Data Deletion Request
Last Updated: May 25, 2026
1Your Right to Request Deletion
You have the right to request deletion of personal data we hold about you. This right is provided under the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and, where applicable, Article 17 of the EU General Data Protection Regulation (the "right to be forgotten").
This page explains exactly how to submit a deletion request, what we can delete immediately, what takes up to 30 days, and the limited categories of data we are legally required to retain. For the full picture of how Gloora AI collects and uses your data, please review our Privacy Policy.
We treat data deletion as a serious commitment, not a checkbox. Whether you are a Gloora subscriber closing your account or an end customer of a salon that uses our platform, the process below applies to you.
2How to Request Deletion
To request deletion of your personal data, send an email to legal@gloora.ai from the email address associated with your account, or from an address where you can verify your identity.
Please include in your request:
- Your full name and the email address linked to your Gloora account (if you are a subscriber)
- The salon, clinic, or business name where you received a service (if you are an end customer)
- A clear statement that you are requesting deletion of your personal data
- The specific data categories you want deleted (or "all data" if you want everything)
- Whether the request includes data received through Facebook or Instagram integrations
We will acknowledge your request within 5 business days and confirm completion within 30 days. If we need additional information to verify your identity, we will reach out using the contact details on file.
3Facebook & Instagram Data Deletion
Where a Gloora subscriber connects a Facebook Page or Instagram Business account to our platform, we receive limited data from Meta in order to deliver booking automation, messaging, and engagement features. This includes inbound messages, profile metadata for the connected page or account, message threads with end customers, and the OAuth tokens that authorize our access.
Automatic deletion on disconnect. When a subscriber disconnects their Facebook or Instagram integration from Gloora, we automatically delete the associated OAuth tokens and cached webhook data within 24 hours. Message records, profile data, and threads tied to that integration are permanently deleted within 30 days of disconnect, in line with Meta Platform Terms section 3(d)(i).
Retroactive deletion for older snapshots. If you want us to delete Facebook or Instagram data from periods predating a disconnect (for example, archived message history from a past integration), send a request to legal@gloora.ai identifying the connected account and the timeframe. We will locate and purge those records within 30 days.
End-customer messages. If you are an end customer who messaged a salon through their Facebook or Instagram, the salon (Gloora's subscriber) is the data controller for that conversation. You can ask the salon to remove your conversation, or contact us directly using the End-Customer Data process below if the salon is unreachable.
4End-Customer Data (Salon Clients)
If you are a customer of a salon, clinic, or wellness business that uses Gloora AI to manage its bookings, then under data protection law the salon is the data controller and Gloora AI is the data processor. This distinction matters for deletion requests. The full Controller / Processor split is explained in our Privacy Policy — please review it for context.
Primary path: contact the salon directly. The salon owns the customer relationship and is the first point of contact for deletion. Ask the staff or owner to delete your profile, appointment history, and any stored payment details from their Gloora account. They have direct tools inside Gloora to do this immediately.
Fallback path: contact Gloora directly. If the salon is unresponsive, closed, or refuses to act on your request, email us at legal@gloora.ai with your name, the salon's name and city, and the approximate dates you were a customer. We will contact the salon on your behalf and, if needed, exercise our processor obligations to ensure your data is removed within 30 days.
5What We Cannot Delete (Legal Retention Exceptions)
Some data must be retained even after a deletion request, because we are legally required to keep it. We will not delete:
- Financial and tax records: Invoices, payment records, and transaction logs are retained for seven (7) years to comply with UAE Federal Decree-Law No. 8 of 2017 on Value Added Tax and applicable bookkeeping obligations.
- Audit and security logs: System access logs, security events, and administrative action logs are retained for the period required by our security policies and any applicable regulatory framework.
- Legal-hold data: Records subject to active litigation, regulatory investigation, dispute resolution, or law enforcement order are preserved until the hold is lifted.
- Anonymized analytics: Aggregated and irreversibly anonymized data that no longer identifies you may be retained for analytics and product improvement.
Where we are required to retain data, we restrict access to it, store it securely, and use it only for the legal purpose that requires retention. Once the retention period ends, the data is deleted or further anonymized.
6Processing Timeline
Our standard processing timeline for deletion requests is as follows:
- Within 5 business days: Acknowledgment of your request and any clarification we need to proceed.
- Within 24 hours (Facebook / Instagram on disconnect): OAuth tokens revoked and cached webhook data purged.
- Within 30 days: Full deletion completed for personal data within the scope of the request, with written confirmation sent to you.
- Immediate where technically feasible: For data that can be removed without dependency checks (for example, marketing preferences or unverified inbound messages), we delete on the same day.
If a request is unusually complex or volumes are high, we may extend the timeline by up to a further 60 days as permitted under GDPR Article 12(3). We will notify you in writing if any extension is needed and explain the reason.
7Confirmation and Next Steps
Once your deletion has been processed, we will send a written confirmation to the email address you used to submit the request. The confirmation will list the categories of data that were deleted, the categories (if any) retained under the legal retention exceptions above, and the effective date.
If you believe your request was not handled correctly, or you want to escalate a deletion concern, you can:
- Reply to the confirmation email asking for a review by our data protection lead
- Lodge a complaint with the UAE Data Office at www.dataoffice.gov.ae
- Where applicable, contact your local data protection authority in the EU / EEA
You can submit a new deletion request at any time in the future, including for any new data generated after a previous request.
8Contact
To submit a deletion request or ask a question about this process, contact us at:
Gloora AI (F.Z.C.)
AMC Boulevard-A Building, Ajman Media City
Ajman, United Arab Emirates
Email: legal@gloora.ai
For general privacy questions outside the scope of a deletion request, see our Privacy Policy.