Privacy policy

• Uploaded label photos. When you check a routine you may upload photos of product labels. We use them to read the brand, product name, barcode and ingredient list so we can match the product and run the compatibility check. Photos are processed by our optical-character-recognition and (when configured) vision provider purely to extract that text.
• Scans and results. Each check creates a scan record holding the products you confirmed and the resulting compatibility report. We store these so the report can be reopened later (and so a future SkinCheck app can refetch it).
• Account. If you create an account we store your email, an optional display name, and a securely hashed password (we never store the password itself). Signing in lets you keep a “shelf” of products you own and check them against each other.
• Operational data. We log technical information needed to run the service securely, such as rate-limit counters keyed by IP address. We do not sell your data or use it for advertising.

We process uploaded photos and scans to provide the check you asked for (performance of a service / your consent), and account data to operate your account. SkinCheck is a wellness and education tool — it does not diagnose conditions or make treatment claims, and we do not process this data to evaluate your health.

Uploaded images. Label photos are kept only as long as needed to produce and re-display your result. Where object storage is used in production, a bucket lifecycle rule on the uploads/ prefix expires un-promoted scan images after a short window. You can delete them at any time from your account settings.

Scans and results. Scan and compatibility-result records persist while they remain useful to you. Deleting your account removes them; you can also request deletion at any time.

Account. Account data is retained until you delete your account.

From your account settings you can:

• Download your data. Export a JSON file containing your account profile, your scans and results, your submissions and your shelf (GDPR data portability / CCPA right to know).
• Delete your account. Permanently erase your account along with your scans, results, uploaded images, submissions and shelf (GDPR right to erasure / CCPA right to delete). This cannot be undone.

Essential cookies.We use a small number of strictly necessary cookies to run the site — for example to keep you signed in and to protect against cross-site request forgery. These are required for the service to work, so they don’t need consent.

Optional analytics. Any non-essential analytics or tracking is off by defaultand only runs after you explicitly opt in. On your first visit a consent banner asks for that choice; nothing optional loads or sends data until you accept. If you choose “Essential only” (or simply dismiss the banner), no tracking happens.

Changing or withdrawing consent. Your choice is stored locally in a first-party skincheck_consent cookie on your own device — it holds only your preference, no identifier. You can change it or withdraw consent at any time using the Cookie settings control in the bottom-left corner of any page; withdrawing takes effect immediately.

Product reference data comes from Open Beauty Facts contributors (ODbL) and EU CosIng, as attributed in the footer. These cover products and ingredients in general, not you.