Privacy Policy
Privacy Policy
PRIVACY POLICY
Last updated: February 11, 2026
This Privacy Policy describes Our policies and procedures regarding the collection, use, and disclosure of Your information when You use the Service, and explains Your privacy rights under applicable laws, including GDPR, CCPA/CPRA, and CalOPPA. By using Our Service, You consent to the practices described in this Privacy Policy.
We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
────────────────────────────────────────────────────────────
TABLE OF CONTENTS
1. Interpretation and Definitions
2. Information We Collect
3. Legal Basis for Processing Your Data (GDPR)
4. How We Use Your Information
5. Processing of Special Category/Health Data
6. Sharing Your Information
7. International Data Transfers
8. Legal Rights and Compliance
9. Data Protection Officer (DPO)
10. Data Retention
11. Your Privacy Choices
12. Security
13. Children’s Privacy
14. Links to Other Websites
15. Changes to this Privacy Policy
16. Contact Us
17. Cookie Policy Details
18. Apple App Tracking Transparency (ATT)
────────────────────────────────────────────────────────────
1. INTERPRETATION AND DEFINITIONS
Interpretation
Words with capitalized initial letters have specific meanings defined below. Singular and plural forms share the same meaning.
Definitions
Account: A unique account created to access our Service.
Affiliate: An entity that controls, is controlled by, or is under common control with a party.
Application / Service: Refers to Betterskin, including its website (https://betterskin.app/) and app.
Company / We / Us / Our: Betterskin.
Cookies: Small files placed on Your device to store browsing data.
Personal Data / Personal Information: Any information that identifies or can identify You.
Special Category Data / Health Data: Information about Your health, including skin conditions, treatments, symptoms, or other health-related information processed through the Service.
Service Provider: Third-party companies or individuals who process data on Our behalf.
Usage Data: Data collected automatically from Your use of the Service.
You: The individual or entity accessing or using the Service.
Data Controller: Betterskin, responsible for determining how and why Your Personal Data is processed.
Data Processor: Third parties who process Personal Data on Our behalf under Our instructions.
Tracking: The collection of data about a user or device for the purpose of targeted advertising, advertising measurement, or sharing with data brokers, as defined by Apple’s App Tracking Transparency framework.
────────────────────────────────────────────────────────────
2. INFORMATION WE COLLECT
Personal Data You Provide
Name, email address, billing address, and account information
Pictures and other information from Your device if you allow camera/photo library access
Health and Skin-Related Information: Information about Your skin type, conditions, concerns, symptoms, skincare routines, product usage, treatment history, and photos of Your skin. This constitutes Special Category Data under GDPR Article 9.
Automatic Data Collection (Usage Data)
Device type, IP address, browser type/version, pages visited, time/date of visit, unique identifiers
Mobile device information (OS, unique IDs, mobile browser type)
Cookies and Tracking Technologies
Our website (betterskin.app) uses Framer's built-in analytics, which are cookieless and privacy-compliant. We do not use tracking cookies on Our website. Our mobile app does not use cookies. For more details, see Section 17.
Device Permissions
Our app may request access to the following device features. Each permission is requested only when needed and You may deny or revoke access at any time through Your device settings:
Camera Access: Used to take photos of Your skin for analysis and progress tracking. We request this permission when You choose to take a new photo within the app. This corresponds to the iOS permission prompt: "We use your camera to take photos of your skin for analysis and progress tracking."
Photo Library Access: Used to select existing photos from Your device for skin analysis. This corresponds to the iOS permission prompt: "We use your photo library so you can select existing photos of your skin for tracking."
────────────────────────────────────────────────────────────
3. LEGAL BASIS FOR PROCESSING YOUR DATA (GDPR)
We process Your Personal Data under the following legal bases:
a) Contract Performance (GDPR Article 6(1)(b))
To provide the Service You have requested, including:
Creating and managing Your account
Processing transactions and subscriptions
Providing customer support
b) Consent (GDPR Article 6(1)(a) and Article 9(2)(a))
When You have given explicit consent for:
Processing Special Category/Health Data (skin conditions, photos, health information)
Marketing communications and newsletters
Non-essential cookies and analytics
Camera and photo library access
You may withdraw consent at any time by contacting hi@betterskin.app or using opt-out mechanisms.
c) Legitimate Interests (GDPR Article 6(1)(f))
For purposes such as:
Improving and personalizing the Service
Fraud prevention and security
Analytics and research (using anonymized data where possible)
Internal business operations
Our legitimate interests are balanced against Your rights and freedoms.
d) Legal Obligation (GDPR Article 6(1)(c))
To comply with legal and regulatory requirements, including tax and financial reporting.
────────────────────────────────────────────────────────────
4. HOW WE USE YOUR INFORMATION
We use Personal Data for purposes including:
Providing and maintaining the Service
Managing Your account and purchases
Processing transactions through Apple Store, Google Play Store, Stripe, or bank transfer
Sending emails and newsletters via Mailchimp or our email hi@betterskin.app
Communicating updates, offers, or marketing (You may opt out at any time)
Analyzing usage trends and improving Service performance
Providing personalized skincare recommendations based on Your skin type and concerns (with Your consent)
Legal compliance and fraud prevention
────────────────────────────────────────────────────────────
5. PROCESSING OF SPECIAL CATEGORY/HEALTH DATA
⚠️ IMPORTANT: Our Service collects and processes health-related information about your skin. This section explains how we handle this sensitive data and your enhanced rights.
