Privacy Policy

Last updated: June 4, 2026

Craze Software, LLC(“we”, “us”, “our”) operates the Skin AI mobile application (the “App”). This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. By using the App you agree to this policy.

1. Information we collect

You provide directly

  • Account info — email address (or Apple/Google sign-in identifier), display name.
  • Onboarding answers — date of birth, gender, skin type, primary skin concern, goals, current routine complexity, whether you see a dermatologist, and similar personalization questions.
  • Selfies (facial images) — photos of your face you submit for skin analysis. Stored in our private, access-controlled object storage and sent to OpenAI, our third-party AI vision provider, to generate your skin scores. See Section 4 (Facial image data) for full detail. We do not use these images for face recognition and do not build a faceprint or facial-geometry template from them.
  • Product photos — photos of skincare products you scan to identify them or add to your shelf.
  • Habit and journal entries — daily routine check-ins, water intake, sleep, mood selections, free-text journal notes, and optional photos.

Generated automatically

  • Skin analysis results — your computed Skin Age, sub-scores, and zone breakdown derived from each selfie.
  • Subscription state — whether you have an active Pro entitlement, processed through RevenueCat (we do not see your payment card; the App Store / Google Play handles billing).
  • Conversion events — anonymized usage events (paywall shown, scan completed, product clicked, etc.) used to measure product performance.
  • Affiliate click tracking — when you tap a shop link we record the product and timestamp so we can attribute referral revenue.

2. How we use your information

  • Run AI skin analysis and generate your AM/PM routine and recommendations.
  • Track progress over time — scans, sub-score trends, weekly reports, streaks.
  • Schedule local reminder notifications for your routine and scan cadence (push only; never sold).
  • Improve the App — debug crashes, measure conversion funnels, and decide which features to invest in.
  • Comply with legal obligations and enforce our Terms of Service.

3. Who we share with

We do not sell your data. We share only with service providers we depend on to run the App:

  • OpenAI— our third-party AI provider (OpenAI, L.L.C.). Performs the vision and text-generation steps that produce your skin analysis and routine. Your selfies and product photos are transmitted to the OpenAI API over an encrypted connection solely to generate that analysis. Under OpenAI’s API data-usage policy this data is notused to train OpenAI’s models, is retained by OpenAI for up to 30 days for abuse monitoring and then deleted, and is protected at a level comparable to the safeguards described in this policy.
  • Supabase — hosts our Postgres database, authentication, and image storage. Servers located in the United States.
  • RevenueCat — manages subscription state received from Apple and Google.
  • Apple Sign-In and Google Sign-In — when you choose those login methods.
  • Amazon Associates and other affiliate partners — when you tap an affiliate link, the partner sees the referral but does not receive your personal account data from us.

We may also disclose information when required by law, to protect our rights, or in connection with a corporate transaction (in which case we will continue to honor this policy).

4. Facial image data

Because skin analysis relies on photos of your face, we want to be explicit about how that facial image data is handled:

  • What we collect — still images of your face that you capture with the front camera, or select from your photo library, for a skin scan.
  • How we collect it — only when you actively take or choose a photo for analysis, after you have granted camera or photo-library permission.
  • How we use it — solely to generate your Skin Age, sub-scores, and facial-zone breakdown, and to let you view and compare your own past scans over time.
  • Who we share it with — each image is sent to OpenAI, our third-party AI vision provider, over an encrypted connection to produce the analysis. We do not sell facial images, share them with advertisers, or use them for advertising.
  • What we do not do — we do not use facial images for identity verification or face recognition, and we do not create a faceprint, facial-geometry template, or any other biometric identifier from them.
  • Retention — your selfies are stored in our private, access-controlled storage for as long as your account is active so you can track progress, and are deleted when you delete your account or remove an individual scan (backups rotate within 30 days). Copies transmitted to OpenAI are retained by OpenAI for up to 30 days for abuse monitoring and then deleted, and are never used to train its models.

5. Retention and deletion

We keep your data while your account is active. You can delete your account from inside the App (Settings → Delete Account). Deletion immediately removes your profile, scans, plans, habits, journal entries, subscription history, affiliate clicks, and stored selfies. Backups are rotated within 30 days.

To request deletion outside the App, email us at support@aiskinapp.com from the address associated with your account.

6. Your rights

Depending on where you live you may have rights to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (one-tap inside the App).
  • Object to certain processing or opt out of analytics.
  • Port your data to another service.

Reach support@aiskinapp.com to exercise any of these rights. We respond within 30 days.

7. Children

Skin AI is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, contact us and we will delete the account.

8. International users

The App is operated from the United States. By using it you consent to your information being transferred to and processed in the U.S. and any other country where our service providers operate.

9. Security

We use industry-standard transport encryption (HTTPS/TLS) for all communication, encrypted at-rest storage, and Row-Level Security in our database to make sure your records are accessible only to you. No method is perfectly secure; we will notify affected users if a breach materially affects them.

10. Changes

We may update this policy. When we do, we’ll change the “Last updated” date at the top and surface a notice in the App for material changes. Continued use after the effective date means you accept the revised policy.

11. Contact

Questions, complaints, or rights requests: support@aiskinapp.com
Craze Software, LLC