Last updated: May 15, 2026

Privacy Policy

This privacy policy explains how your personal data is collected, used and protected when you use the Cosmedoe app.

1. Data We Collect

Cosmedoe collects the following data:

  • Account information: Email address, name (optional).
  • Skin profile: Allergen and sensitive group information entered only by you.
  • Analysis history: Results of cosmetic products you have analysed (photos are not stored).
  • Device data: Anonymous device ID (for guest user quota tracking).
  • Notification token: Anonymous device token for push notifications (only if you grant notification permission).

Cosmedoe does not store photos of analysed cosmetic products on its servers.

2. How We Use Your Data

  • To provide personalised analysis results.
  • To manage your account and analysis history.
  • To ensure service security and prevent misuse.
  • To fulfil legal obligations.

3. Third-Party Services

  • Supabase — authentication and database (EU GDPR compliant). Data is stored in EU data centres.
  • Anthropic Claude — AI analysis engine. Photos are only transmitted at the moment of analysis and are not added to training data. Data may be temporarily processed on EU or US servers.
  • RevenueCat — subscription management (GDPR compliant). Only purchase and subscription data is shared; no skin profile data is transmitted.

4. Data Security

Your data is transmitted with industry-standard encryption (TLS). Authentication tokens are stored in your device's secure storage.

5. Data Retention

When you delete your account, all your personal data is permanently deleted within 30 days.

6. Your Rights

Under GDPR you have the following rights:

  • To access your data and request a copy.
  • To request correction of inaccurate data.
  • To request erasure of your data ("right to be forgotten").
  • To object to or request restriction of data processing.
  • Data portability (GDPR Art. 20): You may request your data be delivered to you in a machine-readable format.
  • Breach notification: In the event of a security breach, competent authorities will be notified within 72 hours as required by GDPR, and affected users will be informed as soon as possible.

To exercise these rights write to [email protected].

7. Cookies

The mobile app does not use cookies. The website uses only technically necessary cookies.

8. Policy Changes

We reserve the right to update this policy. In the event of material changes, a notification will be sent to your registered email address or announced within the app. Continued use of the app after the effective date of any change constitutes acceptance of the updated policy.

9. Contact

[email protected]