Privacy Policy

Skinalyzer is operated by the team behind skinalyzer.io. If you are a Visitor scanning your skin through a Clinic's link, the Clinic is the recipient of your contact details and acts as an independent data controller for any follow-up they choose to send you. We are the controller for our own platform data and a processor on behalf of the Clinic for lead data routed through their scanner.

We collect the following categories of information:

• Selfie photos. When a Visitor uses a scanner, they capture or upload a photo of their face. We process this image to generate a skin analysis.
• Contact details. Visitor name, email address, phone number, and treatments of interest submitted on the scanner form before viewing results.
• Skin analysis results. The scores, skin type, and recommendations generated from the photo.
• Clinic account data. For Clinic users: email, password (hashed), scanner link slug, plan selection, and dashboard activity.
• Device and usage data. IP address, browser type, device type, pages viewed, referring URL, and timestamps. We use this to operate, secure, and improve the service.
• Cookies and local storage. We use strictly necessary cookies to keep you signed in and to remember session state. We do not run third-party advertising trackers on the scanner.

We use the information we collect to:

• Generate a personalized skin analysis from the submitted photo.
• Deliver the report to the Visitor and to the Clinic that operates the scanner link.
• Provide the Clinic dashboard, including lead lists, scan results, and account settings.
• Operate, maintain, secure, and improve Skinalyzer, including debugging and fraud prevention.
• Communicate with Clinic account holders about their account, product updates, and service notices.
• Comply with legal obligations and enforce our terms.

Selfie photos are processed in order to produce a skin report. The image is transmitted to our AI processor (OpenAI) for analysis and is stored on our infrastructure (Supabase) so that the Clinic can view the corresponding lead in their dashboard. We do not sell photos, and we do not use them to train public foundation models. Visitors can request deletion of their photo and lead record at any time by emailing admin@skinalyzer.io.

We share information with the following service providers strictly to operate the platform:

• Supabase — authentication, database, and photo storage.
• OpenAI — AI model used to analyze submitted photos and produce skin reports.
• Sendblue — iMessage messaging (Pro plan only, when a Clinic enables the booking agent).
• Hosting and infrastructure providers that run our application and databases.

These providers are bound by their own terms and privacy policies and may only use the data we send them to deliver their service to us.

When a Visitor submits their information on a Clinic's scanner link, the Visitor's contact details, selected treatments, and skin analysis are made available to that Clinic so they can follow up. Visitors should review the Clinic's own privacy practices for how they use that information after receiving it.

We keep Clinic account data for as long as the account is active. We keep lead records (including selfies, contact details, and results) for as long as the associated Clinic account is active or as needed to provide the service. We may retain certain records longer where required for legal, security, or accounting purposes. You can request deletion at any time using the contact details below.

Depending on where you live, you may have the right to access, correct, export, or delete personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, contact us at admin@skinalyzer.io. We will respond within a reasonable time and may need to verify your identity before acting on a request.

We use reasonable administrative, technical, and physical safeguards to protect the information we hold, including transport encryption (HTTPS), access controls, and hashed passwords. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Skinalyzer is intended for users 18 years of age or older. Visitors should not submit a selfie of a minor, and Clinic account holders must be of legal age in their jurisdiction. If you believe we have collected information about a minor, please contact us so we can delete it.

Skinalyzer is operated from the United States. If you use the service from another country, your information will be transferred to and processed in the United States and other countries where our service providers operate.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, notify Clinic account holders. Continued use of the service after a change constitutes acceptance of the revised policy.

Questions, concerns, or requests related to this Privacy Policy can be sent to admin@skinalyzer.io.