SkinLogic Privacy Policy

Effective Date: May 14, 2026 Last Updated: May 14, 2026

A Quick Summary

We've designed SkinLogic so that your personal information stays with you. We don't store your skincare profile, check-ins, photos, or any identifying information on any server we operate. Everything you enter is kept on your device and, if you have iCloud enabled, in your own private iCloud storage that only you can access.

The single exception is the photo scan feature: when you choose to scan an ingredient label, that image is briefly sent through a SkinLogic-operated Firebase Functions proxy to Google Cloud Vision for text recognition, then the recognized text comes back to your device. The image is not stored. Section 5(b) explains this in detail.

Aside from that one feature, this Privacy Policy is shorter and more concrete than most. It explains exactly what data SkinLogic collects on your device, which limited third-party services we contact, and the rights you have over your data.

1. Who We Are

SkinLogic is operated by Stefano Anania, a sole proprietor based in California, United States ("we," "us," "our," "SkinLogic"). For the purposes of the European Union General Data Protection Regulation ("GDPR"), Stefano Anania is the data controller for personal information you provide through the Services.

You can reach us about privacy matters at hello@skinlogicapp.com.

2. What This Privacy Policy Covers

This Privacy Policy describes our practices regarding personal information collected through:

• The SkinLogic iOS mobile application
• The skinlogicapp.com website
• Any related communications you have with us (for example, by email)

Together, these are the "Services." This Privacy Policy does not apply to third-party services that integrate with the Services — those are governed by the third party's own privacy policy, as listed in Section 8.

3. The Information We Collect

a. Information You Provide in the App

When you set up and use SkinLogic, you may provide the following information, which is stored on your device and (if iCloud is enabled) in your private iCloud container:

Profile information

• Name (free-text, optional)
• Age
• Gender identity (optional)
• Fitzpatrick skin phototype (I–VI)
• Skin type (dry, normal, combination, oily)
• Skin concerns and their reported severity and duration
• Concern priority ranking
• Makeup habits
• Facial hair (where applicable)
• Retinol sensitivity (yes/no)
• Approximate location, derived from device location services if you grant permission. SkinLogic requests kilometer-level accuracy from CoreLocation and, before transmitting any coordinate to a third-party API, rounds latitude and longitude to two decimal places (≈ 1.1 km at the equator). The coordinates that leave your device never carry house-level precision.

Pregnancy and lactation information (special-category data)

• Pregnancy status (none / trying to conceive / pregnant / breastfeeding)
• Estimated due date (when pregnant)
• Breastfeeding start date (when breastfeeding)

Ongoing app activity

• Daily check-in entries (oiliness, dryness, redness, breakouts, general feeling, lips chapped or sore)
• Routine adherence logs (which steps you applied or skipped, and skip reasons)
• Progress photos saved to your in-app Vault (stored as encoded images on your device and in iCloud)
• Routine plans you generate and save
• Treatments tracked in your treatment log
• Owned products list
• Watchlist of ingredients
• Saved routine analyses and scan history
• Profile avatar (if you set one)
• Academy lesson progress
• Reminder preferences and notification settings

b. Information Collected Automatically by the App

Like any iOS application, SkinLogic processes some information automatically while you use it. None of this is transmitted to SkinLogic's developer. It includes:

• Standard iOS device information used at runtime (device model, iOS version, screen size, language preference)
• Apple-managed StoreKit transaction history for any in-app purchases you make (visible to you in your Apple ID, used by the app only to verify your entitlement)
• Local timestamps for routine adherence and check-ins
• Background-task scheduling metadata used for weather refresh and notification timing

c. Information We Do Not Collect

To be clear about what is not collected:

