Privacy Policy

What we collect

Account information — when you sign in, Clerk (our authentication provider) handles the sign-in flow and provides us with your name and email address. We store these to associate your data with your account.

Product data — products you add to your collection, ingredient lists, ratings, and notes you write.

Journal entries — daily skin logs including a rating (1–5), concern tags, and optional freeform notes.

Skin profile — answers to the onboarding quiz (skin type, concerns, sensitivity level, routine age). This is used to personalise the AI Copilot's responses.

Skin photos — if you use Skin Observation (the photo-based feature), your photo is sent to Anthropic's Claude Vision API for processing. We do not store the photo on our servers. It is processed in transit and the description is returned to you.

Usage data — basic app events (page visits, feature use) tracked by a self-hosted analytics tool. No advertising-grade tracking, no cross-site tracking.

How we use it

To provide the app — your products, routines, and journal entries are the core of what SkinAtlas does. We store and query this data to show you your history, run correlation analysis, and power the AI Copilot.

To personalise the AI Copilot — when you ask the Copilot a question, relevant context from your product list, routine, and recent journal entries is included in the prompt sent to Anthropic. The Copilot's answers are grounded in your actual data, not generic skincare advice.

To improve the app — usage patterns help us understand which features are useful and which are confusing. We do not sell this data or use it for advertising.

To communicate with you — if you contact us via the contact form or email, we will use your email address to reply. We do not send marketing emails unless you explicitly opt in.

Third-party services

Clerk — handles authentication (sign-in, session management). When you sign in with Google, Clerk manages that OAuth flow. Clerk stores your name and email. Their privacy policy is at clerk.com/privacy.

Anthropic — processes AI Copilot requests and Skin Observation photos. Prompts and photos are sent to Anthropic's API and are subject to their usage policy at anthropic.com/privacy.

Turso — our database provider. Your product data, journal entries, and skin logs are stored in a Turso database hosted in the US.

Netlify — hosts the SkinAtlas web application. Web traffic passes through Netlify's infrastructure.

Google — if you sign in with Google, your Google account credentials are handled by Clerk's OAuth integration. SkinAtlas does not directly receive your Google password.

Stripe (future) — if you subscribe to SkinAtlas Pro, payment is processed by Stripe. SkinAtlas never receives or stores your card details.

Cookies and local storage

SkinAtlas uses session cookies managed by Clerk for authentication. These are strictly necessary and cannot be disabled without breaking the sign-in functionality.

If you use the app as a guest, your product collection is stored in your browser's localStorage. This data never leaves your device unless you sign in.

We do not use advertising cookies, tracking pixels, or any third-party analytics cookies.

Public sharing

If you use the routine sharing feature, your AM/PM routine, key ingredients, and skin type tag become publicly visible at your share link (/r/your-handle). You can delete this link at any time from the Routines page, which immediately removes the public page.

No other data is public by default. Your journal entries, skin logs, and product notes are always private.

Data retention

Your account data is retained for as long as your account is active. If you delete your account, your data is deleted within 30 days.

To request account deletion or a copy of your data, contact us at [email protected] or through the contact form at skinatlas.app/contact.

Skin observation photos are not stored by SkinAtlas — they are processed by Anthropic and the raw photo is not retained after the API call completes.

International transfers

SkinAtlas is operated from outside the US, but our infrastructure providers (Clerk, Netlify, Anthropic, Turso) are US-based. Your data is therefore transferred to and processed in the United States.

For users in the EEA, UK, or Switzerland, these transfers are made under the European Commission's Standard Contractual Clauses (SCCs). Each provider's own DPA covers the transfer terms.

Your rights

Depending on where you live, you may have rights including: access to your data, correction of inaccurate data, deletion of your data, data portability, and the right to object to certain processing.

California residents (CCPA): you have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. SkinAtlas does not sell personal information.

EEA/UK/Swiss residents (GDPR/UK GDPR/FADP): you have the right to access, correct, delete, and port your data. You can withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.

Canadian residents (PIPEDA, Law 25): you have the right to access your personal information and request corrections.

Australian and New Zealand residents: you have rights under the Australian Privacy Act and NZ Privacy Act 2020 including access and correction rights.

To exercise any of these rights, contact us at [email protected] or at skinatlas.app/contact.

Children

SkinAtlas is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. When we do, we'll update the date at the top of this page. If the changes are material, we'll make a note in What's New. Continued use of SkinAtlas after changes take effect means you accept the updated policy.

Contact

For privacy questions or to exercise your rights, email [email protected] or use the contact form at skinatlas.app/contact. We aim to respond within 30 days.