← Back to SkinScan

Privacy Policy

Last updated: June 2026

1. What We Do

SkinScan is a cosmetic skin analysis tool. It uses AI to analyse a selfie you provide and generates a personalised cosmetic report including skin type, texture observations, and suggested skincare ingredients. SkinScan is NOT a medical device and does NOT provide medical advice, diagnosis, or treatment.

2. Data We Collect

  • Email address — to identify your account and deliver your analysis report.
  • Selfie photo — processed by our AI model to generate your cosmetic analysis.
  • Analysis results — the text-based report generated from your selfie.
  • Consent preferences — your choices regarding analysis consent and photo storage, including timestamps.

3. How We Use Your Photo

By default, your selfie is processed in memory only and is permanently deleted immediately after your analysis is complete. It is not stored on our servers unless you explicitly opt in.

If you choose to opt in to photo storage, your photo is securely stored in encrypted cloud storage (AWS S3) so you can track your skin's progress over time. Stored photos are retained for a maximum of 365 days and can be deleted at any time by you.

4. Third-Party Services

  • Google Gemini AI — processes your selfie to generate the analysis. Google's data processing policies apply to the image during processing.
  • Neon (PostgreSQL) — stores your account data and analysis results.
  • AWS S3 — stores photos only if you opt in to progress tracking.
  • Resend — delivers your report email.
  • Cloudflare Turnstile — CAPTCHA verification to prevent automated abuse.

5. Your Rights (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023 (India), you have the right to:

  • Access — view all data we hold about you.
  • Correction — request corrections to your personal data.
  • Erasure — permanently delete your account, all analysis results, and any stored photos. This can be done directly within the app or by contacting us.
  • Withdraw consent — you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing done before withdrawal.

6. Data Retention

  • Non-opted-in photos: Deleted immediately after analysis.
  • Opted-in photos: Retained for up to 365 days, then automatically deleted.
  • Analysis results and account data: Retained until you request deletion.

7. Security

We use industry-standard encryption (TLS/HTTPS) for all data in transit, encrypted cloud storage for data at rest, and access controls to limit who can access your data. However, no system is 100% secure.

8. Contact Us

For any questions about your data, deletion requests, or privacy concerns, contact us at:

privacy@skinscan.in