• We do not collect your email address, password, or any account credentials (SkinLogic has no user accounts)
• We do not collect device identifiers (IDFA, IDFV) for advertising purposes
• We do not use any third-party analytics, crash reporting, behavioral tracking, or attribution SDKs (no Crashlytics, no Firebase Analytics, no Mixpanel, no Amplitude, no AppsFlyer, no Branch, no Sentry, no Adjust, no Segment, no PostHog, or similar). Section 5 of this Privacy Policy discloses the limited set of third-party services SkinLogic does use — all for product features (text recognition, weather data) or security (app attestation), not for behavioral analytics.
• We do not use third-party advertising networks
• We do not access your contacts, calendar, microphone (beyond the device's built-in privacy controls), Health app data, or motion data
• We do not record or transmit your interactions with the app
• We do not use cookies or similar tracking technologies in the iOS application itself (see our Cookie Policy for the limited use of cookies on our website)

4. Special-Category (Sensitive) Data — GDPR Article 9

Several categories of information that SkinLogic collects qualify as special-category personal data under Article 9 of the GDPR, because they concern health. These include:

• Your reported skin concerns and their severity
• Your Fitzpatrick phototype and retinol sensitivity
• Your pregnancy status, estimated due date, and breastfeeding start date
• Your daily check-in entries (oiliness, dryness, redness, breakouts, lips chapped or sore, general feeling)

a. Explicit Consent

Before SkinLogic collects any of this special-category information, you are presented with a dedicated consent step during onboarding. This step explains the categories of health information SkinLogic will process and asks you to confirm an unchecked checkbox that reads:

"I consent to the local processing of my health and skin data on this device for personalized recommendations."

You may proceed past this step and into the health-related questions of onboarding only if you affirmatively check this box. This separate, granular, and unchecked-by-default action is intended to satisfy the standard for explicit consent under GDPR Article 9(2)(a) for the processing of special-category data.

b. Local-Only Processing

Once given, your consent authorizes SkinLogic to process this data only on your device and in your own private iCloud storage under your Apple ID. The data is never transmitted to SkinLogic's developer or to any third party. The only exception is the contents of product label photographs that you choose to scan and submit through Google Cloud Vision API; see Section 5(b) above for the responsibilities and limitations that apply to that flow.

c. Withdrawal of Consent

You can withdraw your consent at any time. Withdrawal of consent means SkinLogic will stop processing your special-category data going forward; it does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, you may:

• Clear individual fields in your Profile (the underlying data is deleted from your device and iCloud at the same time)
• Use the "Clear health data" option in your Profile (which deletes all special-category data at once)
• Uninstall the SkinLogic application and delete the SkinLogic container from iOS Settings → [Your Name] → iCloud → Manage Storage → SkinLogic

If you withdraw consent, features that depend on health data (such as pregnancy-safe ingredient filtering and personalized routine generation) will no longer operate.

5. Third-Party Services We Contact

SkinLogic contacts a small number of third-party services in order to provide specific features. These services are listed below, along with what is sent to each one and why.

a. Apple, Inc.

Apple is involved in your use of SkinLogic in several ways:

• App Store distribution and in-app purchase processing — Apple handles all payments. SkinLogic's developer does not see your payment information.
• iCloud and CloudKit — If you have iCloud enabled and are signed in to your Apple ID, the data SkinLogic stores on your device is mirrored to your private iCloud container under your Apple ID. The data is stored on Apple's infrastructure but remains under your control and is not visible to SkinLogic's developer.
• Local notifications — SkinLogic schedules reminders through Apple's UserNotifications framework. Notification content is composed on your device and not transmitted anywhere.

Apple's handling of your data is governed by the Apple Privacy Policy.

b. Google LLC — Firebase Cloud Functions, Firebase App Check, and Google Cloud Vision

When you use SkinLogic's photo scan feature to photograph a product's ingredient label, the image is processed through a small server-side proxy that SkinLogic operates on Firebase Cloud Functions (a Google Cloud product). The function receives your image, calls Google Cloud Vision API server-side to extract text from it, and returns the recognized text to your device. The rest of the analysis happens locally on your device.

The reason for the proxy: keeping the Google Cloud Vision credentials off the device protects the service from abuse and avoids embedding API keys in the app binary. SkinLogic's Firebase Functions instance does not store your images and does not log image content.

