Last updated: 19 May 2026
Privacy Policy
Plain English — no legal theatre. Here is exactly what we collect, why we collect it, and how it is protected.
Our Commitment
The Glow Know was built with privacy as a foundation, not an afterthought. When you browse our site, we assign you a randomly generated session ID — a UUID that rotates daily. That ID is never linked to your name, email, or any personal detail unless you choose to create an account. This means our analytics give us real insight into how people use the site without us ever knowing who you are.
We only collect personally identifiable information (PII) when it is strictly necessary — at checkout to deliver your order, or at booking to confirm your appointment. That information is visible only to you and our admin team. It is never sold, never shared with advertisers, and never used beyond the transaction you initiated.
What We Collect
Anonymous Data
Collected automatically. Never linked to your identity.
- •Page views (which pages you visited)
- •Product clicks and views
- •Quiz progress and skin type result (stored against your UUID only)
- •Cart events — product IDs only, never linked to your identity
- •Search terms — character length only, not the actual query
- •Session ID — random UUID, rotates daily, never linked to your identity unless logged in
Personal Information
Only collected when you transact. Never shared for marketing.
- •Name, email, shipping address — only collected at checkout for order delivery
- •Studio booking name + contact — only used to confirm and manage your appointment
- •Skin quiz result — linked to your account if logged in; accessible only to you and admin
PII is stored in Supabase (Australia, ap-southeast-2) and protected by Row Level Security — only you and our admin can access your records.
How Your Data Is Protected
- UUID architecture: Every session starts with a randomly generated UUID in your browser. Analytics events are tied to that UUID — never to your name or email.
- PII gating: Your personal details only enter our systems when you actively provide them — at checkout or booking. Stored with row-level security in Supabase (ap-southeast-2).
- AI + human oversight: AI tools analyse only anonymised, aggregated data. AI never has access to your PII. Human review is required before any AI-derived insight influences decisions.
- Encryption: All data is served over HTTPS (TLS). Data at rest is encrypted using AES-256 in Supabase. Payment details are handled entirely by Stripe (PCI DSS Level 1).
Third-Party Services
We use the following services to deliver our website and business operations. Each receives only the minimum data required to perform its function.
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Name, card details, billing address (never stored by us) |
| Klaviyo | Email marketing | Email address (only when you sign up or complete checkout) |
| Supabase | Database | All data at rest — hosted in Australia (ap-southeast-2) |
| Google Analytics | Website analytics | Anonymised session data via GA4 |
Your Rights
Under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to:
- •Access: Request a copy of the personal information we hold about you.
- •Correction: Request correction of any inaccurate or incomplete information. You can also update most details in your account settings.
- •Deletion: Request deletion of your personal data (subject to legal retention obligations — e.g. order records for 7 years under Australian tax law).
- •Withdraw consent: Unsubscribe from marketing emails at any time using the link in every email.
- •Complain: If you believe we have mishandled your data, contact us first. If unresolved, escalate to the OAIC at oaic.gov.au.
Contact
For all privacy-related requests — access, correction, deletion, or general questions about how we handle your data — please reach out:
The Glow Know
Email: privacy@theglowknow.com.au
Or use our contact form.
We aim to respond to all privacy requests within 30 days.