Skip to content
Skinread
Download on the App Store
This is an honest, specific draft built from Skinread's real data flows — not legal advice. Because it involves face images and transfer to the United States (a high-scrutiny combination), a review by a qualified GDPR/DSGVO professional is strongly recommended before public launch. Complete every [BRACKETED] field first.

Legal

Privacy Policy

Last updated: [DD MONTH YYYY]

This Privacy Policy explains what data Skinread (“Skinread”, “we”, “us”) collects, how it is used, and — importantly — which third-party AI providers process it. We try to be plain and accurate. We do not make claims the app does not honour.

1. Who we are

The data controller responsible for your personal data is:

Controller
Speakwise GmbH
Address
Kollage 3, 49170 Hagen a.T.W., Germany
Contact
nico@skinread.app

2. What we collect

  • Face / selfie images you capture for a skin scan.
  • Skin-analysis results generated from those images — scores, detected concerns, and metrics (e.g. hydration, redness, texture, pores, skin age, skin type, per-zone results).
  • Voice recordings you create when using the app's voice features.
  • AI coach conversations — the messages you send to the in-app AI skincare coach.
  • Onboarding profile answers — e.g. skin type, goals, and age range you provide during setup.
  • Basic app & usage data needed to operate the app and your subscription (e.g. settings and Apple subscription status). [CONFIRM exact technical/analytics data, if any.]
  • Advertising & attribution data — limited events (e.g. app install, trial start, purchase) and device/advertising identifiers, shared with Meta and TikTok to measure our ads, subject to your App Tracking Transparency choice (see Section 8). This never includes your photos, skin data, voice or coach chat.

3. How we use your data

  • To generate and show your cosmetic skin analysis and track it over time.
  • To transcribe your voice recordings into text.
  • To power the AI coach — generating replies to the messages you send it.
  • To operate, maintain and support the app and your subscription.
  • To measure and attribute our advertising — using limited usage data only, never your photos, skin data, voice or coach chat.

We rely on your explicit consent for processing face images (and voice recordings), and on performance of our contract with you for running the app (GDPR Art. 6(1)(a) and 9(2)(a) for special-category biometric-adjacent data; Art. 6(1)(b)). [CONFIRM legal bases with your reviewer.]

4. Third-party AI providers (who processes your data)

Skinread uses specialised AI providers to analyse your inputs. We name them and state the purpose specifically:

  • Google Gemini (Google LLC) — used for two purposes: (a) your photo is sent to Google Gemini to analyse your skin and generate your results; and (b) the messages you send to the in-app AI coach are sent to Google Gemini to generate the coach's replies. In both cases that content (your face image; your chat messages) is transmitted to and processed by Google. See Google's Privacy Policy and applicable Gemini API terms.
  • Deepgram, Inc.your voice recordings are sent to Deepgram to transcribe them into text. See Deepgram's Privacy Policy.

These providers process your data under their own terms and privacy policies. We do not sell your data to them, and this processing happens so the app can return your results.

5. International data transfers

Google, Deepgram, Meta and TikTok may process your data on servers in the United States and other countries outside the EU/EEA. Such transfers can involve a level of data protection different from the EU. Where the GDPR applies, we rely on appropriate safeguards for these transfers, such as the EU Standard Contractual Clauses and/or the provider's certification under the EU–US Data Privacy Framework. [CONFIRM the exact safeguard/mechanism in place for each provider.]

6. Where your data is stored

Your scan results and images are stored locally on your device — they are not stored on Skinread's own servers. [CONFIRM: is anything (e.g. onboarding answers, backups) stored server-side? If yes, describe it here; if no, this statement stands.]

Note: storing results on your device is separate from the transient processing in Section 4. When a scan or transcription is performed, the relevant input is sent to the provider and processed by them under their retention practices (see Section 9).

7. What we never do — and the one thing we do

We keep two kinds of data strictly separate:

  • Your sensitive content — face photos, skin analyses, voice recordings and AI coach conversations — is never sold and never used for advertising. It is sent only to Google Gemini (photos and coach chat) and Deepgram (voice) to give you your results, as described above.
  • Limited usage / attribution data — for example, whether you installed, opened or subscribed to Skinread after seeing an ad — is shared with our advertising partners Meta and TikTok to measure our advertising (see Section 8). This never includes your photos, skin data, voice or coach chat.

8. Advertising & attribution measurement (Meta & TikTok)

To understand whether our ads work, Skinread uses the Meta and TikTok SDKs to share limited usage and attribution events — such as app install, trial start and purchase — together with device/advertising identifiers. This is used only to measure and attribute advertising. It does not include your face photos, skin-analysis results, voice recordings or coach conversations.

On iOS this is governed by Apple's App Tracking Transparency (ATT): we ask your permission first, and if you deny tracking, this attribution sharing is limited or disabled accordingly. This data may be processed in the United States under each partner's own terms. See Meta's Privacy Policy and TikTok's Privacy Policy.

9. Data retention

Your scans and results remain on your device until you delete them (see Section 11 and our Data deletion page). We do not control how long Google, Deepgram, Meta or TikTok retain data sent to them for processing — that is governed by their own policies (linked in Sections 4 and 8). We cannot guarantee third-party retention periods and cannot delete provider-held data on your behalf.

10. Consent

We obtain your explicit, in-app consent before any face image is processed (and before any voice recording is processed). You can decline, and you can withdraw consent at any time by stopping use of the relevant feature and/or deleting your data. [Ensure this matches the exact wording and behaviour of the in-app consent screen — see CONSENT_TEXT.md.]

11. Your rights (GDPR)

Subject to applicable law, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate data;
  • delete your data — Skinread offers a one-tap “delete all” in the app;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time (this does not affect processing already carried out);
  • lodge a complaint with a data-protection supervisory authority.

To exercise these rights, email nico@skinread.app. See also our Data deletion page.

12. Children

Skinread is not directed to children. You must be at least [MINIMUM AGE, e.g. 16 — confirm per your market] to use the app, and we do not knowingly collect data from children under that age. [CONFIRM age threshold for your target markets.]

13. Changes to this policy

We may update this policy. Material changes will be communicated in the app or by other appropriate means, and the “last updated” date above will change.

14. Contact

Questions about your privacy or this policy? Email nico@skinread.app or write to Kollage 3, 49170 Hagen a.T.W., Germany.