What SkinLogic transmits

• The base64-encoded image you have just captured, sent to SkinLogic's Firebase Functions endpoint
• A short-lived Firebase App Check attestation token, automatically generated by Apple's DeviceCheck / App Attest framework on your device, used to verify that the request is coming from a genuine SkinLogic installation (not from a script or modified client trying to abuse the service)
• SkinLogic does not attach your name, email, profile information, skin concerns, pregnancy status, location, IDFA, IDFV, or any other identifier that would link the image to you

What may nonetheless be visible in the image — your responsibility

The image you submit contains whatever you have captured in the camera frame. If you photograph a prescription label that shows your full name, your doctor's name, or pharmacy details; if you photograph yourself in a mirror reflection holding the product; or if any other personally identifiable information happens to appear in the frame, that information will be transmitted to the Firebase Functions endpoint and from there to Google Cloud Vision as part of the image, because it is part of the image you captured. You are responsible for the contents of the photographs you submit through the scan feature. We strongly recommend framing your photographs to capture only the ingredient list, with no personal information, no faces, and no prescription details visible. The first time you open the camera in SkinLogic, the app displays a brief tip reminding you of this.

Where the image is processed

• Firebase Functions (Google Cloud) servers in the United States
• Google Cloud Vision servers in the United States

Google's handling of the image

Governed by Google Cloud's data processing terms and Firebase's data processing terms. Images submitted to the Vision API through the standard endpoint are not used to train Google's models. Google's terms include the European Commission's Standard Contractual Clauses for international transfers. App Check attestation tokens are short-lived and used only to verify request authenticity — they do not identify you personally.

Firebase Functions request logs

Firebase Functions automatically records standard request metadata (your IP address, the timestamp, and the size and HTTP status of the request, but not the image contents) in Google Cloud's operational logs. SkinLogic does not access or analyze these logs except for incident response if the service is being abused. Google retains these logs in accordance with Firebase's own retention policies.

Opting out

If you do not want any image transmitted, simply do not use the photo-based label scan feature. The barcode scan feature does not contact Firebase, Google Cloud Vision, or any other Google service — it queries only Open Beauty Facts (see Section 5(c) below).

c. Open Food Facts Association — Open Beauty Facts

When you scan a product barcode or search for a product by name, SkinLogic queries the Open Beauty Facts public database to retrieve the ingredient list and basic product information.

• What is sent: the barcode string or your text query, and a generic SkinLogic user-agent identifier
• What is NOT sent: any personal information about you
• Operator: Open Food Facts Association, a non-profit based in France
• Terms: governed by the Open Beauty Facts Terms of Use

d. Open-Meteo

SkinLogic uses the Open-Meteo public weather API to retrieve forecast and climate baseline data, which it uses to tailor routine recommendations (for example, suggesting hydration adjustments in dry climates).

• What is sent: rounded latitude and longitude (rounded on your device to two decimal places, ≈ 1.1 km / city-level precision, before the request is sent — derived from your device's location services, only if you have granted location permission)
• What is NOT sent: any identifier linking the request to you personally; no precise GPS coordinate
• Operator: Pascal Luginbühl (Switzerland)
• Terms: governed by the Open-Meteo Terms

e. Amazon.com, Inc. — Public Image CDN

For recommended product suggestions in the "Our Picks" section, SkinLogic loads product images from Amazon's public image content delivery network. This is purely an image fetch — no purchase, no account linking, no tracking pixel.

• What is sent: standard HTTPS image requests for publicly available Amazon product image URLs, addressed by Amazon Standard Identification Number (ASIN)
• What is NOT sent: any identifier linking the request to you personally; no profile data
• Amazon's request logs: Amazon may log standard request metadata (your IP address, user-agent, timestamp) as it does for any web image request. SkinLogic does not transmit anything beyond what a standard browser image request would.
• Current sourcing arrangement — important to know: SkinLogic currently retrieves these images directly from Amazon's public CDN without going through Amazon's official Product Advertising API. This is technically permitted by Amazon for incidental display use, but Amazon may at any time change image URLs, block requests, or revoke access. SkinLogic is in the process of migrating to either Amazon's official Product Advertising API (under the Amazon Associates program) or hosting product images on its own infrastructure; the migration does not affect what data is sent — only the source of the image.

