Legal
Privacy Policy
Last updated 12 July 2026
This Policy explains how Glowlist collects, uses and protects your personal data when you use our marketplace as a client or as a freelance artist, and the rights you have under UK data-protection law.
1. Who we are
Glowlist (“Glowlist”, “we”, “us” or “our”) operates the marketplace at glowlist.app that connects clients with freelance beauty artists. For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, Glowlist is the “controller” of the personal data described in this Policy. This Policy explains how we collect, use, share and protect your personal data, and your rights in relation to it. It applies to both clients and artists.
2. The information we collect
We collect and process the following categories of personal data:
- Account data — name, email address, password (stored securely by our authentication provider), and role (client or artist).
- Artist profile data — the information artists choose to publish, such as display name, location/area, services, pricing, portfolio images, specialties and social links.
- Booking data — the artist or client involved, service, date, time, location or address, notes, and messages exchanged in connection with a booking.
- Payment data — payments and payouts are processed by Stripe. We receive limited information such as payment status, amounts and identifiers. We do not store full card numbers; card details are handled directly by Stripe.
- Communications — messages you send through the Platform and correspondence with our support team.
- Technical and usage data — IP address, device and browser information, and how you interact with the Platform, collected to keep it secure and working.
- Health-related information — where a client voluntarily provides details such as allergies or skin sensitivities to an artist for the purposes of a booking. This may be special-category data and is processed only to facilitate the booking.
3. How we use your information and our lawful bases
We use your personal data for the following purposes, relying on the lawful bases shown:
- To create and manage your account and to provide the Platform — performance of a contract.
- To facilitate bookings between clients and artists, including sharing the necessary details between them — performance of a contract.
- To process deposits, balance payments, commission and payouts through Stripe — performance of a contract and compliance with legal obligations.
- To send transactional emails (booking confirmations, completion prompts, payout and payment notices) — performance of a contract and legitimate interests.
- To provide support, prevent fraud, enforce our Terms, and keep the Platform secure — legitimate interests.
- To comply with legal, tax and accounting obligations — legal obligation.
- Where we rely on consent (for example, certain optional communications), you may withdraw it at any time.
Where we process special-category data (such as health information you provide for a booking), we do so on the basis that it is necessary for the booking and, where required, with your explicit consent.
4. How we share your information
- Between clients and artists — to make and fulfil a booking, we share the details each party reasonably needs (for example, the client’s name and location with the booked artist).
- Stripe — our payment processor, for processing payments, saving cards for balance collection, and paying out to artists (Stripe Connect).
- Infrastructure and service providers — hosting, database and email providers that process data on our behalf under written agreements.
- Professional advisers and authorities — where necessary to comply with the law, respond to lawful requests, or establish, exercise or defend legal claims.
- Business transfers — if Glowlist is involved in a merger, acquisition or sale of assets, in which case we will take steps to protect your data.
5. International transfers
Some of our service providers may process personal data outside the UK. Where they do, we ensure an appropriate safeguard is in place — such as a UK adequacy decision or the International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses — so that your data receives an equivalent level of protection.
6. How long we keep your information
We keep personal data for as long as necessary to provide the Platform and to comply with our legal obligations (for example, tax and accounting records are typically retained for at least six years). When data is no longer needed, we delete or anonymise it. You may ask us to delete your account, and we will do so subject to any records we are required to retain.
7. Your rights
Under UK data-protection law you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to our processing in certain circumstances;
- data portability (to receive certain data in a portable format);
- withdraw consent where we rely on it; and
- not be subject to solely automated decisions producing legal or similarly significant effects.
To exercise any of these rights, contact us at privacy@glowlist.app. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, though we would appreciate the chance to address your concerns first.
8. Cookies and similar technologies
We use strictly necessary cookies and similar technologies to keep you signed in and to keep the Platform secure and functional. Where we use any non-essential cookies (for example, analytics), we will ask for your consent and provide controls to manage them.
9. How we protect your information
We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and using reputable providers (such as Stripe for payments) who maintain recognised security standards. No system is completely secure, but we work to protect your data and will notify you and the ICO of a personal-data breach where required by law.
10. Children
The Platform is not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.
11. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you. The “last updated” date at the top shows when this Policy was last revised.
12. Contact us
For any privacy question or to exercise your rights, contact us at privacy@glowlist.app.