Your clients' data,
handled properly.
Gloow is a front-desk and booking assistant for aesthetic clinics. This page sets out, in specific terms, how we protect the data that flows through it and how Gloow behaves inside a regulated industry. No vague promises, just the mechanisms.
Data protection
- UK GDPR processes. We operate documented UK GDPR processes for the personal data we handle on your behalf: lawful-basis records, data-subject request handling, and breach notification within 72 hours.
- Hosting region: [CONFIRM REGION].
- Encryption. TLS 1.2+ for all data in transit; AES-256-GCM encryption at rest for messages and OAuth tokens.
- Retention & deletion. Account data is erased within 90 days of account deletion; message history can be deleted per-thread at any time; OAuth tokens are revoked and deleted the moment you disconnect a channel. Full deletion on request: email privacy@gloow.ai.
- ICO registration: [ICO NUMBER, founder to register].
- Data Processing Agreement. A signed DPA is available to every customer: [DPA PDF].
Sub-processors
We use a small set of sub-processors to run the service. Each one processes data only to deliver the function listed.
| Sub-processor | Purpose | Region |
|---|---|---|
| DigitalOcean | Application hosting & storage | [CONFIRM REGION] |
| Anthropic | AI reply generation (Claude, zero-retention API terms) | [CONFIRM REGION] |
| Unipile | Channel connections (GDPR compliant, SOC 2 certified) | [CONFIRM REGION] |
| Meta Platforms | WhatsApp, Instagram & Messenger message delivery | [CONFIRM REGION] |
| Stripe | In-chat deposits & billing (funds settle in your own Stripe account) | [CONFIRM REGION] |
| Twilio | Phone & SMS channel, missed-call text-back | [CONFIRM REGION] |
| Postmark | System email delivery | [CONFIRM REGION] |
Built for UK aesthetics regulation
The compliance pack ships on by default, and every intervention it makes (a blocked booking, a declined minor, an escalated question) is logged to an audit table. If anyone ever asks, you can prove exactly what happened.
ASA-safe replies
Prescription-only medicines (POMs), including botulinum toxin, cannot be advertised to the public in the UK. Gloow's replies are built around that rule: it never quotes promotional pricing for POM treatments, never describes them in promotional terms, and steers every POM enquiry to the compliant path, a consultation with your prescriber first. Enquiries about non-POM treatments (such as dermal fillers or skin treatments) are answered normally, in line with ASA/CAP guidance.
Under-18 screening
Since the Botulinum Toxin and Cosmetic Fillers (Children) Act 2021, administering botulinum toxin or dermal fillers to under-18s for cosmetic purposes is illegal in England. Gloow screens for age signals automatically in every injectable enquiry, blocks the booking, and politely declines minors, explaining why. The screening is logged, so you have a record of every declined enquiry, and you never have to police it yourself.
Clinical escalation
Gloow answers front-desk questions: prices of non-POM treatments, availability, directions, aftercare logistics. It does not answer clinical ones. Contraindications, complications, medication interactions, "is this normal?" messages: the moment one arrives, Gloow sends only a short holding note, alerts you instantly with the full conversation attached, and blocks any booking until you step in. Every escalation is logged with a timestamp, so the handover trail is always available.
Your data, protected
Everything in the Data protection section above applies to client conversations: UK GDPR processes, TLS in transit, AES-256-GCM at rest, a DPA available for your records, and full deletion on request. Clients message your own number and inbox; Gloow never puts a pooled sender between you and your client. And Gloow never stores appointments: your calendar stays the source of truth.
Boundaries: what Gloow is not
Gloow is a front-desk and booking assistant. It does not give medical advice, does not store clinical records, and is not a medical device. Clinical judgement stays exactly where it belongs: with you.
Questions?
Email privacy@gloow.ai for anything data-related, or hello@gloow.ai for everything else. See also our Privacy Policy and Terms.