6. How and Why We Use Information

We use the information described above for the following purposes:

We do not use your information for advertising, profiling for marketing, automated decision-making that has legal effects, or any purpose other than those listed above.

7. How Information Is Stored and Retained

a. On Your Device

All app data is stored locally on your iOS device using Apple's SwiftData persistence framework. The storage container is created with iOS's FileProtectionType.completeUnlessOpen data-protection class, which means:

• The database file is encrypted at rest while your device is locked.
• The file can remain readable to the SkinLogic app if the app already has it open when the device locks (so background tasks scheduled by SkinLogic — like weather refresh, climate baseline updates, and routine reminders — can complete after the device locks).
• A locked device that is not running SkinLogic in the background cannot decrypt the file without your passcode.

This protection class is intentionally stronger than the SwiftData default (completeUntilFirstUserAuthentication) but slightly less restrictive than complete, which would disable the background features above. The chosen level is the strictest setting compatible with SkinLogic's reminder and weather-refresh features.

Vault photo files and other files SkinLogic writes to the Documents directory (such as your avatar image) use the same completeUnlessOpen protection class.

b. In Your Private iCloud Container

If you have iCloud enabled and are signed in to an Apple ID, SwiftData mirrors the app's data to your private iCloud container managed by Apple (container identifier iCloud.com.skinlogic.skinlogic). This data is encrypted in transit and at rest by Apple, and is accessible only to you through your Apple ID. SkinLogic's developer cannot access this data.

c. Retention

Because SkinLogic does not hold a server-side copy of your data:

• Data is retained on your device and in your iCloud for as long as you keep the SkinLogic application installed and have iCloud enabled
• You may delete any individual field at any time within the app, which removes the data from your device and iCloud
• Uninstalling the application removes the data from your device. To also remove the iCloud copy, delete the SkinLogic data from iOS Settings → [Your Name] → iCloud → Manage Storage → SkinLogic
• We retain emails you send to us about privacy or support matters for as long as is reasonably necessary to handle the inquiry and to comply with our legal obligations

8. International Data Transfers

Because of the third-party services SkinLogic uses, some data may be transferred outside of your country of residence:

• Google Cloud Vision processes product label images on Google's servers in the United States. Google's Data Processing Terms include the European Commission's Standard Contractual Clauses (SCCs), which provide the legal basis for transfers from the European Economic Area to the United States.
• Open-Meteo processes location queries on servers in Switzerland (which the European Commission recognizes as providing an adequate level of data protection).
• Apple iCloud stores your data in regional Apple data centers; if you are an EU user, your iCloud data is processed in accordance with Apple's GDPR commitments.

No other transfers of personal information take place, because no other personal information is collected.

9. Your Rights

a. Universal Rights

Regardless of where you live, you have the following rights with respect to your personal information in SkinLogic:

• Right to access: All your data is visible to you directly in the SkinLogic app — review it in your Profile, Onboarding, check-in history, vault, and routine screens. You can also see iCloud-synced data in iOS Settings → [Your Name] → iCloud → Manage Storage → SkinLogic.
• Right to deletion: Because SkinLogic stores your data only on your device and in your private iCloud account, you can delete it yourself at any time:
• Clear individual fields in the app (deletion is reflected on your device and in iCloud)
• Uninstall the SkinLogic application from your device
• Delete the SkinLogic data from iCloud through iOS Settings → [Your Name] → iCloud → Manage Storage → SkinLogic

We hold no server-side copy of your data to delete on your behalf. If you would like guidance with this process, email us at hello@skinlogicapp.com.

