We built Glow Up Works so that humans never read your personal answers. Here's exactly how your information is collected, used, and protected.
Last updated: April 2, 2026
This Privacy Policy describes the practices of StanHattie LLC, doing business as Glow Up Works, an Iowa limited liability company located in Des Moines, Iowa. Throughout this policy, "we," "us," and "our" refer to StanHattie LLC.
If you have questions about this policy or your data, contact us at hello@glowupworks.com.
1. Information We Collect
Information you provide directly
Contact information: name, email address, phone number (optional), city and state
Business information: business name, website URL
Track selection: your chosen track (Business, Life, Educator, or Health) and sub-track
Questionnaire answers: free-form responses about your business, life, career, or health situation
Referral information: who referred you to us and anyone you refer
This data is stored in your browser's localStorage and only transmitted to our servers when you explicitly click "Sync"
Information collected automatically
Website analytics: anonymous page views, session duration, referral source, device type, and general geographic region via Google Analytics
Session recordings: anonymous interaction recordings (clicks, scrolls, mouse movement) and heatmaps via Microsoft Clarity
2. How We Use Your Information
AI-powered research and dashboard generation
Your questionnaire answers are processed by artificial intelligence (Anthropic's Claude) to research your situation and generate a personalized dashboard with recommendations. This is the core of our service.
What is encrypted end-to-end: the substantive answer fields (the things you write about your business, health, life, etc.) are encrypted inside your browser with AES-256-GCM using a random key, and that key is wrapped with our RSA-2048 public key. Only our Railway pipeline server (which holds the private key) can decrypt them. Our hosting provider never sees these answers in readable form.
What is NOT encrypted end-to-end: routing and delivery fields, your name, email, phone, general location, track selection, referral info, and language, are transmitted in plaintext so the form host can route the submission and we can email you. Treat these fields as ordinary form data, not secrets.
At rest: decrypted answers are re-encrypted with AES-256-GCM (per-row random salt + IV) before being stored in our database. The at-rest key is separate from the webhook authentication secret.
AI processing: After decryption on our server, your answers are sent to Anthropic's Claude API over a TLS-encrypted connection for AI research and dashboard generation. Per Anthropic's API policy, your data is not used to train their models. The plaintext answers exist briefly in server memory during processing, then only the encrypted version and AI-generated summaries are retained.
Answers are processed only by AI to generate your dashboard, no human reads your individual questionnaire responses
The owner and operator of Glow Up Works never reads individual questionnaire answers
Because our server decrypts your answers in memory to run the AI research, the encryption is end-to-end between your browser and our server, not between your browser and you. If that distinction matters to you, please do not submit information you aren't comfortable with our automated pipeline processing.
Chat assistant
Chat messages on your dashboard are processed by Anthropic's Claude AI in real time to provide personalized guidance. Chat messages are not stored long-term on our servers.
Emails
We use your email address to send dashboard delivery notifications, check-in messages, milestone celebrations, and referral communications. All emails are sent through Resend and originate from hello@glowupworks.com.
Service improvement
Aggregated, anonymized data may be used to improve the service, identify trends, and enhance our recommendation engine. Individual data is never used for this purpose.
3. AI-Specific Disclosure
Glow Up Works uses artificial intelligence extensively. We believe you should know exactly how.
Personal data submitted through questionnaires is processed by Anthropic's Claude AI
AI is used to: research your situation, generate personalized recommendations, create dashboard content, power the chat assistant, and generate automated emails
AI does not make decisions about pricing, eligibility for free tiers, or account access
No personal data is used to train AI models, per Anthropic's API data usage policy, data sent through their API is not used for model training
4. Third-Party Services
We rely on the following third-party services to operate Glow Up Works. Each processes data only as necessary to provide its function.
Anthropic (Claude AI), processes questionnaire answers and powers the chat assistant. Privacy Policy
Cloudflare, hosts our website and handles CDN, DNS, and edge routing. Privacy Policy
Railway, hosts our backend pipeline and Postgres database. Privacy Policy
Resend, sends automated emails on our behalf. Privacy Policy
Google Analytics, anonymous website usage tracking. Privacy Policy
Microsoft Clarity, anonymous session recording and heatmaps. Privacy Policy
Stripe, payment processing for paid tiers only. No credit card data ever touches our servers. Privacy Policy
Google PageSpeed Insights, website performance auditing for clients with websites. Privacy Policy
Square, POS and sales data, only if you choose to connect your account. Privacy Policy
Xero, accounting data, only if you choose to connect your account. Privacy Policy
5. Data Sharing
We never sell your data to anyone, for any reason
We never share your individual data with third parties for marketing purposes
Data is shared only with the third-party services listed in Section 4, solely for the purpose of delivering our service to you
Aggregated, anonymized data may be used to improve the service, this data cannot be linked back to any individual
6. Data Security
All questionnaire answers are encrypted using AES-256-GCM encryption before storage in our database
Encryption keys are derived from a secure server-side secret and are never exposed to client-side code
Our admin tools display submission metadata and AI-generated summaries, never raw questionnaire answers
All data in transit is protected by TLS/HTTPS
Payment processing is handled entirely by Stripe, no credit card numbers, CVVs, or bank account details are ever stored on or pass through our infrastructure
7. Data Retention
Encrypted questionnaire answers: retained indefinitely unless you request deletion
Dashboard HTML: retained on our servers indefinitely
Email logs: retained for 2 years, then deleted
Analytics data: governed by Google Analytics and Microsoft Clarity retention policies
localStorage data: stored in your browser and controlled entirely by you, clearing your browser data removes it
8. Your Rights
You have the following rights regarding your personal data:
Right to deletion: request that we delete all personal data associated with you by emailing hello@glowupworks.com
Right to access: request a copy of the data we hold about you
Right to opt out of analytics: enable your browser's Do Not Track setting, we respect it. You may also use browser extensions to block Google Analytics or Microsoft Clarity
Right to disconnect integrations: if you connected Square or Xero, you may disconnect at any time and we will stop accessing that data
To exercise any of these rights, email us at hello@glowupworks.com. We will respond within 30 days.
Microsoft Clarity cookies, anonymous session recording and heatmap data
What we do not use
No advertising cookies
No third-party tracking cookies
No cross-site tracking
localStorage
Your dashboard uses your browser's localStorage (not cookies) to store checklist progress, session notes, theme preferences, and the access gate. This data stays in your browser unless you click "Sync" to send it to our servers. You can clear it at any time through your browser settings.
10. Children's Privacy
Glow Up Works offers a Kid/Teen Entrepreneur track designed for users ages 13 to 17. We do not knowingly collect personal information from children under the age of 13 without verified parental consent.
If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us at hello@glowupworks.com and we will promptly delete that information.
For users ages 13 to 17, we collect the same categories of information described in this policy. We encourage parents and guardians to be involved in their teenager's use of the service.
11. DMCA Safe Harbor
StanHattie LLC is registered under the Digital Millennium Copyright Act (DMCA) Safe Harbor provisions.
If you believe that content on our site infringes your copyright, please send a written DMCA takedown notice to the contact above including: identification of the copyrighted work, identification of the infringing material with enough detail for us to locate it, your contact information, and a statement under penalty of perjury that you believe the use is not authorized.
12. Governing Law
StanHattie LLC is registered in the state of Iowa. This Privacy Policy and any disputes arising from it are governed by the laws of the state of Iowa, United States. We comply with applicable Iowa consumer protection laws.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Your continued use of Glow Up Works after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions about this Privacy Policy, your data, or your rights, contact us: