GlowMD
← Back

Cookie Policy

Last updated: April 22, 2026

1. What are cookies?

Cookies are small text files that a website places on your device when you visit. They help the site remember you, your preferences, and your session. Similar technologies include local storage, session storage, and pixel tags.

2. Does GlowMD use cookies?

Yes, but minimally. We use the smallest set of cookies and similar technologies necessary to keep GlowMD secure and functional. We do not use advertising or tracking cookies. We do not sell cookie data. We do not share cookie data with ad networks.

3. Types of cookies we use

3.1 Strict necessary — always on

These cookies and storage items are required for the Service to work. They cannot be turned off without breaking features like sign-in and session management.

NameSet byPurposeDuration
sb-access-tokenSupabase (GlowMD)Authenticated session token~1 hour (rotated)
sb-refresh-tokenSupabase (GlowMD)Issues new access tokens without re-login30 days
__sessionNext.js (GlowMD)Session continuity across page loadsSession
localStorage: glowmd_quiz_answers, glowmd_photos, etc.GlowMDLocal persistence of quiz/photo data during flowUntil cleared by user

3.2 Functional — opt-in where relevant

NameSet byPurposeDuration
localStorage: glowmd_preferencesGlowMDStores UI preferences (language, theme, AM/PM toggle default)1 year
localStorage: glowmd_cookie_choiceGlowMDRecords your cookie consent choice1 year
localStorage: glowmd_legal_langGlowMDLanguage selection for legal pages1 year

3.3 Payment — only when you subscribe

NameSet byPurposeDuration
__stripe_midStripeFraud prevention on checkout1 year
__stripe_sidStripeSession identifier during checkout30 minutes

These cookies are set on Stripe pages only and are governed by Stripe's own privacy notice (stripe.com/privacy).

3.4 Analytics — informational

We do not currently operate third-party analytics. If we add privacy-first analytics in the future (e.g., Plausible, PostHog self-hosted), we will update this policy, notify users, and add them as "analytics — opt-in". No analytics cookies are active today.

4. Third-party cookies

A small number of cookies are set by third-party processors we use:

  • Stripe — payment and fraud prevention (see above; only on Stripe-served pages).
  • Supabase — authentication tokens only.
  • Google — only if you sign in with Google OAuth; Google may set its own cookies during that flow. See policies.google.com/privacy.

5. Your choices

Cookie banner

On your first visit, we show a cookie consent banner with three options:

  • Accept all — all optional cookies enabled.
  • Reject non-essential — only strict-necessary cookies enabled.
  • Customize — choose category-by-category.

Your choice is stored in localStorage: glowmd_cookie_choice and can be changed anytime from the footer ("Cookie preferences") or by clearing browser storage.

Browser settings

Most browsers let you view, block, or delete cookies:

Do Not Track and Global Privacy Control

We honor the Global Privacy Control signal (GPC) and the Do Not Track (DNT) browser setting. When we detect either, we treat your visit as if you had selected "Reject non-essential".

Blocking strictly necessary cookies may prevent parts of the Service from working (e.g., staying signed in).

6. Similar technologies

We also use browser storage APIs in a limited way:

  • localStorage — for persistent user preferences and quiz state during the flow.
  • sessionStorage — for ephemeral UI state within a session (uploaded photo IDs etc.).
  • IndexedDB — not used today; if added in the future, we will update this policy.

7. Changes to this policy

We may update this Cookie Policy when we change cookie use or add new processors. Material changes will be notified via the Service or by email at least 30 days before they take effect.

8. Contact

Questions about cookies or this policy: privacy@glowmd.com

Aesthetic Studio Creator S.R.L. B-dul Decebal, Nr. 12, Camera 1, Bl. S7, Sc. 1, Et. 5, Ap. 15, Sector 3, București, România CUI: RO45931173 · J: J40/6657/2022