What Health Data We Collect
Our Service may collect and process health-related information, including:
Skin conditions, sensitivities, and allergies
Photos of Your skin
Skincare treatment history and product reactions
Symptoms and concerns related to skin health
Legal Basis for Health Data Processing
We process health data only with Your EXPLICIT CONSENT under GDPR Article 9(2)(a). You provide this consent when You:
Create an account and provide skin-related information
Upload photos of Your skin
Complete health questionnaires within the app
How We Use Health Data
To provide personalized skincare recommendations based on Your input
To track Your skin progress over time
To improve Our Service and algorithms
For anonymized research and product development
Your Rights Regarding Health Data
You have enhanced rights regarding Your health data, including:
Withdrawing consent at any time (without affecting prior lawful processing)
Requesting deletion of all health-related information
Obtaining a copy in a portable format
Restricting how We use Your health data
Safeguards for Health Data
Encrypted storage and transmission
Access restricted to authorized personnel only
Regular security audits
Anonymization for research purposes where possible
NO SALE of health data to third parties
To withdraw consent or exercise Your rights regarding health data, contact hi@betterskin.app.
────────────────────────────────────────────────────────────
6. SHARING YOUR INFORMATION
We will only share Your Personal Data:
a) With Service Providers (Data Processors)
We share Personal Data with the following categories of third-party processors who process data on Our behalf under written agreements:
Payment Processors: Stripe, Apple App Store, Google Play Store (for payment processing)
Email Service Providers: Mailchimp (for newsletters and marketing emails)
Cloud Hosting: Supabase (for data storage and infrastructure)
Analytics Services: Google Analytics (for usage analytics)
All processors are contractually required to:
Process data only on Our instructions
Implement appropriate security measures
Maintain confidentiality
Assist with Your data protection rights
Delete or return data when services end
b) With Affiliates
For Service delivery and business operations, subject to the same privacy standards.
c) During Business Transactions
During mergers, acquisitions, or sales of assets. You will be notified of any change in data controller and Your rights under such circumstances.
d) Legal Requirements
With law enforcement or regulators if legally required. We will notify You of such requests unless legally prohibited.
e) With Your Consent
For any other purposes with Your explicit permission.
⚠️ OUR COMMITMENT: We do NOT sell Your Personal Data to third parties. We do NOT sell or share Your health data with third parties for their marketing purposes.
────────────────────────────────────────────────────────────
7. INTERNATIONAL DATA TRANSFERS
Your Personal Data may be processed in countries outside the European Economic Area (EEA) where data protection laws may differ.
Transfer Safeguards
When We transfer Personal Data outside the EEA, We ensure appropriate safeguards, including:
Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions
Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
Your Explicit Consent: Where required by law
Processor Binding Corporate Rules: Where applicable
Current Transfer Destinations
Your data may be transferred to:
United States (processors using SCCs or certified under EU-US Data Privacy Framework)
European Union
For more information about transfer mechanisms, contact hi@betterskin.app.
────────────────────────────────────────────────────────────
8. LEGAL RIGHTS AND COMPLIANCE
GDPR (EU/EEA Users)
You have the following rights under the General Data Protection Regulation (GDPR):
Right of Access (Article 15): Request a copy of the Personal Data We hold about You.
Right to Rectification (Article 16): Correct inaccurate or incomplete Personal Data.
Right to Erasure / “Right to be Forgotten” (Article 17): Request deletion of Your Personal Data in certain circumstances.
Right to Restriction of Processing (Article 18): Limit how We use Your data while a dispute is resolved.
Right to Data Portability (Article 20): Receive Your data in a structured, machine-readable format and transfer it to another controller.
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time (without affecting prior lawful processing).
Right Not to Be Subject to Automated Decision-Making (Article 22): Our Service may use automated processing to provide skincare recommendations. You have the right to be informed of such processing, request human intervention, express Your view and contest decisions, and opt-out of automated decision-making.
How to Exercise Your Rights
To exercise any of these rights, contact us at hi@betterskin.app. We will respond within ONE MONTH (extendable by two additional months for complex requests).
Right to Lodge a Complaint
If You believe We have not handled Your Personal Data appropriately, You have the right to lodge a complaint with Your local supervisory authority. EU/EEA Residents may contact their national Data Protection Authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
CCPA / CPRA (California Users)
If You are a California resident, You have the right to:
Know what Personal Data is collected, used, shared, or sold
Request deletion of Your Personal Data
Opt-out of the sale of Personal Data
Non-discrimination for exercising these rights
To submit a request, contact us at hi@betterskin.app.
CalOPPA (California Online Privacy Protection Act)
Under CalOPPA, we:
Post a privacy policy on the website
Inform users of updates and effective dates
Allow users to request changes to Personal Information
────────────────────────────────────────────────────────────
9. DATA PROTECTION OFFICER (DPO)
We have appointed a Data Protection Officer to oversee GDPR compliance and handle data protection matters.
Contact Our DPO
Email: hi@betterskin.app (marked “Attention: DPO”)
You may contact Our DPO regarding:
Questions about data processing
Exercising Your GDPR rights
Data protection concerns or complaints
Data breach notifications
────────────────────────────────────────────────────────────
10. DATA RETENTION
We retain Personal Data only as long as necessary for the purposes outlined, legal obligations, dispute resolution, or enforcement of agreements.
Typical Retention Periods
Account Information: Up to 24 months after account closure
Customer Support Data: Up to 24 months
Usage Data / Analytics: Up to 24 months
Health/Skin Data: Up to 24 months after account closure or until consent is withdrawn, whichever comes first
Marketing Data: Until You unsubscribe or withdraw consent
Financial Records: Up to 7 years for legal and tax compliance
Data may be anonymized or securely deleted after retention periods.
You may request earlier deletion by contacting hi@betterskin.app. We will delete Your data within 30 days unless legally required to retain it.
