Privacy Policy
Table of Contents
- Who We Are
- Information We Collect
- How We Use Your Information
- Facial Photo Processing
- Biometric Data Notice
- How We Store and Secure Your Data
- Third-Party Service Providers
- Data Retention
- Your Rights
- For Users in the European Economic Area (GDPR)
- For California Residents (CCPA)
- Children's Privacy
- Cookies and Tracking
- What We Do NOT Do
- Changes to This Privacy Policy
- Contact Us
1. Who We Are
Skinsign ("we", "us", "our") operates the Skinsign mobile application and website (skinsign.app).
Skinsign is a wellness and lifestyle tracking tool that helps you understand the connection between your daily habits and your skin health. Skinsign is not a medical device and does not provide medical advice.
Contact: info@skinsign.app
2. Information We Collect
2a. Waitlist and Website
- Email address when you join our waitlist
- Referral attribution data (referral links)
- Basic browsing analytics via Vercel Analytics (privacy-focused, no cookies)
2b. Account Information (App)
- Email address, Apple ID, or Google account identifier (via Sign in with Apple or Google)
- Skin concern preferences (e.g., breakouts, redness, texture)
- Condition duration and suspected triggers (selected during onboarding)
2c. Lifestyle Data You Provide
- Food and drink selections from preset categories (dairy, sugar, processed food, alcohol, fresh foods, etc.)
- Sleep duration and quality ratings
- Stress level ratings
- Water intake estimates
- Optional free-text daily notes
2d. Facial Photographs
- Selfie photos you take for skin analysis
- Stored as JPEG files in encrypted, private cloud storage
- Accessible only via time-limited signed URLs that expire after 1 hour
- Never publicly accessible
2e. AI-Generated Data
- Overall skin health score (0-100)
- Dimension scores: acne, redness, texture, hydration (each 0-100)
- Acne classification (type and affected zones)
- Correlation insights between your lifestyle and skin patterns
2f. Usage and Technical Data
- Feature usage events and article reads
- Product interaction events (e.g., scans started, lifestyle pillars logged, paywall views, sign-up method) collected via PostHog — an EU-hosted product analytics provider. See section 7b for full detail.
- Rate limit tracking (to enforce fair usage)
- Notification preferences
- Subscription status
You can disable product analytics at any time in Settings → Privacy & Data → Analytics → Help improve Skinsign.
2g. Data Stored on Your Device
- Draft logs and cached scan results stored locally via SQLite
- This data does not leave your device unless you explicitly submit it
3. How We Use Your Information
- Provide AI-powered skin analysis from your photos
- Generate personalized lifestyle-skin correlation insights
- Personalize your experience based on your skin concerns and lifestyle patterns
- Send waitlist updates and product communications (only with your consent)
- Improve the app and fix issues (using aggregated, de-identified analytics only)
- Enforce our terms of service and prevent abuse
We never use your data for advertising. We never sell your data.
4. Facial Photo Processing
Your photos are never used to train AI models. They are never shared with third parties beyond what is described below. They are never sold.
- Your facial photos are processed by Anthropic's Claude AI to analyze skin conditions (acne, redness, texture, hydration).
- Photos are transmitted through our secure server-side functions (Supabase Edge Functions). You never connect directly to the AI provider.
- The AI returns numerical scores and classifications only. No photo data is retained by the AI provider after processing.
- Photos are stored in a private storage bucket. Access requires an authenticated, time-limited URL that expires after 1 hour.
- Per Anthropic's API terms, data submitted through their API is not retained after analysis and is not used to train their models (see Anthropic's privacy policy).
4a. Personalized Daily Readings
Once per day we use the data described elsewhere in this policy (your most recent skin scan, the past week of lifestyle log entries, and your onboarding answers) to generate a short personalized text describing your skin's status today. This generation happens automatically every morning at your local time. The text is generated by Claude (Anthropic), the same third-party AI processor named in our Third-Party AI Processors section. No new data types are collected for this feature beyond what is already described above.
You can disable daily readings at any time in Settings → Notifications → Daily Skin Sign. Disabling stops both the push notification and the daily generation; your past readings remain in your account.
5. Biometric Data Notice
Skinsign processes facial photographs to analyze skin surface conditions such as acne severity, redness, texture, and hydration levels.
- We do not use facial recognition technology.
- We do not create biometric identifiers, facial geometry templates, or faceprints.
- We do not use photos for identification purposes.
- Our analysis evaluates visible skin surface conditions only, similar to how a dermatologist would assess your skin visually.
State-Specific Notices
Illinois (BIPA): Our processing does not constitute collection of biometric identifiers or biometric information as defined under BIPA, as we do not scan or capture facial geometry for identification purposes.
