Privacy Policy
This Privacy Policy explains what information Skincoach collects, how we use it, and the choices you have. We built Skincoach to be private by design — your skin is personal, and your data should stay yours.
In short: your scan photos are used to generate your skin profile and routine. You can delete your account and associated data at any time from inside the app.
1. Who we are
Skincoach (“we”, “us”, “our”) is the Skincoach mobile application, operated under the name Skincoach by an independent individual developer based in Cyprus. For the purposes of the EU/UK General Data Protection Regulation (GDPR), that developer is the data controller responsible for your personal data. For general questions contact us at support@skincoach.ink; for data-protection requests and to exercise your privacy rights you can also write to privacy@skincoach.ink.
2. Information we collect
- Account information (Sign in with Apple) — we use Apple’s Sign in with Apple to create your account. From Apple we receive a unique identifier and, only if you choose to share it, your name and email (which may be Apple’s private relay address). We do not receive your Apple password.
- Skin scan photos (facial images) — selfies you choose to capture or upload so the app can analyze your skin. Because these are images of your face analyzed to derive characteristics about you, we treat them as sensitive personal data and handle them with extra care (see Section 4).
- Skin profile data — quiz answers and derived metrics such as your skin score, hydration and focus areas.
- Routine & progress data — steps you complete and check-ins you record over time.
- Usage & device data — basic, non-identifying diagnostics that help us keep the app stable.
3. How we use your information
- To analyze your scans and generate your personalized skin profile and routine.
- To track your progress and show how your skin changes over time.
- To provide answers in the coach chat that are relevant to your routine and results.
- To operate, secure and improve the app.
We do not sell or “share” your personal data (as those terms are defined under California law), and we do not use your scan photos for advertising or to train third-party models.
4. Facial images & your explicit consent
Your skin scans are photographs of your face that we analyze to estimate skin characteristics. Under the GDPR and similar laws, this may qualify as special-category / biometric data. We process your scans only with your explicit consent, which you give when you choose to capture or upload a scan in the app. You can withdraw consent at any time by deleting individual scans or your whole account; withdrawal does not affect processing carried out before withdrawal. We do not use facial recognition to identify you across services, and we do not share your scans with advertisers.
Your scans are retained so you can see your skin history and progress over time. You can delete any individual scan, or all of them together with your account, at any time from inside the app (see Section 7).
5. Legal bases for processing (EU/UK users)
If the GDPR applies to you, we rely on the following legal bases:
- Consent (Art. 6(1)(a) and Art. 9(2)(a)) — for processing your facial scans and generating your skin analysis.
- Contract (Art. 6(1)(b)) — to provide the app features and subscription you sign up for.
- Legitimate interests (Art. 6(1)(f)) — to keep the app secure, stable and to improve it, balanced against your rights.
- Legal obligation (Art. 6(1)(c)) — where we must retain limited records to comply with the law.
6. Subscriptions & payments
Purchases are processed by Apple through the App Store. We do not receive or store your full payment details. Subscription management and billing are handled by Apple under their terms.
7. Data retention & deletion
We keep your data while your account is active. You can delete your account and associated data at any time from Profile → Delete account inside the app, or by emailing us. Once deleted, your scan photos and profile are permanently removed from our active systems and backups within 30 days, except where we must retain limited records to meet legal obligations.
8. Sharing & processors
We share data only with trusted service providers (“processors”) who help us run the app and act on our instructions under contracts that require them to protect your data. These currently include:
- Apple — Sign in with Apple and App Store payment processing.
- Supabase — secure cloud database and backend hosting where your account, profile and scans are stored.
- OpenAI — AI processing used to analyze your skin scans and power the coach chat. Your scan images and related inputs are sent to OpenAI’s API solely to generate your results. OpenAI does not use data submitted through its API to train its models.
- RevenueCat — subscription management, which receives purchase and subscription status (not your card details).
We do not currently use any third-party advertising, analytics or crash-reporting services. We may also disclose information if required by law or to protect our legal rights. We do not sell your data.
9. International data transfers
Your data may be processed in countries outside your own, including outside the EU/EEA. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or an adequacy decision, so that your data remains protected.
10. How we protect your data (security)
We take reasonable technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS) and at rest, access controls that limit who can reach your information, and a backend with row-level security so your data is only accessible to you. Your scans are processed only to generate your results.
No method of transmission or storage is ever completely secure, so we cannot guarantee absolute security. In the event of a data breach that affects your personal data, we will act promptly to contain it and will notify you and the competent supervisory authority where required by law.
11. Cookies & tracking
Our website (skincoach.ink) does not use advertising or third-party tracking cookies. It loads web fonts from Google Fonts, which may receive your IP address as a technical necessity to serve the font files. The Skincoach app itself does not use third-party advertising or analytics SDKs.
12. Your rights
Depending on where you live, you may have the right to access, correct, export (portability), delete or restrict your personal data, to object to certain processing, and to withdraw consent. To exercise any of these, email privacy@skincoach.ink. We will respond within the timeframe required by applicable law (generally one month under the GDPR) and will not discriminate against you for exercising your rights. To protect your account, we may ask you to verify your identity — for example, by contacting us from the email address linked to your account — before we action a request.
EU/UK users: you also have the right to lodge a complaint with your local data protection supervisory authority (in Cyprus, the Office of the Commissioner for Personal Data Protection).
California users (CCPA/CPRA): you have the right to know what personal information we collect and how it is used, to request deletion, and to opt out of sale or sharing. We do not sell or share your personal information, and we do not use sensitive personal information for purposes beyond providing the app. You may exercise these rights at the email above.
13. Children
Skincoach is intended only for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.
14. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the “last updated” date above. Material changes affecting how we use your scans will be notified in the app.
15. Contact
Questions? Email support@skincoach.ink. Privacy and data-protection requests: privacy@skincoach.ink.