────────────────────────────────────────────────────────────
11. YOUR PRIVACY CHOICES
You may:
Update or delete Your account information
Opt out of marketing emails via unsubscribe links
Request deletion of Personal Data by contacting hi@betterskin.app
Withdraw consent for health data processing at any time
Download Your data in a portable format
Object to automated decision-making
Opt out of tracking via the App Tracking Transparency prompt or in Your device’s Settings > Privacy > Tracking
────────────────────────────────────────────────────────────
12. SECURITY
We implement commercially reasonable technical and organizational measures to protect Your Personal Data. These include:
Encryption: Data encrypted in transit (TLS/SSL) and at rest
Access Controls: Role-based access and authentication
Regular Security Audits: Penetration testing and vulnerability assessments
Employee Training: Data protection training for all personnel
Incident Response: Procedures for detecting and responding to breaches
In the event of a data breach that poses a risk to Your rights and freedoms, We will notify:
You (within 72 hours where feasible)
The relevant supervisory authority (within 72 hours as required by GDPR Article 33)
However, no method of internet or electronic storage is 100% secure.
────────────────────────────────────────────────────────────
13. CHILDREN’S PRIVACY
Our Service is not directed to children under 16 (or under 13 in jurisdictions where 13 is the applicable age of digital consent, such as the United States under COPPA). We do not knowingly collect Personal Data from children under these ages. If we become aware that we have collected data from a child without appropriate parental consent, we will delete that information immediately. Parents may contact us to remove data collected from a child.
────────────────────────────────────────────────────────────
14. LINKS TO OTHER WEBSITES
Our Service may contain links to third-party sites. We are not responsible for their content, privacy policies, or practices. We recommend reviewing the privacy policies of any third-party sites You visit.
────────────────────────────────────────────────────────────
15. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy. Updates will be posted on this page, with the “Last Updated” date revised. For significant changes that materially affect Your rights, We will:
Notify You by email (to the address on Your account)
Require Your renewed consent where legally required (e.g., for new uses of health data)
Provide at least 30 days’ notice before changes take effect
Your continued use of the Service after changes take effect constitutes acceptance of the updated policy, except where consent is separately required.
────────────────────────────────────────────────────────────
16. CONTACT US
If you have questions about this Privacy Policy or Your rights, contact us:
Email: hi@betterskin.app
Mailing Address: Riga, Ernesta Birznieka-Upisa 29, Latvia, LV-1003
We will respond to Your inquiry within 30 days.
────────────────────────────────────────────────────────────
17. COOKIE POLICY DETAILS
Essential Cookies
Our website uses Framer's built-in analytics, which are cookieless and privacy-compliant. We do not use tracking cookies on our website. If this changes in the future, we will update this policy and implement appropriate consent mechanisms.
18. APPLE APP TRACKING TRANSPARENCY (ATT)
In accordance with Apple’s App Tracking Transparency framework, Our app will request Your permission before tracking Your activity across other companies’ apps and websites.
What is Tracking?
Under Apple’s definition, “tracking” refers to linking data collected from Our app with data from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement, or sharing data with data brokers.
How We Use Tracking
Our app does not track Your activity across other companies’ apps and websites. We do not use any third-party advertising SDKs or share data with advertising networks or data brokers. Any analytics We collect are first-party only and are not linked to data from other sources for tracking purposes.
Your Choices
You can change Your tracking preferences at any time in Your device’s Settings > Privacy & Security > Tracking.
Denying tracking will not affect core app functionality.
For more information about Apple’s ATT, visit https://support.apple.com/en-us/HT212025.
────────────────────────────────────────────────────────────
19. APP STORE PRIVACY LABEL ALIGNMENT
The following summarizes the data types Our app collects and how they are used, in alignment with Apple’s App Store Privacy “Nutrition Label” requirements. This information matches what is declared in App Store Connect.
Data Linked to You
Contact Info: Name, email address (used for account creation, customer support, marketing)
Health & Fitness: Skin health data, skin photos (used for app functionality, personalization, progress tracking)
Identifiers: User ID (used for app functionality, analytics)
Usage Data: Product interaction, other usage data (used for analytics, product improvement)
Data Not Linked to You
Diagnostics: Crash data, performance data (used for app functionality)
Purchases: Subscription status (used for app functionality)
Data Not Collected
Location data, financial information, browsing history, search history, advertising data, and any other data categories not listed above.
For the most current information, please review Our app’s privacy label on the App Store.
────────────────────────────────────────────────────────────
END OF PRIVACY POLICY
PRIVACY POLICY
Last updated: January 18, 2026
This Privacy Policy describes Our policies and procedures regarding the collection, use, and disclosure of Your information when You use the Service, and explains Your privacy rights under applicable laws, including GDPR, CCPA/CPRA, and CalOPPA. By using Our Service, You consent to the practices described in this Privacy Policy.
We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
══════════════════════════════════════════
TABLE OF CONTENTS
Interpretation and Definitions
Information We Collect
Legal Basis for Processing Your Data (GDPR) [NEW]
How We Use Your Information
Processing of Special Category/Health Data [NEW]
Sharing Your Information
International Data Transfers [ENHANCED]
Legal Rights and Compliance
Data Protection Officer (DPO) [NEW]
Data Retention
Your Privacy Choices
Security
Children's Privacy
Links to Other Websites
Changes to this Privacy Policy
Contact Us
Cookie Policy Details [NEW]
══════════════════════════════════════════
INTERPRETATION AND DEFINITIONS
Interpretation
Words with capitalized initial letters have specific meanings defined below. Singular and plural forms share the same meaning.
Definitions
• Account: A unique account created to access our Service.
• Affiliate: An entity that controls, is controlled by, or is under common control with a party.
• Application / Service: Refers to Betterskin, including its website (https://betterskin.app/) and app.
• Company / We / Us / Our: Betterskin.
• Cookies: Small files placed on Your device to store browsing data.