Texas and Washington: Photos are processed exclusively for skin condition analysis and are subject to the deletion rights described in this policy.
6. How We Store and Secure Your Data
- All data is hosted on Supabase infrastructure with enterprise-grade security.
- Row-Level Security (RLS) on every database table ensures you can only access your own data.
- Facial photos stored in a private storage bucket with time-limited signed URLs (1-hour expiry).
- All AI processing keys are stored server-side only (never in the app code).
- All data transmitted over HTTPS with TLS encryption.
- No direct connections between your device and AI providers.
7. Third-Party Service Providers
We work with the following service providers to operate Skinsign:
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI skin analysis and insight generation | Facial photos (via secure server functions); quantified lifestyle aggregates (no free text or personal identifiers) |
| Supabase | Database, authentication, storage, server functions | All account and app data |
| Apple | Sign-in, subscription management | Apple ID, subscription status |
| Sign-in | Google account identifier | |
| RevenueCat | Subscription lifecycle management | Subscription status, anonymous user ID |
| Kit (ConvertKit) | Email communications | Email address |
| GetWaitlist | Waitlist management | Email address, referral data |
| Vercel | Website hosting, privacy-focused analytics | Browsing behavior (anonymized) |
| PostHog (EU) | Product analytics — how features are used inside the app | Pseudonymous user identifier, screen names, event names (e.g., scan_started), aggregate scores. No photos, no free-text notes, no email or name. |
| Superwall | Remotely-configured paywall presentation (purchases delegated to Apple StoreKit via RevenueCat) | Pseudonymous user identifier, paywall lifecycle events (view, dismiss, purchase result). No photos, no free-text notes, no email or name. |
| TikTok (TikTok Business SDK) | Marketing campaign measurement (iOS only, requires explicit App Tracking Transparency consent) | If you allow tracking: device advertising identifier (IDFA), a registration signal after sign-up, and a subscribe signal after a successful purchase (product identifier only). If you decline tracking: only aggregated install signals via Apple's SKAdNetwork, with no device-level identifiers. Never includes photos, scan results, lifestyle logs, name, or email. |
| Cloudflare | CDN and security | IP address, request metadata |
| Expo | Push notification delivery (iOS / APNs proxy) | Device push token (no email or user ID attached) |
7a. How Anthropic Protects Your Data
Anthropic is our sole third-party AI processor for skin analysis and insight generation. Their commercial API terms commit to the following protections, which we rely on for every call we make on your behalf:
- No model training. Under Anthropic's Commercial Terms of Service, Anthropic may not train models on Customer Content submitted through the API. Your photos and lifestyle data are never used to improve or train any AI model (Anthropic Commercial Terms).
- Short retention window. Anthropic automatically deletes API inputs and outputs from its backend (currently 7 days for API logs as of September 2025). We do not store any data with Anthropic long-term (Anthropic retention policy).
- Independent security certifications. Anthropic maintains SOC 2 Type II attestation and ISO 27001:2022 certification for the infrastructure that processes API traffic (Anthropic Trust Center).
- No direct user contact. Your device never connects to Anthropic directly. Every request is made from our Supabase Edge Functions using a server-side API key that is never distributed in the Skinsign app.
- No personal identifiers sent. We send only the photo, the lifestyle totals you logged, and the derived scan scores. We never include your name, email address, account identifier, or any other data that could identify you personally.
Your consent is required. Starting with Skinsign v1.0.2, we ask you to explicitly agree to AI data sharing the first time you open the app after updating, and before the first skin scan for new accounts. By tapping "Agree and continue" in the app, you consent to this sharing. You can revoke consent at any time in Settings → Privacy → AI data sharing. Revoking stops all future AI processing; your past scans and insights remain in your account.
7b. How PostHog Handles Your Product Usage Data
PostHog is our product analytics provider. We use it to understand which features are used, where users get stuck, and how to make the app easier to use. We rely on the following protections:
- EU data residency. All PostHog data for Skinsign is processed and stored on PostHog's EU infrastructure (eu.i.posthog.com), not in the United States. This applies to every Skinsign user regardless of where they live.
- What is sent. Pseudonymous user identifier (your Skinsign account ID), screen names, named events (e.g., scan_started, paywall_viewed, daily_log_completed), and the numerical scores produced by your scan. We never send your photos, your free-text notes, your email address, or your name.
- No cross-app or cross-site tracking. PostHog only tracks behavior inside the Skinsign app. It does not follow you to other apps or websites. It is not used for advertising.
- No model training. Your usage data is never used to train AI models, and is never sold or shared with advertisers.
- Opt-out anytime. Toggle Settings → Privacy & Data → Analytics → Help improve Skinsign off and the app stops sending any further events. The opt-out is persisted on your device.
- Account deletion. When you delete your Skinsign account, we also delete the corresponding PostHog person record.
