← Back to Gloss

PRIVACY POLICY

Effective Date: May 19, 2025 · Last Updated: May 19, 2025

1. Who We Are

Gloss Technologies, LLC ("Gloss," "we," "us," or "our") operates the Gloss platform — a SaaS CRM and operations platform for auto detailing businesses — accessible at this website and its subdomains.

Contact: privacy@gloss.app

2. Information We Collect

2.1 Information You Provide

  • Account registration: name, email address, business name, password
  • Business information: phone number, address, logo, service pricing
  • Customer records: your customers' names, phone numbers, emails, vehicle information, job history (entered by you or submitted via booking forms)
  • Payment information: billing details processed by Stripe (we do not store raw card numbers)
  • Communications: SMS messages sent through the platform, support tickets
  • Photos: vehicle condition photos, before/after images uploaded to jobs

2.2 Information Collected Automatically

  • IP address, browser type, device identifiers
  • Pages visited, features used, session duration
  • Cookies and similar tracking technologies (see Section 7)

2.3 Information from Third Parties

  • Meta (Facebook/Instagram): Lead form submissions from your advertising campaigns
  • Stripe: Payment status and transaction confirmations
  • Google: Business profile data when integrated

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and improve the Gloss platform
  • Process payments and send invoices
  • Send SMS notifications on your behalf (requires Twilio integration)
  • Generate AI-powered features (quotes, photo analysis, captions)
  • Send transactional emails (invoices, confirmations, receipts)
  • Provide customer support
  • Comply with legal obligations
  • Detect and prevent fraud or abuse

We do not sell your data or your customers' data to third parties. We do not use your customer data for advertising purposes.

4. Data You Enter About Your Customers (B2B Data Processing)

When you use Gloss to manage your detailing business, you enter personal data about your customers (names, phones, vehicles, etc.). In this context:

  • You are the data controller — you decide what data to collect and why.
  • We are the data processor — we process that data only to provide the services you've contracted for.

You are responsible for having a lawful basis to collect and process your customers' data and for providing them with appropriate notice (e.g., a privacy notice on your own website or booking form).

We offer a Data Processing Agreement (DPA) upon request for businesses subject to GDPR. Email privacy@gloss.app to request one.

5. How We Share Your Information

We share data only with the following categories of service providers, and only as needed to provide our services:

  • Supabase (database infrastructure) — stores your account and business data
  • Stripe (payment processing) — handles subscription billing and customer payment links
  • Twilio (SMS delivery) — sends text messages on your behalf
  • Resend (email delivery) — sends invoices and notifications
  • OpenAI (AI features) — processes text/image inputs for quote generation and photo analysis
  • Inngest (background jobs) — schedules automated tasks like follow-up SMS
  • Vercel (hosting) — serves the application

We require all service providers to protect your data with appropriate security measures and prohibit them from using your data for their own purposes.

We may also disclose data: (a) if required by law or valid legal process; (b) to protect the rights, property, or safety of Gloss, our users, or the public; (c) in connection with a merger, acquisition, or sale of assets (with notice to you).

6. Data Retention

We retain your data for as long as your account is active. When you cancel your subscription:

  • Your data remains accessible for 30 days
  • After 30 days, your data is scheduled for deletion within 90 days
  • Some data may be retained longer if required by law (e.g., financial records)

You may request immediate deletion by contacting privacy@gloss.app.

7. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and security (cannot be disabled)
  • Analytics cookies: Help us understand how the platform is used (can be disabled)

We do not use advertising or tracking cookies. No third-party ad networks have access to your browsing activity on our platform.

8. Security

We implement the following security measures:

  • All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security enforced at the database layer — each business can only access its own data
  • JWT-based authentication with secure session management
  • Regular security reviews and dependency updates
  • Payment card data is never stored on our servers (handled by Stripe)

No system is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

9. Your Rights

Depending on where you are located, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain types of processing
  • Opt-out of SMS: Reply STOP to any SMS we send on your behalf

To exercise any of these rights, contact privacy@gloss.app. We will respond within 30 days.

10. SMS / Text Message Consent

When your customers submit a booking request or sign up through your customer portal, they may receive SMS messages including:

  • Appointment confirmations and reminders
  • Job status updates
  • Review requests after service completion
  • Follow-up messages from your business

Message and data rates may apply. Recipients may opt out at any time by replying STOP. As the business owner, you are responsible for obtaining proper SMS consent from your customers before sending them text messages through Gloss.

11. Children's Privacy

The Gloss platform is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the platform at least 14 days before the changes take effect. Your continued use of Gloss after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or concerns:

Gloss Technologies, LLC
Email: privacy@gloss.app

Terms of ServiceData Processing Agreement← Back to Home