PRIVACY POLICY

Last updated: January 18, 2026

This Privacy Policy describes Our policies and procedures regarding the collection, use, and disclosure of Your information when You use the Service, and explains Your privacy rights under applicable laws, including GDPR, CCPA/CPRA, and CalOPPA. By using Our Service, You consent to the practices described in this Privacy Policy.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

══════════════════════════════════════════

TABLE OF CONTENTS

1. Interpretation and Definitions

2. Information We Collect

3. Legal Basis for Processing Your Data (GDPR) [NEW]

4. How We Use Your Information

5. Processing of Special Category/Health Data [NEW]

6. Sharing Your Information

7. International Data Transfers [ENHANCED]

8. Legal Rights and Compliance

9. Data Protection Officer (DPO) [NEW]

10. Data Retention

11. Your Privacy Choices

12. Security

13. Children's Privacy

14. Links to Other Websites

15. Changes to this Privacy Policy

16. Contact Us

17. Cookie Policy Details [NEW]

══════════════════════════════════════════

1. INTERPRETATION AND DEFINITIONS

Interpretation
Words with capitalized initial letters have specific meanings defined below. Singular and plural forms share the same meaning.

Definitions

• Account: A unique account created to access our Service.

• Affiliate: An entity that controls, is controlled by, or is under common control with a party.

• Application / Service: Refers to Betterskin, including its website (https://betterskin.app/) and app.

• Company / We / Us / Our: Betterskin.

• Cookies: Small files placed on Your device to store browsing data.

• Personal Data / Personal Information: Any information that identifies or can identify You.

• Special Category Data / Health Data [NEW]: Information about Your health, including skin conditions, treatments, symptoms, or other health-related information processed through the Service.

• Service Provider: Third-party companies or individuals who process data on Our behalf.

• Usage Data: Data collected automatically from Your use of the Service.

• You: The individual or entity accessing or using the Service.

• Data Controller [NEW]: Betterskin, responsible for determining how and why Your Personal Data is processed.

• Data Processor [NEW]: Third parties who process Personal Data on Our behalf under Our instructions.

══════════════════════════════════════════

2. INFORMATION WE COLLECT

Personal Data You Provide:

• Name, email address, billing address, and account information
• Pictures and other information from Your device if you allow camera/photo library access
• [NEW] Health and Skin-Related Information: Information about Your skin type, conditions, concerns, symptoms, skincare routines, product usage, treatment history, and photos of Your skin. This constitutes Special Category Data under GDPR Article 9.

Automatic Data Collection (Usage Data):

• Device type, IP address, browser type/version, pages visited, time/date of visit, unique identifiers
• Mobile device information (OS, unique IDs, mobile browser type)

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar technologies for analytics, personalization, and essential functions. Types include:

• Necessary / Essential Cookies – for authentication and core functions
• Functionality Cookies – to remember preferences
• Analytics / Performance Cookies – to track usage trends and improve Service

You may manage or disable cookies through Your device or browser settings. [NEW] When You first visit Our Service, You will be presented with a cookie consent banner allowing You to accept or reject non-essential cookies. You can change Your preferences at any time through Our cookie settings.

══════════════════════════════════════════

3. LEGAL BASIS FOR PROCESSING YOUR DATA (GDPR) [NEW]

We process Your Personal Data under the following legal bases:

a) Contract Performance (GDPR Article 6(1)(b))

To provide the Service You have requested, including:
• Creating and managing Your account
• Processing transactions and subscriptions
• Providing customer support

b) Consent (GDPR Article 6(1)(a) and Article 9(2)(a))

When You have given explicit consent for:
• Processing Special Category/Health Data (skin conditions, photos, health information)
• Marketing communications and newsletters
• Non-essential cookies and analytics
• Camera and photo library access

You may withdraw consent at any time by contacting hi.betterskin@gmail.com or using opt-out mechanisms.

c) Legitimate Interests (GDPR Article 6(1)(f))

For purposes such as:
• Improving and personalizing the Service
• Fraud prevention and security
• Analytics and research (using anonymized data where possible)
• Internal business operations

Our legitimate interests are balanced against Your rights and freedoms.

d) Legal Obligation (GDPR Article 6(1)(c))

To comply with legal and regulatory requirements, including tax and financial reporting.

══════════════════════════════════════════

4. HOW WE USE YOUR INFORMATION

We use Personal Data for purposes including:

• Providing and maintaining the Service
• Managing Your account and purchases
• Processing transactions through Apple Store, Google Play Store, Stripe, or bank transfer
• Sending emails and newsletters via Mailchimp or our email hi.betterskin@gmail.com
• Communicating updates, offers, or marketing (You may opt out at any time)
• Analyzing usage trends and improving Service performance
• [NEW] Providing personalized skincare recommendations based on Your skin type and concerns (with Your consent)
• Legal compliance and fraud prevention

══════════════════════════════════════════

5. PROCESSING OF SPECIAL CATEGORY/HEALTH DATA [NEW]

⚠️ IMPORTANT: Our Service collects and processes health-related information about your skin. This section explains how we handle this sensitive data and your enhanced rights.