• Personal Data / Personal Information: Any information that identifies or can identify You.
• Special Category Data / Health Data [NEW]: Information about Your health, including skin conditions, treatments, symptoms, or other health-related information processed through the Service.
• Service Provider: Third-party companies or individuals who process data on Our behalf.
• Usage Data: Data collected automatically from Your use of the Service.
• You: The individual or entity accessing or using the Service.
• Data Controller [NEW]: Betterskin, responsible for determining how and why Your Personal Data is processed.
• Data Processor [NEW]: Third parties who process Personal Data on Our behalf under Our instructions.
══════════════════════════════════════════
INFORMATION WE COLLECT
Personal Data You Provide:
• Name, email address, billing address, and account information
• Pictures and other information from Your device if you allow camera/photo library access
• [NEW] Health and Skin-Related Information: Information about Your skin type, conditions, concerns, symptoms, skincare routines, product usage, treatment history, and photos of Your skin. This constitutes Special Category Data under GDPR Article 9.
Automatic Data Collection (Usage Data):
• Device type, IP address, browser type/version, pages visited, time/date of visit, unique identifiers
• Mobile device information (OS, unique IDs, mobile browser type)
Cookies and Tracking Technologies:
We use cookies, web beacons, and similar technologies for analytics, personalization, and essential functions. Types include:
• Necessary / Essential Cookies – for authentication and core functions
• Functionality Cookies – to remember preferences
• Analytics / Performance Cookies – to track usage trends and improve Service
You may manage or disable cookies through Your device or browser settings. [NEW] When You first visit Our Service, You will be presented with a cookie consent banner allowing You to accept or reject non-essential cookies. You can change Your preferences at any time through Our cookie settings.
══════════════════════════════════════════
LEGAL BASIS FOR PROCESSING YOUR DATA (GDPR) [NEW]
We process Your Personal Data under the following legal bases:
a) Contract Performance (GDPR Article 6(1)(b))
To provide the Service You have requested, including:
• Creating and managing Your account
• Processing transactions and subscriptions
• Providing customer support
b) Consent (GDPR Article 6(1)(a) and Article 9(2)(a))
When You have given explicit consent for:
• Processing Special Category/Health Data (skin conditions, photos, health information)
• Marketing communications and newsletters
• Non-essential cookies and analytics
• Camera and photo library access
You may withdraw consent at any time by contacting hi.betterskin@gmail.com or using opt-out mechanisms.
c) Legitimate Interests (GDPR Article 6(1)(f))
For purposes such as:
• Improving and personalizing the Service
• Fraud prevention and security
• Analytics and research (using anonymized data where possible)
• Internal business operations
Our legitimate interests are balanced against Your rights and freedoms.
d) Legal Obligation (GDPR Article 6(1)(c))
To comply with legal and regulatory requirements, including tax and financial reporting.
══════════════════════════════════════════
HOW WE USE YOUR INFORMATION
We use Personal Data for purposes including:
• Providing and maintaining the Service
• Managing Your account and purchases
• Processing transactions through Apple Store, Google Play Store, Stripe, or bank transfer
• Sending emails and newsletters via Mailchimp or our email hi.betterskin@gmail.com
• Communicating updates, offers, or marketing (You may opt out at any time)
• Analyzing usage trends and improving Service performance
• [NEW] Providing personalized skincare recommendations based on Your skin type and concerns (with Your consent)
• Legal compliance and fraud prevention
══════════════════════════════════════════
PROCESSING OF SPECIAL CATEGORY/HEALTH DATA [NEW]
⚠️ IMPORTANT: Our Service collects and processes health-related information about your skin. This section explains how we handle this sensitive data and your enhanced rights.
What Health Data We Collect:
Our Service may collect and process health-related information, including:
• Skin conditions, sensitivities, and allergies
• Photos of Your skin
• Skincare treatment history and product reactions
• Symptoms and concerns related to skin health
Legal Basis for Health Data Processing:
We process health data only with Your EXPLICIT CONSENT under GDPR Article 9(2)(a). You provide this consent when You:
• Create an account and provide skin-related information
• Upload photos of Your skin
• Complete health questionnaires within the app
How We Use Health Data:
• To provide personalized skincare analysis and recommendations
• To track Your skin progress over time
• To improve Our Service and algorithms
• For anonymized research and product development
Your Rights Regarding Health Data:
You have enhanced rights regarding Your health data, including:
• Withdrawing consent at any time (without affecting prior lawful processing)
• Requesting deletion of all health-related information
• Obtaining a copy in a portable format
• Restricting how We use Your health data
Safeguards for Health Data:
• Encrypted storage and transmission
• Access restricted to authorized personnel only
• Regular security audits
• Anonymization for research purposes where possible
• NO SALE of health data to third parties
To withdraw consent or exercise Your rights regarding health data, contact hi.betterskin@gmail.com.
══════════════════════════════════════════
SHARING YOUR INFORMATION
We will only share Your Personal Data:
a) With Service Providers (Data Processors)
[NEW] We share Personal Data with the following categories of third-party processors who process data on Our behalf under written agreements:
• Payment Processors: Stripe, Apple App Store, Google Play Store (for payment processing)
• Email Service Providers: Mailchimp (for newsletters and marketing emails)
• Cloud Hosting: [Specify your hosting provider, e.g., AWS, Google Cloud] (for data storage and infrastructure)
• Analytics Services: [Specify, e.g., Google Analytics, Mixpanel] (for usage analytics)
• Customer Support Tools: [Specify if applicable] (for managing support requests)
[NEW] All processors are contractually required to:
• Process data only on Our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Assist with Your data protection rights
• Delete or return data when services end
b) With Affiliates
For Service delivery and business operations, subject to the same privacy standards.
c) During Business Transactions
During mergers, acquisitions, or sales of assets. [NEW] You will be notified of any change in data controller and Your rights under such circumstances.
d) Legal Requirements
With law enforcement or regulators if legally required. [NEW] We will notify You of such requests unless legally prohibited.
e) With Your Consent
For any other purposes with Your explicit permission.
