legally/technically necessary (e.g., for audit and security).

Booking and payment meta-data: May be stored longer due to financial and dispute-related risks.

Support correspondence: May be stored for a limited period after the request is closed.

When account deletion is requested, data without legal retention obligations is deleted or anonymized. Complete deletion from technical backups may take time (backup rotation).

We implement technical and organizational measures to ensure data security, including:

Encrypted transmission channels (HTTPS/SSL/TLS); Access restrictions, role-based access control (RBAC); Auditing and monitoring, anomaly detection; Data backups and recovery plans; Privacy obligations and internal policies for staff/employees.

However, 100% security cannot be guaranteed for data transmitted over the internet. The user is also responsible for the security of their account (OTP codes, device security, etc.).

Cookies/SDKs may be used on the landing page and application for functionality, analytics, and security. Some are necessary, while others may depend on consent. You can restrict cookie/SDK permissions via your browser or device settings, but some features may not function as a result.

Marketing SMS/email/push notifications are sent only with consent or as permitted by law.

Push notifications: Can be disabled via device settings.

Marketing messages: Can be disabled via in-app settings or the "unsubscribe" mechanism within the message.

Withdrawal of consent may not affect core service features (operational notifications such as booking and payment statuses).

Users may have the following rights under applicable law:

Access to data and receipt of a copy; Request for rectification/correction; Request for erasure ("right to be forgotten") or restriction of processing; Object to the processing of data (especially when based on legitimate interest); Withdraw consent (when processing is based on consent); Lodge a complaint (with the relevant state authority) or file a lawsuit.

Requests can be sent to admin@glamapp.az. For security reasons, identity verification may be required.

The Platform is not intended for persons under 18 years of age. If a minor is identified, their account may be deactivated, and their data deleted.

Due to technical infrastructure and service providers, data may sometimes be processed on servers located outside Azerbaijan. In such cases, we strive to implement appropriate protective measures (contractual obligations, security standards, limited access, etc.).

The Platform may contain links or services belonging to third parties. GlamApp is not responsible for the privacy practices of those resources. Partner salons/stylists may apply separate rules in the service process; we recommend reviewing their policies in such cases.

We, as GlamApp, may update this Policy. The updated version takes effect from the moment it is published on the Platform. In the event of significant changes, we may notify you via in-app notification or other methods where possible.

This Policy is interpreted in accordance with the legislation of the Republic of Azerbaijan. Disputes are primarily attempted to be resolved through negotiations; if not possible, they are settled by the competent courts of the Republic of Azerbaijan.