Privacy Policy

MySkinIQ LLC
Effective Date: January 4, 2026 | Last Updated: January 4, 2026

1. Introduction

MySkinIQ LLC ("MySkinIQ," "Company," "we," "us," or "our") operates the MySkinIQ mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Please read this Privacy Policy carefully. By downloading, accessing, or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide when using our App:

Data Type	Purpose	Required
Email Address	Account creation and communication	Yes (for account)
Authentication Credentials	Secure login via Apple Sign-In or Google Sign-In	Yes (for account)
Allergen Profile	Personalize product safety analysis	No (optional)
Skin Type	Customize product recommendations	No (optional)
Child Safety Preferences	Enable enhanced protection for children's products	No (optional)

Important: We do NOT collect or store your password. Authentication is handled securely by Apple or Google.

2.2 Health-Related Information

Our App processes health-related information that you voluntarily provide, including:

Known allergens and sensitivities
Skin conditions (e.g., eczema, dermatitis, sensitive skin)
Adverse reactions to products (if reported)
Allergen discovery trial participation and outcomes

This information is considered sensitive personal data under GDPR and similar regulations. We process this data only with your explicit consent and solely to provide personalized product safety analysis.

2.3 Automatically Collected Information

When you use the App, we automatically collect certain information:

Device Information:

Device type and model
Operating system and version
Unique device identifiers (anonymized)
App version

Usage Information:

Features used and frequency
Search queries (product names, URLs)
Analysis history
App performance metrics
Crash reports

We do NOT collect:

Precise GPS location
Photos from your camera roll
Contacts
Browsing history outside the App

3. How We Use Your Information

3.1 Primary Purposes

Purpose	Legal Basis (GDPR)
Provide personalized allergen safety analysis	Consent / Contract Performance
Generate safer product alternatives	Consent / Contract Performance
Sync your allergen profile across devices	Contract Performance
Process subscription payments	Contract Performance
Respond to support requests	Legitimate Interest
Allergen Discovery Trial participation	Explicit Consent (Art. 9(2)(a))

3.2 We Do NOT Use Your Data For

Selling your personal information to third parties
Targeted advertising based on your health data
Building profiles for marketing purposes
Sharing with data brokers

4. How We Share Your Information

4.1 Service Providers (Sub-Processors)

We share data with third-party service providers who perform services on our behalf:

Provider	Purpose	Data Shared
Google Firebase	Authentication, database, cloud functions	Account info, allergen profile
Google Cloud / Vertex AI	AI-powered ingredient analysis	Product ingredients (no personal identifiers)
Apple (StoreKit)	Subscription management	Purchase history, subscription status
Firebase Crashlytics	Crash reporting	Device info, crash logs

5. Data Retention

Data Type	Retention Period
Account Information	Duration of account + 30 days
Allergen Profile	Duration of account + 30 days
Product Analysis Cache	30 days
Usage Analytics	26 months
Crash Reports	90 days
Adverse Reaction Reports	7 years (regulatory compliance)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Encryption in transit (TLS 1.3)
Encryption at rest (AES-256)
Secure authentication (OAuth 2.0)
Data hosted on Google Cloud Platform (SOC 2 Type II certified)

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we commit to:

Notification to Authorities: Notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach (GDPR Article 33)
Notification to Affected Users: Notify affected users without undue delay when the breach is likely to result in a high risk
Remediation: Take immediate steps to contain and remediate the breach

8. Your Privacy Rights

8.1 Rights for All Users

Regardless of your location, you have the right to:

Access - Request a copy of your personal data
Correction - Request correction of inaccurate data
Deletion - Request deletion of your account and data
Data Portability - Export your data in a machine-readable format (JSON)

How to exercise these rights:

Export Data: Settings > Your Data > Export My Data
Delete Account: Settings > Delete Account
Contact Us: privacy@myskiniq.shop

8.2 Additional Rights for EU/EEA Residents (GDPR)

Right to Restrict Processing
Right to Object
Right to Withdraw Consent
Right to Lodge a Complaint with your local Data Protection Authority

8.3 Additional Rights for California Residents (CCPA/CPRA)

Right to Know
Right to Delete
Right to Opt-Out of Sale - We do NOT sell your personal information
Right to Non-Discrimination

To submit a CCPA request: privacy@myskiniq.shop

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers are located.

For EU/EEA/UK residents:

Transfers to the US are made under Standard Contractual Clauses (SCCs) approved by the European Commission
Google LLC participates in the EU-US Data Privacy Framework

10. Artificial Intelligence and Automated Decision-Making

MySkinIQ uses artificial intelligence and machine learning to provide our core services:

Ingredient Parsing: Extract and categorize ingredients from product data
Allergen Matching: Match ingredients to known allergens
Safety Classification: Generate Safe/Caution/High Risk verdicts
Alternative Suggestions: Recommend substitute products

We do NOT use your personal health data to train AI models shared across users

Under GDPR Article 22, you have rights related to automated decision-making:

Right to Human Review
Right to Explanation
Right to Contest

11. Children's Privacy

MySkinIQ is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

Our "Child Safety Mode" feature is designed for parents and guardians to analyze products intended for use on their children. This feature does not collect information from children.

If you are a parent or guardian and believe your child under 13 has provided personal information to us, please contact us immediately at privacy@myskiniq.shop.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

MySkinIQ LLC

Email: privacy@myskiniq.shop
Support: support@myskiniq.shop
Website: https://myskiniq.shop

Response Time: We aim to respond to all privacy inquiries within 30 days, or sooner where required by law.

13. Health Data Disclaimer

MySkinIQ is NOT a medical device and does NOT provide medical advice. The allergen analysis and product safety information provided by our App is for informational purposes only and should not be considered medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for medical concerns.