⚠️ OUR COMMITMENT: We do NOT sell Your Personal Data to third parties. We do NOT sell or share Your health data with third parties for their marketing purposes.
══════════════════════════════════════════
INTERNATIONAL DATA TRANSFERS [ENHANCED]
Your Personal Data may be processed in countries outside the European Economic Area (EEA) where data protection laws may differ.
Transfer Safeguards:
When We transfer Personal Data outside the EEA, We ensure appropriate safeguards, including:
• Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions
• Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
• Your Explicit Consent: Where required by law
• Processor Binding Corporate Rules: Where applicable
Current Transfer Destinations:
[NEW] Your data may be transferred to:
• United States (processors using SCCs or certified under EU-US Data Privacy Framework)
• [List other specific countries/regions where your service providers are located]
For more information about transfer mechanisms, contact hi.betterskin@gmail.com.
══════════════════════════════════════════
LEGAL RIGHTS AND COMPLIANCE
GDPR (EU/EEA Users)
You have the following rights under the General Data Protection Regulation (GDPR):
→ Right of Access (Article 15)
Request a copy of the Personal Data We hold about You.
→ Right to Rectification (Article 16)
Correct inaccurate or incomplete Personal Data.
→ Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of Your Personal Data in certain circumstances.
→ Right to Restriction of Processing (Article 18)
Limit how We use Your data while a dispute is resolved.
→ Right to Data Portability (Article 20)
Receive Your data in a structured, machine-readable format and transfer it to another controller.
→ Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
→ Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time (without affecting prior lawful processing).
→ Right Not to Be Subject to Automated Decision-Making (Article 22) [NEW]
Our Service may use automated processing to provide skincare recommendations. You have the right to:
• Be informed of such processing
• Request human intervention
• Express Your view and contest decisions
• Opt-out of automated decision-making
How to Exercise Your Rights:
To exercise any of these rights, contact us at hi.betterskin@gmail.com. We will respond within ONE MONTH (extendable by two additional months for complex requests).
→ Right to Lodge a Complaint [NEW]
If You believe We have not handled Your Personal Data appropriately, You have the right to lodge a complaint with Your local supervisory authority:
• EU/EEA Residents: Contact Your national Data Protection Authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
• For example, if You are in Ireland: Data Protection Commission (www.dataprotection.ie)
──────────────────────────────────────────
CCPA / CPRA (California Users)
If You are a California resident, You have the right to:
• Know what Personal Data is collected, used, shared, or sold
• Request deletion of Your Personal Data
• Opt-out of the sale of Personal Data
• Non-discrimination for exercising these rights
To submit a request, contact us at hi.betterskin@gmail.com.
──────────────────────────────────────────
CalOPPA (California Online Privacy Protection Act)
Under CalOPPA, we:
• Post a privacy policy on the website
• Inform users of updates and effective dates
• Allow users to request changes to Personal Information
══════════════════════════════════════════
DATA PROTECTION OFFICER (DPO) [NEW]
We have appointed a Data Protection Officer to oversee GDPR compliance and handle data protection matters.
Contact Our DPO:
• Email: dpo@betterskin.app
• Or via: hi.betterskin@gmail.com (marked "Attention: DPO")
You may contact Our DPO regarding:
• Questions about data processing
• Exercising Your GDPR rights
• Data protection concerns or complaints
• Data breach notifications
══════════════════════════════════════════
DATA RETENTION
We retain Personal Data only as long as necessary for the purposes outlined, legal obligations, dispute resolution, or enforcement of agreements.
Typical Retention Periods:
• Account Information: Up to 24 months after account closure
• Customer Support Data: Up to 24 months
• Usage Data / Analytics: Up to 24 months
• [NEW] Health/Skin Data: Up to 24 months after account closure or until consent is withdrawn, whichever comes first
• [NEW] Marketing Data: Until You unsubscribe or withdraw consent
• [NEW] Financial Records: Up to 7 years for legal and tax compliance
Data may be anonymized or securely deleted after retention periods.
[NEW] You may request earlier deletion by contacting hi.betterskin@gmail.com. We will delete Your data within 30 days unless legally required to retain it.
══════════════════════════════════════════
YOUR PRIVACY CHOICES
You may:
• Update or delete Your account information
• Opt out of marketing emails via unsubscribe links
• Manage cookie preferences [NEW] through Our cookie settings panel
• Request deletion of Personal Data by contacting hi.betterskin@gmail.com
• [NEW] Withdraw consent for health data processing at any time
• [NEW] Download Your data in a portable format
• [NEW] Object to automated decision-making
══════════════════════════════════════════
SECURITY
We implement commercially reasonable technical and organizational measures to protect Your Personal Data. [NEW] These include:
• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and authentication
• Regular Security Audits: Penetration testing and vulnerability assessments
• Employee Training: Data protection training for all personnel
• Incident Response: Procedures for detecting and responding to breaches
[NEW] In the event of a data breach that poses a risk to Your rights and freedoms, We will notify:
• You (within 72 hours where feasible)
• The relevant supervisory authority (within 72 hours as required by GDPR Article 33)
However, no method of internet or electronic storage is 100% secure.
══════════════════════════════════════════
CHILDREN'S PRIVACY
Our Service is not directed to children under 16. We do not knowingly collect Personal Data from children under 16. [NEW] If We become aware that We have collected data from a child under 16 without parental consent, We will delete that information immediately. Parents may contact us to remove data collected from a child.
