Privacy Policy

We collect the following types of information:

Account Information

• Email address
• Display name
• Password (securely hashed using industry-standard algorithms — never stored in plain text)

Optional Onboarding Data

• Skin type (e.g., oily, dry, combination, sensitive, normal)
• Skin concerns (e.g., acne, aging, hyperpigmentation, dryness)
• Fitzpatrick scale skin type

Skincare Data

• Product names, brands, categories, ratings, and reviews
• Morning and evening skincare routines
• Daily check-ins including skin mood, notes, and completed routine steps
• Skincare journeys and associated progress data

Photos

Progress photos and product images are collected only when you explicitly grant camera or photo library permission. Photos are stored securely and are only visible to you unless you choose to share them.

Device & Usage Data

We collect basic device information (device type, operating system version) and general usage patterns to improve the App. We do not use advertising identifiers, tracking frameworks, or any third-party analytics that profile users.

We use the information we collect to:

• Provide, maintain, and improve the SkinDiary app
• Enable you to track your skincare routines, products, and progress
• Display your products, routines, check-in history, and skincare journeys
• Enable community features when you opt in to sharing content
• Improve app functionality and user experience
• Send essential account-related notifications
• Respond to your support requests and feedback

SkinDiary integrates with the following third-party services:

Supabase

We use Supabase as our cloud database and authentication provider. Supabase is hosted on Amazon Web Services (AWS). Your data is protected by row-level security (RLS) policies that ensure you can only access your own data. Supabase complies with SOC 2 Type II standards.

Open Beauty Facts API

When you scan a product barcode, we query the Open Beauty Facts database to retrieve product information. Only the barcode number is sent to this service — no personal information is transmitted.

We do NOT sell, rent, or share your personal information with third parties for marketing or advertising purposes.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS/SSL and encrypted at rest
• Authentication tokens are stored securely in your device's keychain (iOS Keychain)
• Row-level security (RLS) policies in our database ensure that each user can only access their own data
• Passwords are hashed using secure, one-way hashing algorithms and are never stored or transmitted in plain text

You have full control over your data:

• Access: View all your data directly within the App at any time
• Export: Request a complete copy of your data via Settings > Export My Data
• Delete: Permanently delete your account and all associated data via Settings. This action is irreversible.
• Correct: Edit your profile information, products, routines, and check-ins at any time within the App

Your data is retained for as long as your account remains active. If you choose to delete your account, all of your personal data — including your profile, products, routines, check-ins, photos, and journeys — will be permanently and irreversibly removed from our servers within 30 days, including from all backup systems.

SkinDiary is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it. If you believe a child under 13 has provided us with personal information, please contact us at support@skindiary.io.

For European Economic Area (EEA) Residents

If you are located in the EEA, we process your personal data based on your consent (provided at account registration) and our legitimate interest in providing and improving the App. You may withdraw your consent at any time by deleting your account. You have the right to access, rectify, port, and erase your data, as well as the right to restrict or object to certain processing activities.

For California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

• Know what personal information is being collected about them
• Request deletion of their personal information
• Opt out of the sale of their personal information

We do not sell personal information. To exercise any of these rights, contact us at support@skindiary.io or use the in-app account management features.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make significant changes, we will notify you through the App or via email. Your continued use of SkinDiary after such changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: support@skindiary.io