Privacy Policy

1. Introduction

GlowBook ("we", "us", "our") operates the GlowBook marketplace platform at glowbook.com. We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection legislation.

This Privacy Policy explains what data we collect, why we collect it, how we use and share it, and your rights regarding your personal data. By using our platform, you acknowledge that you have read and understood this policy.

2. Data We Collect

2.1 Information You Provide

• Account data: name, email address, phone number, password (hashed), profile photo.
• Address data: saved addresses for booking locations, including city, postal code, and geographic coordinates.
• Provider data: business name, bio, service areas, qualifications, portfolio photos, pricing, and availability schedules.
• Booking data: service details, dates, times, booking notes, and special requests.
• Payment data: Stripe customer IDs and payment method tokens (we never store full card numbers).
• Communications: messages exchanged between clients and providers through our platform.
• Reviews: ratings, written reviews, and review responses.

2.2 Information Collected Automatically

• Device and browser data: IP address, browser type, operating system, device identifiers.
• Usage data: pages visited, search queries, click patterns, session duration, referral sources.
• Location data: approximate location derived from IP address or browser geolocation (with your consent).
• Cookies and tracking technologies: see our Cookie Policy for full details.

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

• Providing the service (contractual necessity): creating accounts, processing bookings, facilitating payments, enabling messaging between clients and providers.
• Safety and trust (legitimate interest): verifying provider identities, fraud detection, dispute resolution, enforcing our Terms of Service.
• Improving the platform (legitimate interest): analytics, A/B testing, debugging, service improvement.
• Marketing communications (consent): promotional emails, personalised recommendations, and special offers. You can opt out at any time.
• Legal compliance (legal obligation): tax reporting, responding to legal requests, retaining records as required by law.

4. Third-Party Services

We share data with the following third-party service providers, each of whom processes data under their own privacy policies:

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: retained while your account is active and for 30 days after deletion request (grace period).
• Booking records: retained for 7 years for tax and legal compliance.
• Payment data: retained for 7 years in compliance with financial regulations.
• Messages: retained for 2 years after the last booking between parties, then anonymised.
• Reviews: retained indefinitely (may be anonymised upon account deletion).
• Cookie consent records: retained for 13 months as required by ePrivacy regulations.

6. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: request a copy of all personal data we hold about you. You can download your data from Account Settings.
• Right to rectification: correct inaccurate or incomplete data via your account profile.
• Right to erasure: request deletion of your account and personal data. Submit a deletion request from your Account Settings page.
• Right to restrict processing: request that we limit how we use your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format (JSON).
• Right to object: object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent: withdraw consent for marketing communications or cookies at any time without affecting prior processing.

To exercise any of these rights, visit your Account Settings or contact us at the address below. We will respond within 30 days.

7. Cookies

We use cookies and similar technologies to operate our platform, analyse usage, and deliver personalised experiences. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

8. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's compliance with an adequacy decision.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Password hashing using bcrypt
• Role-based access controls
• Regular security audits and vulnerability assessments
• Secure payment processing via PCI DSS-compliant Stripe

10. Children's Privacy

GlowBook is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our platform or sending you an email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

You also have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.