══════════════════════════════════════════
LINKS TO OTHER WEBSITES
Our Service may contain links to third-party sites. We are not responsible for their content, privacy policies, or practices. [NEW] We recommend reviewing the privacy policies of any third-party sites You visit.
══════════════════════════════════════════
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy. Updates will be posted on this page, with the "Last Updated" date revised. [NEW] For significant changes that materially affect Your rights, We will:
• Notify You by email (to the address on Your account)
• [NEW] Require Your renewed consent where legally required (e.g., for new uses of health data)
• Provide at least 30 days' notice before changes take effect
[NEW] Your continued use of the Service after changes take effect constitutes acceptance of the updated policy, except where consent is separately required.
══════════════════════════════════════════
CONTACT US
If you have questions about this Privacy Policy or Your rights, contact us:
• Email: hi.betterskin@gmail.com
• [NEW] Data Protection Officer: dpo@betterskin.app
• [NEW] Mailing Address: [Your company's registered address in the EU - required for GDPR]
[NEW] We will respond to Your inquiry within 30 days.
══════════════════════════════════════════
COOKIE POLICY DETAILS [NEW]
Essential Cookies
Required for basic Service functionality (login, security, session management). These cannot be disabled.
Functionality Cookies
Remember Your preferences (language, region, theme). You may disable these, but functionality may be affected.
Analytics Cookies
Help Us understand how You use the Service (pages visited, features used, errors encountered). We use [specify tools, e.g., Google Analytics with IP anonymization].
Marketing Cookies
Used to deliver personalized marketing and measure campaign effectiveness. You may opt-out through Our cookie settings.
Managing Cookies:
• In-App Settings: Access cookie preferences in [Settings > Privacy > Cookie Preferences]
• Browser Settings: Configure cookie preferences in Your browser
• Third-Party Opt-Outs:
Google Analytics: https://tools.google.com/dlpage/gaoptout
[List other third-party opt-out mechanisms]
For more information, see Our full Cookie Policy at [link to cookie policy if separate].
══════════════════════════════════════════
END OF PRIVACY POLICY
All changes from the original policy are marked with [NEW] or [ENHANCED]
For a detailed summary of all GDPR enhancements, please refer to the accompanying "GDPR Changes Summary" document.
PRIVACY POLICY
Last updated: January 18, 2026
This Privacy Policy describes Our policies and procedures regarding the collection, use, and disclosure of Your information when You use the Service, and explains Your privacy rights under applicable laws, including GDPR, CCPA/CPRA, and CalOPPA. By using Our Service, You consent to the practices described in this Privacy Policy.
We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
═══════════════════
TABLE OF CONTENTS
Interpretation and Definitions
Information We Collect
Legal Basis for Processing Your Data (GDPR) [NEW]
How We Use Your Information
Processing of Special Category/Health Data [NEW]
Sharing Your Information
International Data Transfers [ENHANCED]
Legal Rights and Compliance
Data Protection Officer (DPO) [NEW]
Data Retention
Your Privacy Choices
Security
Children's Privacy
Links to Other Websites
Changes to this Privacy Policy
Contact Us
Cookie Policy Details [NEW]
═══════════════════
INTERPRETATION AND DEFINITIONS
Interpretation
Words with capitalized initial letters have specific meanings defined below. Singular and plural forms share the same meaning.
Definitions
• Account: A unique account created to access our Service.
• Affiliate: An entity that controls, is controlled by, or is under common control with a party.
• Application / Service: Refers to Betterskin, including its website (https://betterskin.app/) and app.
• Company / We / Us / Our: Betterskin.
• Cookies: Small files placed on Your device to store browsing data.
• Personal Data / Personal Information: Any information that identifies or can identify You.
• Special Category Data / Health Data [NEW]: Information about Your health, including skin conditions, treatments, symptoms, or other health-related information processed through the Service.
• Service Provider: Third-party companies or individuals who process data on Our behalf.
• Usage Data: Data collected automatically from Your use of the Service.
• You: The individual or entity accessing or using the Service.
• Data Controller [NEW]: Betterskin, responsible for determining how and why Your Personal Data is processed.
• Data Processor [NEW]: Third parties who process Personal Data on Our behalf under Our instructions.
═══════════════════
INFORMATION WE COLLECT
Personal Data You Provide:
• Name, email address, billing address, and account information
• Pictures and other information from Your device if you allow camera/photo library access
• [NEW] Health and Skin-Related Information: Information about Your skin type, conditions, concerns, symptoms, skincare routines, product usage, treatment history, and photos of Your skin. This constitutes Special Category Data under GDPR Article 9.
Automatic Data Collection (Usage Data):
• Device type, IP address, browser type/version, pages visited, time/date of visit, unique identifiers
• Mobile device information (OS, unique IDs, mobile browser type)
Cookies and Tracking Technologies:
We use cookies, web beacons, and similar technologies for analytics, personalization, and essential functions. Types include:
• Necessary / Essential Cookies – for authentication and core functions
• Functionality Cookies – to remember preferences
• Analytics / Performance Cookies – to track usage trends and improve Service
You may manage or disable cookies through Your device or browser settings. [NEW] When You first visit Our Service, You will be presented with a cookie consent banner allowing You to accept or reject non-essential cookies. You can change Your preferences at any time through Our cookie settings.