What Health Data We Collect:

Our Service may collect and process health-related information, including:
• Skin conditions, sensitivities, and allergies
• Photos of Your skin
• Skincare treatment history and product reactions
• Symptoms and concerns related to skin health

Legal Basis for Health Data Processing:

We process health data only with Your EXPLICIT CONSENT under GDPR Article 9(2)(a). You provide this consent when You:
• Create an account and provide skin-related information
• Upload photos of Your skin
• Complete health questionnaires within the app

How We Use Health Data:

• To provide personalized skincare analysis and recommendations
• To track Your skin progress over time
• To improve Our Service and algorithms
• For anonymized research and product development

Your Rights Regarding Health Data:

You have enhanced rights regarding Your health data, including:
• Withdrawing consent at any time (without affecting prior lawful processing)
• Requesting deletion of all health-related information
• Obtaining a copy in a portable format
• Restricting how We use Your health data

Safeguards for Health Data:

• Encrypted storage and transmission
• Access restricted to authorized personnel only
• Regular security audits
• Anonymization for research purposes where possible
• NO SALE of health data to third parties

To withdraw consent or exercise Your rights regarding health data, contact hi.betterskin@gmail.com.

══════════════════════════════════════════

6. SHARING YOUR INFORMATION

We will only share Your Personal Data:

a) With Service Providers (Data Processors)

[NEW] We share Personal Data with the following categories of third-party processors who process data on Our behalf under written agreements:

• Payment Processors: Stripe, Apple App Store, Google Play Store (for payment processing)
• Email Service Providers: Mailchimp (for newsletters and marketing emails)
• Cloud Hosting: [Specify your hosting provider, e.g., AWS, Google Cloud] (for data storage and infrastructure)
• Analytics Services: [Specify, e.g., Google Analytics, Mixpanel] (for usage analytics)
• Customer Support Tools: [Specify if applicable] (for managing support requests)

[NEW] All processors are contractually required to:
• Process data only on Our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Assist with Your data protection rights
• Delete or return data when services end

b) With Affiliates

For Service delivery and business operations, subject to the same privacy standards.

c) During Business Transactions

During mergers, acquisitions, or sales of assets. [NEW] You will be notified of any change in data controller and Your rights under such circumstances.

d) Legal Requirements

With law enforcement or regulators if legally required. [NEW] We will notify You of such requests unless legally prohibited.

e) With Your Consent

For any other purposes with Your explicit permission.

⚠️ OUR COMMITMENT: We do NOT sell Your Personal Data to third parties. We do NOT sell or share Your health data with third parties for their marketing purposes.

══════════════════════════════════════════

7. INTERNATIONAL DATA TRANSFERS [ENHANCED]

Your Personal Data may be processed in countries outside the European Economic Area (EEA) where data protection laws may differ.

Transfer Safeguards:

When We transfer Personal Data outside the EEA, We ensure appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions
• Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
• Your Explicit Consent: Where required by law
• Processor Binding Corporate Rules: Where applicable

Current Transfer Destinations:

[NEW] Your data may be transferred to:
• United States (processors using SCCs or certified under EU-US Data Privacy Framework)
• [List other specific countries/regions where your service providers are located]

For more information about transfer mechanisms, contact hi.betterskin@gmail.com.

══════════════════════════════════════════

8. LEGAL RIGHTS AND COMPLIANCE

GDPR (EU/EEA Users)

You have the following rights under the General Data Protection Regulation (GDPR):

→ Right of Access (Article 15)
Request a copy of the Personal Data We hold about You.

→ Right to Rectification (Article 16)
Correct inaccurate or incomplete Personal Data.

→ Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of Your Personal Data in certain circumstances.

→ Right to Restriction of Processing (Article 18)
Limit how We use Your data while a dispute is resolved.

→ Right to Data Portability (Article 20)
Receive Your data in a structured, machine-readable format and transfer it to another controller.

→ Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.

→ Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time (without affecting prior lawful processing).

→ Right Not to Be Subject to Automated Decision-Making (Article 22) [NEW]
Our Service may use automated processing to provide skincare recommendations. You have the right to:
• Be informed of such processing
• Request human intervention
• Express Your view and contest decisions
• Opt-out of automated decision-making

How to Exercise Your Rights:

To exercise any of these rights, contact us at hi.betterskin@gmail.com. We will respond within ONE MONTH (extendable by two additional months for complex requests).

→ Right to Lodge a Complaint [NEW]

If You believe We have not handled Your Personal Data appropriately, You have the right to lodge a complaint with Your local supervisory authority:

• EU/EEA Residents: Contact Your national Data Protection Authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
• For example, if You are in Ireland: Data Protection Commission (www.dataprotection.ie)

──────────────────────────────────────────

CCPA / CPRA (California Users)

If You are a California resident, You have the right to:
• Know what Personal Data is collected, used, shared, or sold
• Request deletion of Your Personal Data
• Opt-out of the sale of Personal Data
• Non-discrimination for exercising these rights

To submit a request, contact us at hi.betterskin@gmail.com.

