D
DermaDay

Privacy Policy

Last updated: February 10, 2026

1. Introduction

DermaDay (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the “Service”).

By using DermaDay, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, display name, and authentication credentials (including Apple Sign-In or Google Sign-In tokens).
  • Profile Information: Skin type, skin concerns, skincare goals, age range, and other onboarding preferences you voluntarily provide.
  • Selfie Images: Photos you take for skin analysis. These images are processed by our AI analysis system and stored securely to enable progress tracking.

2.2 Information Collected Automatically

  • Usage Data: App interactions, features used, scan frequency, and session duration.
  • Device Information: Device model, operating system version, and unique device identifiers.
  • Analytics: Aggregated and anonymized usage statistics to improve our Service.

2.3 Skin Analysis Data

Our AI generates skin scores (0–100) across six dimensions: Hydration, Radiance, Texture, Pores, Acne, and Evenness. This data is stored in your personal account and is never shared with other users.

3. Face Data Collection, Use, and Retention

DermaDay uses your device’s camera to capture selfie photographs of your face for the purpose of skin health analysis. This section provides detailed information about how we handle face data, which we consider sensitive personal information.

3.1 What Face Data We Collect

When you perform a skin scan, DermaDay collects the following face data:

  • Facial photographs (selfie images): Full-face photographs captured through the in-app camera. These images contain your facial features, skin surface, and surrounding facial area.
  • Face detection metadata: On-device face detection is used solely to guide you in positioning your face correctly within the camera frame. This detection data (face bounding box coordinates) is processed entirely on your device and is never transmitted to our servers.
  • Derived skin metrics: Our AI analysis system processes your facial photographs to generate numerical skin health scores (0–100) across six dimensions: Hydration, Radiance, Texture, Pores, Acne, and Evenness. These derived scores are stored alongside your photographs.

DermaDay does not collect or create facial geometry maps, biometric templates, face embeddings, or any form of biometric identifier. We do not use face recognition technology. Your photos are analyzed for skin health characteristics only, not for identifying or authenticating individuals.

3.2 How We Use Face Data

Your face data is used exclusively for the following purposes:

  • Skin health analysis: Facial photographs are sent to our secure AI analysis service (Haut.AI) to evaluate your skin condition and generate scores across six dimensions.
  • Progress tracking: Your photographs are stored chronologically so you can compare your skin condition over time using before/after sliders and trend charts.
  • Personalized recommendations: The derived skin metric scores (not the images themselves) are used to generate personalized skincare ingredient and product recommendations.

Face data is never used for advertising, marketing to third parties, user profiling beyond skincare, facial recognition, identity verification, or any purpose other than those listed above.

3.3 Third-Party Sharing of Face Data

Your facial photographs are shared with the following third-party service provider for the sole purpose of skin analysis:

  • Haut.AI (skin analysis AI provider): Your selfie images are transmitted securely (via HTTPS/TLS encryption) to Haut.AI’s API for dermatological analysis. Haut.AI processes the images to generate skin health scores and returns the results to DermaDay. Haut.AI does not retain your images after processing is complete and does not use your images for any other purpose, in accordance with our data processing agreement.

Your face data is never sold, rented, or shared with advertisers, data brokers, social media platforms, or any other third parties. Face data is not shared with other DermaDay users.

3.4 Where Face Data Is Stored

  • Selfie images: Stored in Firebase Cloud Storage (Google Cloud Platform), encrypted at rest using AES-256 encryption. Access is restricted to your authenticated account only, enforced through Firebase Security Rules.
  • Derived skin scores: Stored in Firebase Firestore (Google Cloud Platform), encrypted at rest, and associated with your user account.
  • On-device data: Face detection data used for camera framing is processed on-device only and is never stored or transmitted.

3.5 How Long Face Data Is Retained

  • While your account is active: All selfie images and derived skin scores are retained for the duration of your active account to enable progress tracking and historical comparisons.
  • Upon account deletion: When you delete your account (via Settings > Account > Delete Account), all selfie images and associated skin scores are permanently deleted from our servers within 30 days. This deletion is irreversible.
  • Haut.AI processing: Selfie images sent to Haut.AI for analysis are processed in real-time and are not retained by Haut.AI after the analysis is complete.

3.6 Your Rights Regarding Face Data

You have the right to:

  • View all selfie images stored in your account (via the Progress tab)
  • Delete individual scans including the associated selfie image and scores
  • Delete all face data by deleting your account
  • Export your face data and skin scores (via Settings > Account > Export Data)
  • Withdraw consent by discontinuing use of the scan feature or deleting your account

4. How We Use Your Information

  • Provide and maintain the Service, including AI skin analysis
  • Generate personalized skincare recommendations
  • Track your skin health progress over time
  • Process subscription payments through our payment processor (RevenueCat/Apple)
  • Send you relevant notifications (with your consent)
  • Improve our AI models and Service quality using anonymized, aggregated data
  • Comply with legal obligations

5. Data Storage & Security

Your data is stored securely using Firebase (Google Cloud Platform) with encryption at rest (AES-256) and in transit (TLS 1.2+). Selfie images are stored in secure cloud storage with access controls limited to your authenticated account via Firebase Security Rules.

We implement industry-standard security measures including TLS encryption, secure authentication tokens, and regular security audits. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Sharing

We do not sell your personal information. We may share data with:

  • Service Providers: Firebase (hosting/database), RevenueCat (subscriptions), and Haut.AI (skin analysis), solely to operate the Service. See Section 3.3 for specific details on face data sharing.
  • Legal Requirements: When required by law, court order, or governmental regulation.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.

Your selfie images and skin analysis results are never shared with other users, advertisers, or third parties for marketing purposes.

7. Your Rights

You have the right to:

  • Access: Request a copy of your personal data including all face data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and all associated data, including all selfie images
  • Export: Export your skin analysis history, face data, and account data
  • Opt-out: Disable analytics collection and push notifications

You can exercise these rights through the app’s Settings > Account section or by contacting us at privacy@dermaday.app.

8. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all personal data — including selfie images, skin scores, and profile data — is permanently deleted within 30 days. Anonymized, aggregated data (which does not include face data or any identifiable information) may be retained for analytical purposes.

For specific retention policies related to face data, see Section 3.5.

9. Children’s Privacy

DermaDay is not intended for use by individuals under the age of 13. We do not knowingly collect personal information, including face data, from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

10. International Transfers

Your data may be processed in countries outside your country of residence, including the United States and European Union, where our service providers (Firebase/Google Cloud and Haut.AI) operate. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws, including GDPR Standard Contractual Clauses where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes — particularly any changes to how we collect, use, or share face data — through the app or by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, your personal data, or how we handle face data, contact us at:

Email: privacy@dermaday.app

← Back to DermaDay