Skinly Logo

Privacy Policy

Last updated: November 19, 2025

Introduction

At Skinly Labs, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application ("App") and related services ("Services"). By using Skinly, you agree to the practices described in this policy.

Information We Collect

We collect several types of information to provide and improve our Services:

Account Information

  • Email address (required for account creation and authentication)
  • Display name (optional)
  • Authentication provider (email, Google, or Apple)
  • Account creation and last login timestamps

Skin Profile Data

  • Skin type (normal, dry, oily, combination, or unsure)
  • Main skin concerns (acne, blackheads, uneven tone, dryness, dullness)
  • Skincare routine frequency (morning/evening, only evening, few times per week, rarely)
  • Cleansing habits (special cleanser, only water, wipes/micellar, not regular)
  • SPF usage (every day, only summer, rarely, never)
  • Age range (under 20, 20-30, 30-40, 40-50, 50+)
  • Gender preference (female, male, not specified)

Product Data

  • Product barcodes scanned via the App
  • Products saved to your journal with start/end dates and personal notes
  • Product compatibility analysis results and recommendations

Chat Conversations

  • Messages exchanged with Skinbot, our AI skincare assistant
  • Conversation history and timestamps (premium feature)

Usage Data

  • App usage patterns, features accessed, and session duration
  • Device information (model, OS version, app version)
  • IP address and general location (country/region)
  • Error logs and crash reports for debugging

Face Data (Face Images and Analysis Data)

This section provides complete transparency about how we handle your face images and derived analysis data.

1What face data we collect

  • Face photographs that you intentionally upload through the skin scanning feature for the purpose of receiving appearance-related insights and tracking progress over time
  • Derived, non-image attributes such as brightness levels, texture indicators, and visible skin characteristics. These are mathematical measurements extracted from images and are non-biometric in nature—they cannot be used to identify you

Important: We do not collect face data for facial recognition, identity verification, or any biometric identification purposes.

2Why we store face data

  • To generate comprehensive AI-powered skin analysis, including measurements of 8 key metrics: skin age, evenness, wrinkles, redness, moisture, pores, acne, and dark spots
  • To provide personalized cosmetic and skincare product recommendations tailored to your specific skin condition
  • To enable optional scan history and progress tracking features, allowing you to monitor improvements over time
  • To perform quality assurance, troubleshooting, and service improvement

3Default retention period

  • Temporary processing photos: Uploaded images used solely for analysis are retained only as long as necessary for processing and quality review, typically up to 30 days, after which they are automatically deleted
  • Saved scans: Scans you explicitly choose to save for progress tracking remain in your account until you manually delete them
  • Derived attributes: Non-image numerical data (scores, measurements) may be retained longer in anonymized or aggregated form for service improvement and research purposes

4How we protect face data

  • Encrypted transmission: All face images are transmitted using industry-standard HTTPS/TLS encryption
  • Encrypted storage: Images and analysis data are stored on secure, encrypted servers with encrypted backups
  • Access controls: Strict authentication and authorization mechanisms limit access to authorized systems and personnel only
  • Security audits: Regular security assessments and vulnerability testing

5How you can control your data

  • Delete individual scans: You can delete any saved scan from your scan history at any time through the App
  • Clear all scans: Use the "Delete All Scans" option in Settings to remove all scan images and associated data
  • Account deletion: Deleting your account triggers immediate removal of all face images and derived attributes within 30 days (with a 90-day grace period during which you can restore your account)

Your rights are protected: You have full control over your face data at all times. We never sell, rent, or share your face images with third parties for their independent use.

How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To create and maintain your account, authenticate your identity, and provide core App functionality
  • AI Analysis: To perform advanced skin analysis using GPT-4o-mini AI models, generate product compatibility assessments, and provide personalized skincare recommendations
  • Personalization: To tailor content, recommendations, and AI responses based on your unique skin profile and usage patterns
  • Subscription Management: To process in-app purchases, manage premium subscriptions through RevenueCat, and handle billing inquiries
  • Communication: To send transactional emails (OTP codes, account notifications), service updates, and promotional messages (with your consent)
  • Security & Fraud Prevention: To detect and prevent unauthorized access, abuse, and fraudulent activities
  • Service Improvement: To analyze usage patterns, identify bugs, optimize performance, and develop new features
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests

Data Sharing and Third-Party Services

We work with trusted third-party service providers to deliver our Services. We share only the minimum data necessary for each provider to perform their specific function:

OpenAI (AI Processing)

Purpose: AI-powered skin analysis, product compatibility assessment, and chat responses

Data shared: Derived, non-image attributes only (numerical scores, text descriptions). We do NOT send your face images to OpenAI—only processed metrics.

RevenueCat (Subscription Management)

Purpose: Managing in-app purchases and premium subscriptions across iOS and Android

Data shared: User ID, subscription status, product IDs, purchase timestamps

Open Beauty Facts (Product Database)

Purpose: Retrieving product information, ingredients, and images from barcodes

Data shared: Product barcodes only (no personal data)

Google & Apple (OAuth Authentication)

Purpose: Secure sign-in via Google or Apple accounts

Data shared: We receive only your email and name (if provided) from the OAuth provider. We do not have access to your Google/Apple password.

Resend (Email Delivery)

Purpose: Sending transactional emails such as OTP verification codes

Data shared: Email address and message content (OTP codes only)

We never sell your personal information. Your data is only shared with the service providers listed above, and only to the extent necessary to deliver our Services to you.

Data Security

We implement industry-standard technical and organizational security measures to protect your information:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256.
  • Authentication: Secure JWT-based authentication with refresh token rotation and bcrypt password hashing (cost factor 12)
  • Access Controls: Role-based access control (RBAC) limits employee and system access to only what is necessary
  • Infrastructure: Secure cloud infrastructure with regular security patches, firewalls, and intrusion detection
  • Monitoring: Continuous security monitoring and logging of access events

While we use best-in-class security practices, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data for direct marketing purposes
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

Data Retention

We retain your personal information for as long as necessary to provide our Services and comply with legal obligations:

  • Account data: Retained while your account is active. After account deletion, data is removed or anonymized within 30 days (90-day grace period applies).
  • Face images (temporary): Up to 30 days for processing and quality assurance
  • Saved scans: Until manually deleted by you
  • Anonymized analytics: Retained indefinitely in aggregated, non-identifiable form for research and service improvement
  • Legal/financial records: Retained as required by law (typically 3-7 years depending on jurisdiction)

Children's Privacy

Skinly is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected such information, we will promptly delete it. If you believe your child has provided us with personal information, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed on servers located outside your country of residence, including in the United States and other countries where our service providers operate. These countries may have data protection laws different from those in your country. By using Skinly, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last updated" date at the top of this policy and, where appropriate, by sending you an email notification or in-app alert. Your continued use of Skinly after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Company: Skinly Labs