Privacy Policy

This Privacy Policy explains how Skinly AI("Skinly," "we," "us") collects, uses, stores, and shares information when you use the Skinly AI mobile application for iOS and related services (collectively, the "Service"). We are committed to handling your information responsibly and transparently.

Depending on how you use the Service, we may collect:

• Account information: When you sign in with Apple, we receive identifiers and, on first sign-in only, the name and email address Apple shares (which may be a private relay address). We use this to create and secure your account.
• Skin profile: Answers you provide about skin type, goals, concerns, lifestyle, and routine preferences.
• Face scans: Photos you capture for skin analysis, plus analysis results we generate from those images.
• Scan history: Records of your past face, food, and product scans and related results stored in your account.
• Food and product scans: Photos of food, nutrition labels, or skincare products, plus related analysis results.
• Chat messages: Text you send to the in-app AI assistant and responses we provide.
• Routine and progress data: Morning/evening routines, daily check-ins, streaks, and progress history associated with your account.
• Subscription status: Whether you have an active Skinly Pro subscription, managed through Apple and RevenueCat. We do not receive or store your full payment card details.
• App usage analytics: Anonymised interaction events (such as onboarding completion and feature usage) collected through AppsFlyer for product analytics and install attribution. These events do not include photos, scan content, chat text, or health-related personal data.
• Diagnostics and crash data: Crash logs, error reports, and performance metrics used to identify and fix issues in the app.
• Technical data: Basic device and app information needed to operate the Service, and server logs (such as IP address, timestamps, and request metadata) from our hosting providers.

This section explains how Skinly handles face-related photos used for skincare analysis and progress tracking. Skinly does not use face data for identity verification, biometric authentication, or facial recognition.

What We Collect

When you use features like Face Scan or daily Face Check-in, we may collect:

• User-submitted photos of your skin/face that you choose to capture in-app or select from your photo library (e.g., face scan photos and check-in photos).
• Associated scan metadata (such as time/date, scan type/purpose, and results generated from the photo).

Face photos are provided voluntarily by users when they choose to use skin analysis or progress tracking features.

Why We Collect It

We collect these photos only to:

• Provide skincare analysis and educational insights based on visible skin features.
• Support progress tracking (for example, comparing check-in photos over time).
• Improve the user experience, troubleshoot issues, and maintain service reliability (for example, detecting failed uploads).

How We Use It

• Generate your skin analysis outputs and in-app results.
• Store and display your progress history back to you (if you use progress tracking features).

Sharing and Disclosure

• We do not sell face data or skin photos.
• Photos may be processed by AI service providers strictly to generate skincare analysis and related outputs for you.
• We do not permit uploaded images or chat content to be used to train third-party AI models.

Storage and Security

• Face scan and check-in photos are uploaded to private Supabase Storage buckets (including the face-scans bucket).
• Storage paths are scoped per user (stored under a user-specific path).
• Data is transmitted securely (for example, over encrypted connections such as TLS/HTTPS).

Retention and Deletion

• We retain these photos until you delete your account or request deletion, unless a longer period is required by law.
• When you delete your account, we delete uploaded scan photos from storage and delete associated account data.
• You may request deletion by contacting support@skinlyai.app.

Not Used for Facial Recognition or Identification

We do not use face data to identify users or perform facial recognition. Skinly’s face scan and check-in photos are used only for skincare analysis and progress tracking and are not used for biometric identification, identity verification, or authentication.

We use the information described above for app functionality, in-app personalisation, and analytics. Specifically:

• Provide account access and authenticate you.
• Run AI-assisted analysis on images and text you submit and display results in the app.
• Personalise skincare routines, check-ins, and educational content based on your profile and activity.
• Maintain your scan history and progress within your account.
• Manage and validate subscriptions (through Apple and RevenueCat).
• Measure product usage and install attribution via AppsFlyer to understand how the app is used and improve features.
• Respond to support requests and communicate with you.
• Maintain safety, prevent abuse, and meet legal obligations.
• Operate, secure, troubleshoot, and improve the Service.

Images and text you upload (including face photos, food and product scan images, and chat messages) may be sent to third-party AI providers (such as OpenAI) solely on our behalf to generate insights, summaries, and responses. This processing is necessary to deliver core app features.

AI-generated outputs are algorithmic, may be incomplete or inaccurate, and are for general skincare education and wellness guidance only. They are not medical or dermatological advice and do not diagnose, treat, cure, or prevent any skin condition. Skinly AI is not a medical device and is not intended to be used as one. Do not rely on the Service as a substitute for professional medical advice — always consult a qualified healthcare professional regarding your skin or health.

We do not sell your personal information. We share data only with service providers that help us run the Service, including:

• Supabase — authentication, database, and private cloud storage for uploaded scan images.
• Vercel — hosting for our API and website.
• OpenAI — processing images and text for analysis and chat features.
• Apple — Sign in with Apple and in-app purchases.
• RevenueCat — subscription management and purchase validation.
• AppsFlyer — mobile app analytics and install attribution only (funnel events such as onboarding completion and paywall views). AppsFlyer is not used for advertising, behavioural targeting, or cross-app tracking. We do not send face photos, scan content, chat text, or other health-related personal data to AppsFlyer.

We do not sell your data to data brokers, and we do not share your information with advertising networks or use it to track you across third-party apps or websites for advertising purposes.

We may also disclose information if required by law or to protect rights, safety, and security.

Your data is stored using industry-standard cloud infrastructure. Information is transmitted over encrypted connections (TLS). Data at rest is protected by our providers' security measures. We do not claim end-to-end encryption of your content, and we are not a HIPAA-covered entity. No method of transmission or storage is completely secure; please use a strong device passcode and keep your account credentials private.

We retain your information while your account is active and as needed to provide the Service. When you delete your account, we delete your auth record and associated app data; uploaded images in private storage are removed as part of that process. We may retain limited information for longer where required for legal, security, fraud-prevention, or dispute-resolution purposes. Residual backups at our infrastructure providers may take up to approximately 30 days to clear.

Depending on where you live (including the UK and EEA), you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, and to data portability where applicable. Where we rely on your consent, you may withdraw it at any time (this does not affect processing already carried out). You may also lodge a complaint with your local supervisory authority (in the UK, the ICO).

To delete your account, use Settings → Delete account in the app, or email support@skinlyai.app. For other requests, contact us at the same address.

The Service is not directed to children under 16. We do not knowingly collect personal information from anyone under that age. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

We may process and store information in the United Kingdom, United States, and other countries where our providers operate. When we transfer data internationally, we rely on appropriate safeguards where required by law.

The iOS app uses AppsFlyer for product analytics and install attribution — for example, measuring when onboarding completes or a paywall is viewed. AppsFlyer is not used for advertising, behavioural targeting, retargeting, or tracking across third-party apps or websites. These events do not include face photos, scan images, chat messages, skin concerns, or other health-related personal data. We do not collect or access the iOS advertising identifier (IDFA) and do not request the App Tracking Transparency (ATT) prompt.

Our servers and infrastructure providers may also automatically log technical information (such as IP address, user agent, and error reports) necessary to operate and secure the Service.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Continued use of the Service after changes become effective constitutes acceptance of the updated policy where permitted by law.