═══════════════════
LEGAL BASIS FOR PROCESSING YOUR DATA (GDPR) [NEW]
We process Your Personal Data under the following legal bases:
a) Contract Performance (GDPR Article 6(1)(b))
To provide the Service You have requested, including:
• Creating and managing Your account
• Processing transactions and subscriptions
• Providing customer support
b) Consent (GDPR Article 6(1)(a) and Article 9(2)(a))
When You have given explicit consent for:
• Processing Special Category/Health Data (skin conditions, photos, health information)
• Marketing communications and newsletters
• Non-essential cookies and analytics
• Camera and photo library access
You may withdraw consent at any time by contacting hi.betterskin@gmail.com or using opt-out mechanisms.
c) Legitimate Interests (GDPR Article 6(1)(f))
For purposes such as:
• Improving and personalizing the Service
• Fraud prevention and security
• Analytics and research (using anonymized data where possible)
• Internal business operations
Our legitimate interests are balanced against Your rights and freedoms.
d) Legal Obligation (GDPR Article 6(1)(c))
To comply with legal and regulatory requirements, including tax and financial reporting.
═══════════════════
HOW WE USE YOUR INFORMATION
We use Personal Data for purposes including:
• Providing and maintaining the Service
• Managing Your account and purchases
• Processing transactions through Apple Store, Google Play Store, Stripe, or bank transfer
• Sending emails and newsletters via Mailchimp or our email hi.betterskin@gmail.com
• Communicating updates, offers, or marketing (You may opt out at any time)
• Analyzing usage trends and improving Service performance
• [NEW] Providing personalized skincare recommendations based on Your skin type and concerns (with Your consent)
• Legal compliance and fraud prevention
═══════════════════
PROCESSING OF SPECIAL CATEGORY/HEALTH DATA [NEW]
⚠️ IMPORTANT: Our Service collects and processes health-related information about your skin. This section explains how we handle this sensitive data and your enhanced rights.
What Health Data We Collect:
Our Service may collect and process health-related information, including:
• Skin conditions, sensitivities, and allergies
• Photos of Your skin
• Skincare treatment history and product reactions
• Symptoms and concerns related to skin health
Legal Basis for Health Data Processing:
We process health data only with Your EXPLICIT CONSENT under GDPR Article 9(2)(a). You provide this consent when You:
• Create an account and provide skin-related information
• Upload photos of Your skin
• Complete health questionnaires within the app
How We Use Health Data:
• To provide personalized skincare analysis and recommendations
• To track Your skin progress over time
• To improve Our Service and algorithms
• For anonymized research and product development
Your Rights Regarding Health Data:
You have enhanced rights regarding Your health data, including:
• Withdrawing consent at any time (without affecting prior lawful processing)
• Requesting deletion of all health-related information
• Obtaining a copy in a portable format
• Restricting how We use Your health data
Safeguards for Health Data:
• Encrypted storage and transmission
• Access restricted to authorized personnel only
• Regular security audits
• Anonymization for research purposes where possible
• NO SALE of health data to third parties
To withdraw consent or exercise Your rights regarding health data, contact hi.betterskin@gmail.com.
═══════════════════
SHARING YOUR INFORMATION
We will only share Your Personal Data:
a) With Service Providers (Data Processors)
[NEW] We share Personal Data with the following categories of third-party processors who process data on Our behalf under written agreements:
• Payment Processors: Stripe, Apple App Store, Google Play Store (for payment processing)
• Email Service Providers: Mailchimp (for newsletters and marketing emails)
• Cloud Hosting: [Specify your hosting provider, e.g., AWS, Google Cloud] (for data storage and infrastructure)
• Analytics Services: [Specify, e.g., Google Analytics, Mixpanel] (for usage analytics)
• Customer Support Tools: [Specify if applicable] (for managing support requests)
[NEW] All processors are contractually required to:
• Process data only on Our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Assist with Your data protection rights
• Delete or return data when services end
b) With Affiliates
For Service delivery and business operations, subject to the same privacy standards.
c) During Business Transactions
During mergers, acquisitions, or sales of assets. [NEW] You will be notified of any change in data controller and Your rights under such circumstances.
d) Legal Requirements
With law enforcement or regulators if legally required. [NEW] We will notify You of such requests unless legally prohibited.
e) With Your Consent
For any other purposes with Your explicit permission.
⚠️ OUR COMMITMENT: We do NOT sell Your Personal Data to third parties. We do NOT sell or share Your health data with third parties for their marketing purposes.
═══════════════════
INTERNATIONAL DATA TRANSFERS [ENHANCED]
Your Personal Data may be processed in countries outside the European Economic Area (EEA) where data protection laws may differ.
Transfer Safeguards:
When We transfer Personal Data outside the EEA, We ensure appropriate safeguards, including:
• Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions
• Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection
• Your Explicit Consent: Where required by law
• Processor Binding Corporate Rules: Where applicable
Current Transfer Destinations:
[NEW] Your data may be transferred to:
• United States (processors using SCCs or certified under EU-US Data Privacy Framework)
• [List other specific countries/regions where your service providers are located]
For more information about transfer mechanisms, contact hi.betterskin@gmail.com.
═══════════════════
LEGAL RIGHTS AND COMPLIANCE
GDPR (EU/EEA Users)
You have the following rights under the General Data Protection Regulation (GDPR):
→ Right of Access (Article 15)
Request a copy of the Personal Data We hold about You.
→ Right to Rectification (Article 16)
Correct inaccurate or incomplete Personal Data.
→ Right to Erasure / "Right to be Forgotten" (Article 17)
Request deletion of Your Personal Data in certain circumstances.
→ Right to Restriction of Processing (Article 18)
Limit how We use Your data while a dispute is resolved.
→ Right to Data Portability (Article 20)
Receive Your data in a structured, machine-readable format and transfer it to another controller.
→ Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
→ Right to Withdraw Consent (Article 7(3))
Withdraw consent at any time (without affecting prior lawful processing).
→ Right Not to Be Subject to Automated Decision-Making (Article 22) [NEW]
Our Service may use automated processing to provide skincare recommendations. You have the right to:
• Be informed of such processing
• Request human intervention
• Express Your view and contest decisions
• Opt-out of automated decision-making
How to Exercise Your Rights:
To exercise any of these rights, contact us at hi.betterskin@gmail.com. We will respond within ONE MONTH (extendable by two additional months for complex requests).
