Privacy Policy

This Privacy Policy explains how MyNewSkin ("we", "us", or "our") collects, uses, and protects your personal information when you use our mobile application and website (collectively, the "Service"). By using MyNewSkin you agree to the practices described below.

1. Information we collect

Information you provide

• Account information — first name, email address, password (stored as a salted hash), date of birth, sex, region, and skin profile details.
• Health & cycle data (optional) — menstrual cycle dates, hormonal status, lifestyle and dietary inputs you choose to log.
• Face photos — selfies you take or choose for skin analysis (see Section 3). We do not derive a biometric template, face mesh, or face-recognition vector from these images.
• Support correspondence — any messages, attachments or contact details you send us.

Information collected automatically

• Device type, operating system, app version, language and approximate region (derived from IP, never precise location).
• Usage events (e.g. screens viewed, scans completed) for performance and reliability.
• Crash and diagnostic logs.

Information from third parties

• RevenueCat — subscription and entitlement status.
• App Store / Apple — purchase receipts and anonymous identifiers.

2. How we use your information

• To deliver AI-powered skin analysis, scoring and personalised product recommendations.
• To operate the SkinPoints rewards and raffle system.
• To remind you about check-ins and routines (only if you enable notifications).
• To process subscriptions and prevent fraud.
• To respond to support requests.
• To improve our models, features and reliability (using aggregated, de-identified data wherever possible).

3. Face data and AI skin analysis

When you choose to take or upload a selfie for skin analysis we collect that image to deliver the analysis. We do not create a biometric template, face-recognition vector, face mesh or any other identifier from your face. We do not attempt to identify you from the image.

What we collect. A single selfie of your face, captured in-app using the front-facing camera (or chosen from your photo library if you prefer).

How we use it. The image is sent over TLS to our server and forwarded — via the OpenRouter API gateway — to OpenAI's GPT-5.4 model in a single request. That single AI call performs the visual skin analysis (texture, hydration, blemishes, redness, pores, dark spots, wrinkles, perceived skin age) and generates your product recommendations. Only numerical scores, short textual notes (e.g. "moderate dryness on the cheeks") and a list of recommended product IDs come back. We do not run face recognition, age verification, or identity matching on the image.

With whom we share it. Only with OpenRouter (acting as an API gateway) and OpenAI (running the GPT-5.4 model behind it), under their API data-processing terms, which prohibit retention and training on your data. We never share face photos with advertisers, social-media SDKs, analytics providers, data brokers, or any other third party.

How long we keep it.

• Free accounts: the selfie is stored on your device only and is deleted automatically when you sign out, delete the scan, or delete your account.
• Premium accounts that opt in to "save scans for progress comparison": the image is uploaded to your private account record and retained until you delete the scan or close the account. Backups are purged on a rolling 30-day cycle.
• You can delete any scan, any photo, or your entire account at any time from Account → Privacy & Data → Delete account.

Consent. Before the first scan we present an explicit consent screen describing exactly what is collected, where it is sent, and what we use it for. You can revoke consent at any time by deleting your account; future scans will be blocked until you re-consent.

4. Third-party AI processing

The skin-analysis pipeline uses a single AI request per scan, made under data-processing agreements that prohibit retention or training on your inputs:

• OpenRouter (API gateway): receives the request from our server and routes it to the underlying model. OpenRouter does not retain the prompt or image after the request completes, and we configure the request with allow_fallbacks: false so it can never be re-routed to a different provider without our explicit consent.
• OpenAI — GPT-5.4 (the model OpenRouter routes to): receives the selfie image plus a short anonymised prompt containing your age bracket, gender, sleep / water / stress averages, your typed concerns, and (for return scans) your previous photo for progress comparison. In one call it performs the visual skin analysis, validates that the photo shows a clear human face, and produces the personalised product recommendations for your region. OpenAI processes the image in memory only and does not store it after the request is complete.

No other AI providers receive your face image or any of the inputs above. No analytics SDK, no advertising SDK, no social-media SDK and no data broker receives any of these inputs. We do not allow these providers to use your data to train their public models, and they do not retain the data after the request is complete.

5. Sharing your information

We do not sell your personal data. We share information only with:

• Service providers who help us run the Service (Replit hosting, Resend email delivery, OpenAI / OpenRouter AI analysis, RevenueCat / Apple payments).
• Legal authorities when required by law or to protect our rights and users.
• Successors in the event of a merger, acquisition or asset sale, with continued protection of your data.

6. Affiliate links

Product recommendations may include Amazon affiliate links. If you purchase through these links we may earn a small commission at no extra cost to you. We do not share your identity with Amazon.

7. App Tracking Transparency & advertising

On iOS, the first time you launch MyNewSkin we present Apple's App Tracking Transparency (ATT) prompt. This is your explicit choice about whether MyNewSkin and its partners may track you across other companies' apps and websites for advertising and measurement.

• If you allow tracking, we and our ad-network partner may use the iOS Identifier-for-Advertisers (IDFA) to deliver more relevant ads and measure ad performance.
• If you ask not to track, we serve only non-personalised contextual ads. We do not use IDFA, and we do not link your email, phone number or name with third-party advertising profiles.
• You can change your choice any time in iOS Settings → Privacy & Security → Tracking → MyNewSkin.

8. Data retention

We keep your account data while your account is active. Skin scans, check-ins and uploaded photos are retained until you delete them or close your account. Backups are purged on a rolling 30-day cycle.

9. Your rights

Depending on where you live (UK GDPR, EU GDPR, California CCPA) you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent for optional features (notifications, cycle tracking) at any time in the app.

To exercise any right, contact us via the Support page.

10. Security

We use industry-standard safeguards including TLS encryption in transit, encrypted storage at rest, hashed passwords and least-privilege access controls. No system is 100% secure, but we work hard to protect your information.

11. Children

MyNewSkin is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child has given us data, contact us and we will delete it.

12. International transfers

We may process data in the UK, EU or US. Where data is transferred internationally we rely on Standard Contractual Clauses or equivalent safeguards.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated in-app or by email. The "Last updated" date above shows when this version took effect.

14. Contact us

Questions about privacy? Reach us via the Support page or email support@mynewskin.co.uk.