- Independent security posture. PostHog maintains SOC 2 Type II attestation and ISO 27001 certification (PostHog security overview).
7c. How TikTok Business SDK Handles Your Data
Starting with Skinsign v1.0.6, we use the TikTok Business SDK on iOS to measure the effectiveness of our marketing campaigns. We rely on the following protections:
- Opt-in via Apple ATT. Before any device identifier is shared with TikTok, iOS shows you Apple's standard App Tracking Transparency dialog. We never bypass this prompt and never pre-collect identifiers. If you tap "Ask App Not to Track" or your global iOS tracking toggle is off, no advertising identifier is shared.
- What is sent if you allow tracking. Your iOS advertising identifier (IDFA), a "Registration" signal after sign-up (with the sign-up method tag: apple, google, or email), and a "Subscribe" signal after a successful subscription purchase (with the product identifier only, no price or billing details).
- What is never sent. Photos, scan results, lifestyle logs, free-text notes, your name, your email address, your Skinsign account identifier, or any health-related data are never sent to TikTok.
- If you decline tracking. No advertising identifier is shared. Apple's SKAdNetwork may still send TikTok aggregated, device-level-anonymous install signals on Apple's terms; this happens at the iOS level outside our control.
- Revoke at any time. You can revoke this permission in iOS Settings → Privacy & Security → Tracking → Skinsign. Revoking stops the SDK from sharing your advertising identifier for any future events.
- No cross-data correlation. The Skinsign account identifier we attach to TikTok events is a separate pseudonymous string from your Supabase user ID; TikTok cannot use it to look up other Skinsign data.
- Third-party policy. TikTok processes this data under its own terms (TikTok Privacy Policy) and uses it to attribute installs and conversions to its advertising platform.
8. Data Retention
- Active accounts: Your data is retained as long as your account exists.
- Account deletion: All photos, scans, logs, insights, usage records, and authentication data are permanently deleted.
- Waitlist data: Retained until you unsubscribe or request deletion.
- Aggregated analytics: May be retained indefinitely in de-identified, non-personal form.
Note: The 30-day scan history limit in the free tier is a display limitation, not a storage limitation. Your data is stored securely regardless of your subscription tier.
9. Your Rights
You have the right to:
- Access your personal data and request a copy
- Export your data in a machine-readable format
- Delete your account and all associated data at any time
- Correct inaccurate personal data
- Restrict processing of your data
- Portability - receive your data in a structured, commonly used format
Self-service account deletion in the app: You can delete your account and all associated data directly from the app at Settings → Account → Delete Account. This action is permanent and cannot be undone. All photos, scans, logs, insights, and authentication data are removed immediately.
To exercise any of these rights, contact us at info@skinsign.app. We will respond within 30 days.
10. For Users in the European Economic Area (GDPR)
If you are located in the European Economic Area (EEA), the following additional provisions apply:
- Legal bases for processing: Consent (photo processing, marketing communications), contract performance (core app features), legitimate interest (analytics, security).
- Data controller: Skinsign.
- International transfers: Most processing occurs in the United States, including marketing measurement data shared with TikTok when you allow tracking on iOS. Product analytics data (PostHog) is processed on EU infrastructure and stays within the EEA. For United States transfers, we rely on our sub-processors' standard contractual clauses and data processing agreements for lawful transfer.
- You have the right to lodge a complaint with your local data protection supervisory authority.
11. For California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know what personal information is collected, used, and shared.
- Right to delete your personal information.
- Right to opt-out of sale: We do not sell your personal information. We have never sold personal information.
- Right to non-discrimination for exercising your privacy rights.
To submit a request, contact info@skinsign.app.
12. Children's Privacy
- Skinsign is not intended for children under 13 years of age.
- We do not knowingly collect personal information from children under 13.
- If we become aware that we have collected data from a child under 13, we will delete it promptly.
- Users aged 13 to 17 should have parental or guardian consent before using Skinsign.
14. What We Do NOT Do
We do NOT sell your personal data to anyone.
We do NOT use your photos to train AI models.
We do NOT share photos, scan results, lifestyle logs, your name, or your email with advertisers. The only data shared with an advertising platform (TikTok) is your iOS advertising identifier and a registration / subscribe signal, and only after you grant App Tracking Transparency consent (see section 7c).
We do NOT use facial recognition for identification purposes.
We do NOT send spam or unsolicited marketing without your consent.
15. Changes to This Privacy Policy
- We may update this policy from time to time.
- Material changes will be communicated via email or in-app notification.
- The "Last Updated" date at the top of this page will be revised.
- Your continued use of Skinsign after being notified of changes constitutes acceptance.
16. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights:
- Email: info@skinsign.app
- Skinsign is operated from the United States.