→ Right to Lodge a Complaint [NEW]
If You believe We have not handled Your Personal Data appropriately, You have the right to lodge a complaint with Your local supervisory authority:
• EU/EEA Residents: Contact Your national Data Protection Authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
• For example, if You are in Ireland: Data Protection Commission (www.dataprotection.ie)
───────────────────
CCPA / CPRA (California Users)
If You are a California resident, You have the right to:
• Know what Personal Data is collected, used, shared, or sold
• Request deletion of Your Personal Data
• Opt-out of the sale of Personal Data
• Non-discrimination for exercising these rights
To submit a request, contact us at hi.betterskin@gmail.com.
───────────────────
CalOPPA (California Online Privacy Protection Act)
Under CalOPPA, we:
• Post a privacy policy on the website
• Inform users of updates and effective dates
• Allow users to request changes to Personal Information
═══════════════════
DATA PROTECTION OFFICER (DPO) [NEW]
We have appointed a Data Protection Officer to oversee GDPR compliance and handle data protection matters.
Contact Our DPO:
• Email: dpo@betterskin.app
• Or via: hi.betterskin@gmail.com (marked "Attention: DPO")
You may contact Our DPO regarding:
• Questions about data processing
• Exercising Your GDPR rights
• Data protection concerns or complaints
• Data breach notifications
═══════════════════
DATA RETENTION
We retain Personal Data only as long as necessary for the purposes outlined, legal obligations, dispute resolution, or enforcement of agreements.
Typical Retention Periods:
• Account Information: Up to 24 months after account closure
• Customer Support Data: Up to 24 months
• Usage Data / Analytics: Up to 24 months
• [NEW] Health/Skin Data: Up to 24 months after account closure or until consent is withdrawn, whichever comes first
• [NEW] Marketing Data: Until You unsubscribe or withdraw consent
• [NEW] Financial Records: Up to 7 years for legal and tax compliance
Data may be anonymized or securely deleted after retention periods.
[NEW] You may request earlier deletion by contacting hi.betterskin@gmail.com. We will delete Your data within 30 days unless legally required to retain it.
═══════════════════
YOUR PRIVACY CHOICES
You may:
• Update or delete Your account information
• Opt out of marketing emails via unsubscribe links
• Manage cookie preferences [NEW] through Our cookie settings panel
• Request deletion of Personal Data by contacting hi.betterskin@gmail.com
• [NEW] Withdraw consent for health data processing at any time
• [NEW] Download Your data in a portable format
• [NEW] Object to automated decision-making
═══════════════════
SECURITY
We implement commercially reasonable technical and organizational measures to protect Your Personal Data. [NEW] These include:
• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and authentication
• Regular Security Audits: Penetration testing and vulnerability assessments
• Employee Training: Data protection training for all personnel
• Incident Response: Procedures for detecting and responding to breaches
[NEW] In the event of a data breach that poses a risk to Your rights and freedoms, We will notify:
• You (within 72 hours where feasible)
• The relevant supervisory authority (within 72 hours as required by GDPR Article 33)
However, no method of internet or electronic storage is 100% secure.
═══════════════════
CHILDREN'S PRIVACY
Our Service is not directed to children under 16. We do not knowingly collect Personal Data from children under 16. [NEW] If We become aware that We have collected data from a child under 16 without parental consent, We will delete that information immediately. Parents may contact us to remove data collected from a child.
═══════════════════
LINKS TO OTHER WEBSITES
Our Service may contain links to third-party sites. We are not responsible for their content, privacy policies, or practices. [NEW] We recommend reviewing the privacy policies of any third-party sites You visit.
═══════════════════
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy. Updates will be posted on this page, with the "Last Updated" date revised. [NEW] For significant changes that materially affect Your rights, We will:
• Notify You by email (to the address on Your account)
• [NEW] Require Your renewed consent where legally required (e.g., for new uses of health data)
• Provide at least 30 days' notice before changes take effect
[NEW] Your continued use of the Service after changes take effect constitutes acceptance of the updated policy, except where consent is separately required.
═══════════════════
CONTACT US
If you have questions about this Privacy Policy or Your rights, contact us:
• Email: hi.betterskin@gmail.com
• [NEW] Data Protection Officer: dpo@betterskin.app
• [NEW] Mailing Address: [Your company's registered address in the EU - required for GDPR]
[NEW] We will respond to Your inquiry within 30 days.
═══════════════════
COOKIE POLICY DETAILS [NEW]
Essential Cookies
Required for basic Service functionality (login, security, session management). These cannot be disabled.
Functionality Cookies
Remember Your preferences (language, region, theme). You may disable these, but functionality may be affected.
Analytics Cookies
Help Us understand how You use the Service (pages visited, features used, errors encountered). We use [specify tools, e.g., Google Analytics with IP anonymization].
Marketing Cookies
Used to deliver personalized marketing and measure campaign effectiveness. You may opt-out through Our cookie settings.
Managing Cookies:
• In-App Settings: Access cookie preferences in [Settings > Privacy > Cookie Preferences]
• Browser Settings: Configure cookie preferences in Your browser
• Third-Party Opt-Outs:
Google Analytics: https://tools.google.com/dlpage/gaoptout
[List other third-party opt-out mechanisms]
For more information, see Our full Cookie Policy at [link to cookie policy if separate].
═══════════════════
END OF PRIVACY POLICY
All changes from the original policy are marked with [NEW] or [ENHANCED]
For a detailed summary of all GDPR enhancements, please refer to the accompanying "GDPR Changes Summary" document.