• Right to portability: Photos in your vault are exportable using iOS's standard sharing mechanisms. For data without a built-in export path (such as your routine history), email us at hello@skinlogicapp.com and we will help you retrieve it.
• Right to correct: You can correct any information directly in the app at any time.

b. Additional GDPR Rights (EU, EEA, UK, Switzerland)

If you are located in the European Union, the European Economic Area, the United Kingdom, or Switzerland, you also have the following rights under the GDPR:

• Right to object to processing based on legitimate interests
• Right to restrict processing
• Right to withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal)
• Right to lodge a complaint with your national data protection supervisory authority

To exercise any of these rights, contact us at hello@skinlogicapp.com. We will respond within 30 days. We may ask you to verify your identity before responding (for example, by contacting us from an email address associated with the device on which you use SkinLogic).

c. Additional California Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"):

• Right to know what personal information we collect, use, and share (this Privacy Policy describes this)
• Right to delete personal information (see Section 9(a))
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information — we do not sell or share your personal information for advertising or any other purpose, so there is nothing to opt out of
• Right to limit use of sensitive personal information — we only use sensitive personal information (your pregnancy and skin-health data) for the purposes you have explicitly consented to
• Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at hello@skinlogicapp.com.

d. Other U.S. State Privacy Rights

Residents of other U.S. states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others) have rights similar to those described above. Contact us at hello@skinlogicapp.com to exercise them.

10. Children's Privacy

SkinLogic is intended only for individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from someone under 18, we will delete that information as soon as possible. If you believe a person under 18 has provided us with personal information, please contact us at hello@skinlogicapp.com.

11. Security

We rely on the following security mechanisms to protect your information:

• On-device storage: SwiftData container and all SkinLogic-written files use FileProtectionType.completeUnlessOpen (see Section 7(a)), which encrypts the data at rest when the device is locked.
• iCloud sync: Apple manages encryption in transit and at rest for the private CloudKit container; data is bound to your Apple ID and not visible to SkinLogic's developer.
• Photo-scan proxy: HTTPS-only traffic from the device to the SkinLogic Firebase Functions endpoint; the function itself is gated by Firebase App Check, which uses Apple's DeviceCheck / App Attest to verify the request originates from a genuine SkinLogic installation — preventing scripts or modified clients from abusing the proxy.
• App Store delivery: SkinLogic is code-signed by Apple and distributed only through the App Store, which performs static and dynamic security checks before approval.

The architecture intentionally minimizes the server-side surface area. The only personal information that ever leaves your device is the contents of product label photos you choose to scan (Section 5(b)) and the rounded weather coordinates (Section 5(d)). Everything else — your profile, check-ins, vault photos, routine history, and any health information — stays on your device and in your private iCloud container, and is never visible to SkinLogic's developer.

No system is completely secure, but the local-first architecture of SkinLogic means there is no central database of user profiles for an attacker to breach: a compromise of SkinLogic's developer's accounts cannot expose your skin profile or health data, because we do not store either of those server-side. The most an attacker could compromise on our side is the Firebase Functions proxy itself, which only ever sees ingredient-label images briefly during the OCR round-trip and stores no user identifiers.

You are responsible for the security of the device on which you use SkinLogic, and for the security of your Apple ID.

12. Do Not Track and Global Privacy Control

SkinLogic does not engage in cross-site or cross-app tracking, so there is no tracking behavior to disable in response to "Do Not Track" headers or Global Privacy Control signals. The Apple App Tracking Transparency (ATT) framework is not relevant to SkinLogic because we do not use tracking SDKs.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time — for example, to reflect changes in the Services, in the third-party providers we use, or in applicable law. When we make a material change, we will update the "Last Updated" date at the top and provide additional notice through the Services (for example, an in-app prompt) before the change takes effect.

Your continued use of the Services after a change to this Privacy Policy constitutes your acceptance of the change.

14. How to Reach Us

For any question, concern, request, or complaint regarding this Privacy Policy or our handling of your personal information, please contact:

Stefano Anania (dba SkinLogic) Email: hello@skinlogicapp.com California, United States

We aim to respond to all privacy inquiries within 30 days.

This Privacy Policy is adapted in structure from the Automattic Privacy Policy by Automattic, Inc., used under CC BY-SA 4.0. Substantive content has been substantially rewritten to reflect SkinLogic's local-only data architecture. This document is made available under the same license.