Privacy Policy

Last updated: 26/03/2026

1. Information We Collect

We collect information you provide directly to us when using SkinGenie, including:

• Facial images for skin analysis (processed in memory, see Section 3)
• Facial images stored persistently (Pro users who opt in, for skin tracking purposes — see Section 3)
• AI-generated skin analysis results
• Account information (email, name) if you create an account
• Demographic information (age, gender)
• Skin-related information (skin type, tone, concerns)
• Environmental factors and lifestyle preferences
• Saved skincare routines and product preferences
• Hair-related information (hair type, porosity, thickness, scalp condition)
• Ingredient images for ingredient checking (processed in memory, not stored)

2. How We Use Your Information

We use the information we collect to:

• Process and analyze facial images using AI technology
• Generate personalized skincare routines
• Save and manage your routines (if logged in)
• Improve our AI recommendations and services
• Analyze ingredient lists from product images
• Provide AI-powered routine chat assistance
• Send service-related communications

Legal Basis (GDPR): We process your data based on (a) your consent when you upload images or submit information, (b) our legitimate interest in providing and improving our services, and (c) contract performance when you create an account.

3. Facial Image Data & Retention

We take your privacy seriously, especially regarding facial images:

Default (Free Users)

• No storage: Images are converted to base64 in memory and sent directly to our AI provider for analysis. They are never written to disk or cloud storage on our servers
• Memory only: Image data exists in server memory only for the duration of the API call, then is automatically discarded

Pro Users (Skin Journal)

• Opt-in photo storage: Pro users who explicitly consent may have their analysis photos stored securely in private encrypted storage for skin tracking purposes
• Access control: Stored photos are accessible only to the user via time-limited signed URLs (1-hour expiry)
• User control: Users can delete individual photos or all photos at any time. All photos are permanently deleted upon account deletion
• Data-only option: Pro users who decline photo storage still have their analysis results (skin type, concerns, etc.) saved without the original image

All Users

• AI provider processing: Our AI providers may use data sent to them to improve their services, in accordance with their own privacy policies
• No human review: Only automated AI systems process your images
• Encrypted transfer: All image data is transmitted over HTTPS encryption

4. Cookies & Analytics

We use cookies and similar technologies for:

• Essential cookies: Required for authentication and site functionality
• Analytics (PostHog): To understand how users interact with our service and improve the experience

You can disable non-essential cookies in your browser settings, though this may affect some functionality.

5. Sharing of Information

We do not sell your personal information. We may share your information with:

• Supabase: Authentication, cloud database, and photo storage for Pro users who opt in (US)
• OpenAI: AI skin analysis processing — receives base64-encoded images directly for analysis (US)
• PostHog: Analytics (US)
• Vercel: Website hosting (Global CDN)
• Stripe: Payment processing (US)
• Cloudflare: Bot protection via Turnstile (Global)
• Resend: Transactional email delivery (US)
• Google: OAuth sign-in via Google Identity (US)

These providers are contractually obligated to protect your data and only process it as instructed.

6. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your data and account
• Portability: Receive your data in a portable format
• Objection: Object to processing based on legitimate interest

To exercise these rights, contact us at support@skingenie.beauty. We respond to requests within 30 days.

7. Data Security

We implement appropriate security measures including:

• HTTPS encryption for all data transfers
• Secure cloud infrastructure with access controls
• Row-level isolated storage for facial images (Pro users), accessible only via time-limited signed URLs
• Regular security reviews
• Minimal data retention periods

8. International Transfers

Your data may be processed in the United States and European Union. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

9. Children's Privacy

SkinGenie is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us and we will delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at support@skingenie.beauty