Privacy Policy

1. Introduction

Pulse Labs ("we," "our," or "us") operates the Derma AI mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using Derma AI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account information: email address, name, date of birth, and gender when you create an account.
• Onboarding responses: answers to skin-related questions (skin type, concerns, product usage, sun exposure, diagnosed conditions).
• Photos: facial photos you take for skin analysis and check-ins. These are processed by our AI and stored securely.
• Routine and habit data: skincare routine completion, habit tracking entries (water intake, sleep, SPF use).

2.2 Information Collected Automatically

• Device information: device type, operating system version, and unique device identifiers.
• Usage data: app interactions, feature usage patterns, and session duration.
• Crash and performance data: error logs and diagnostics to improve app stability.

3. How We Use Your Information

We use the information we collect to:

• Provide personalized skin analysis using AI.
• Generate customized skincare routines based on your skin profile and questionnaire answers.
• Track your skin health progress over time.
• Analyze product ingredients for compatibility with your skin.
• Generate AI-powered insights connecting your routine and habits to skin improvements.
• Improve and optimize our App and AI models.
• Communicate with you about your account, updates, and support.

4. Photo Data

Your facial photos are central to Derma AI's functionality. Here is how we handle them:

• Photos are transmitted securely (encrypted in transit) to our AI processing service for analysis.
• Photos are stored in your private account storage and are not shared with other users.
• We retain photos for up to 90 days after your last activity. Our automated photo cleanup service removes older photos.
• You can request deletion of all your photos at any time through the App or by contacting us.
• We do not use your photos for advertising or sell them to third parties.

5. Data Sharing

We do not sell your personal information. We may share your information with:

• AI processing services (Google Cloud): Your facial photos and skin profile data are sent to Google Cloud AI services for skin analysis. Google processes this data solely to provide analysis results and does not use it for advertising or to train general AI models. Data is transmitted securely and handled in accordance with Google Cloud's data processing terms.
• Cloud infrastructure (Supabase): Supabase for authentication and data storage. Your data is encrypted at rest and in transit.
• Analytics (Mixpanel): We use Mixpanel to understand how the App is used and to improve the experience. Mixpanel receives anonymized usage data and device identifiers. You can opt out of analytics in the App under Privacy settings.
• Error monitoring (Sentry): Sentry for crash reporting and diagnostics. Error reports may include device type and app state but do not include facial photos or personal health data.
• Legal requirements: if required by law, court order, or governmental authority.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (TLS/SSL) and at rest.
• Secure authentication via Supabase Auth.
• Row-level security policies ensuring users can only access their own data.
• Regular security audits and monitoring.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Access: request a copy of your personal data.
• Rectification: request correction of inaccurate data.
• Erasure: request deletion of your personal data.
• Data portability: export your data in a structured, machine-readable format. You can use the data export feature in the App under Profile > Export My Data.
• Restriction: request restriction of processing.
• Objection: object to processing based on legitimate interests.

To exercise any of these rights, please contact us at the email address below.

8. Your Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: you may request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete: you may request deletion of your personal information. You can delete your account and all associated data directly in the App under Privacy settings.
• Right to Opt-Out of Sale: we do not sell your personal information to third parties.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at [email protected] or use the in-app data management features.

9. Data Retention

• Account data: retained for as long as your account is active.
• Photos: retained for up to 90 days after your last activity, then automatically cleaned up.
• Analysis results: retained for the life of your account to enable progress tracking.
• Cached AI insights: stored locally on your device and refreshed periodically.

When you delete your account, all associated data is permanently removed within 30 days.

10. Children's Privacy

Derma AI is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the "Last updated" date above.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Pulse Labs
Email: [email protected]