──────────────────────────────────────────

CalOPPA (California Online Privacy Protection Act)

Under CalOPPA, we:
• Post a privacy policy on the website
• Inform users of updates and effective dates
• Allow users to request changes to Personal Information

══════════════════════════════════════════

9. DATA PROTECTION OFFICER (DPO) [NEW]

We have appointed a Data Protection Officer to oversee GDPR compliance and handle data protection matters.

Contact Our DPO:
• Email: dpo@betterskin.app
• Or via: hi.betterskin@gmail.com (marked "Attention: DPO")

You may contact Our DPO regarding:
• Questions about data processing
• Exercising Your GDPR rights
• Data protection concerns or complaints
• Data breach notifications

══════════════════════════════════════════

10. DATA RETENTION

We retain Personal Data only as long as necessary for the purposes outlined, legal obligations, dispute resolution, or enforcement of agreements.

Typical Retention Periods:

• Account Information: Up to 24 months after account closure
• Customer Support Data: Up to 24 months
• Usage Data / Analytics: Up to 24 months
• [NEW] Health/Skin Data: Up to 24 months after account closure or until consent is withdrawn, whichever comes first
• [NEW] Marketing Data: Until You unsubscribe or withdraw consent
• [NEW] Financial Records: Up to 7 years for legal and tax compliance

Data may be anonymized or securely deleted after retention periods.

[NEW] You may request earlier deletion by contacting hi.betterskin@gmail.com. We will delete Your data within 30 days unless legally required to retain it.

══════════════════════════════════════════

11. YOUR PRIVACY CHOICES

You may:

• Update or delete Your account information
• Opt out of marketing emails via unsubscribe links
• Manage cookie preferences [NEW] through Our cookie settings panel
• Request deletion of Personal Data by contacting hi.betterskin@gmail.com
• [NEW] Withdraw consent for health data processing at any time
• [NEW] Download Your data in a portable format
• [NEW] Object to automated decision-making

══════════════════════════════════════════

12. SECURITY

We implement commercially reasonable technical and organizational measures to protect Your Personal Data. [NEW] These include:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and authentication
• Regular Security Audits: Penetration testing and vulnerability assessments
• Employee Training: Data protection training for all personnel
• Incident Response: Procedures for detecting and responding to breaches

[NEW] In the event of a data breach that poses a risk to Your rights and freedoms, We will notify:
• You (within 72 hours where feasible)
• The relevant supervisory authority (within 72 hours as required by GDPR Article 33)

However, no method of internet or electronic storage is 100% secure.

══════════════════════════════════════════

13. CHILDREN'S PRIVACY

Our Service is not directed to children under 16. We do not knowingly collect Personal Data from children under 16. [NEW] If We become aware that We have collected data from a child under 16 without parental consent, We will delete that information immediately. Parents may contact us to remove data collected from a child.

══════════════════════════════════════════

14. LINKS TO OTHER WEBSITES

Our Service may contain links to third-party sites. We are not responsible for their content, privacy policies, or practices. [NEW] We recommend reviewing the privacy policies of any third-party sites You visit.

══════════════════════════════════════════

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy. Updates will be posted on this page, with the "Last Updated" date revised. [NEW] For significant changes that materially affect Your rights, We will:

• Notify You by email (to the address on Your account)
• [NEW] Require Your renewed consent where legally required (e.g., for new uses of health data)
• Provide at least 30 days' notice before changes take effect

[NEW] Your continued use of the Service after changes take effect constitutes acceptance of the updated policy, except where consent is separately required.

══════════════════════════════════════════

16. CONTACT US

If you have questions about this Privacy Policy or Your rights, contact us:

• Email: hi.betterskin@gmail.com
• [NEW] Data Protection Officer: dpo@betterskin.app
• [NEW] Mailing Address: [Your company's registered address in the EU - required for GDPR]

[NEW] We will respond to Your inquiry within 30 days.

══════════════════════════════════════════

17. COOKIE POLICY DETAILS [NEW]

Essential Cookies
Required for basic Service functionality (login, security, session management). These cannot be disabled.

Functionality Cookies
Remember Your preferences (language, region, theme). You may disable these, but functionality may be affected.

Analytics Cookies
Help Us understand how You use the Service (pages visited, features used, errors encountered). We use [specify tools, e.g., Google Analytics with IP anonymization].

Marketing Cookies
Used to deliver personalized marketing and measure campaign effectiveness. You may opt-out through Our cookie settings.

Managing Cookies:

• In-App Settings: Access cookie preferences in [Settings > Privacy > Cookie Preferences]
• Browser Settings: Configure cookie preferences in Your browser
• Third-Party Opt-Outs:

• Google Analytics: https://tools.google.com/dlpage/gaoptout

• [List other third-party opt-out mechanisms]

For more information, see Our full Cookie Policy at [link to cookie policy if separate].

══════════════════════════════════════════

END OF PRIVACY POLICY

All changes from the original policy are marked with [NEW] or [ENHANCED]

For a detailed summary of all GDPR enhancements, please refer to the accompanying "GDPR Changes Summary" document.