Privacy Policy

1. Introduction

Welcome to DermAI, an AI-powered skin analysis application developed by Sriram Narlapati. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our mobile application and related services.

We are committed to protecting your privacy and ensuring the security of your personal data. This policy complies with applicable privacy laws including GDPR, CCPA, and other relevant regulations.

Contact Information:

• Email: sriramnarlapati4@gmail.com
• Developer: Sriram Narlapati
• App: DermAI

2. Information We Collect

Authentication Data

• Google Sign-In: Email address, name, profile picture (if provided)
• Apple Sign-In: Email address, name (if provided), Apple user identifier
• Firebase User ID: Unique identifier for your account

Skin Analysis Data

• Photos: Images you upload from camera or photo library for skin analysis
• Analysis Results: AI-generated data including hydration, smoothness, tone, clarity measurements
• Skin Preferences: Your skin type, concerns, and goals
• Dream Skin Goals: Your personalized skincare objectives

App Usage Data

• Skincare Routines: Your personalized AM/PM routines and preferences
• Analysis History: Records of past skin analyses and progress tracking
• Subscription Status: Premium features access and billing information via RevenueCat
• App Interactions: Features used, session duration, and usage patterns

Device Permissions

• Camera: To capture photos for skin analysis
• Photo Library: To select existing photos for analysis
• Notifications: To send routine reminders and app updates

3. How We Use Your Information

We use your personal information for the following purposes:

• Provide AI-Driven Skin Analysis: Process your photos to generate skin health insights
• Generate Personalized Routines: Create customized AM/PM skincare recommendations
• Track Progress: Monitor your skin health improvements over time
• Send Reminders: Notify you about your skincare routine and app updates
• Improve Our Services: Enhance app features and AI accuracy (using anonymized data)
• Account Management: Maintain your profile and authentication
• Subscription Management: Process payments and manage premium features

4. Information Sharing & Third Parties

We work with trusted third-party services to provide our app functionality:

Firebase (Google)

• Purpose: Data storage, authentication, and app infrastructure
• Data Shared: User profiles, analysis results, photos, app usage data
• Privacy Policy: Google Privacy Policy

RevenueCat

• Purpose: Subscription and in-app purchase management
• Data Shared: User ID, subscription status, purchase history
• Privacy Policy: RevenueCat Privacy Policy

Google Sign-In & Apple Sign-In

• Purpose: Secure user authentication
• Data Shared: Basic profile information as authorized by you
• Privacy Policies: Google | Apple

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Storage & Security

Storage Locations

• Firebase Firestore: User profiles, analysis results, skincare routines
• Firebase Storage: Encrypted photo uploads
• RevenueCat: Subscription and purchase records

Security Measures

• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict Firebase security rules with least-privilege access
• Authentication: Secure OAuth 2.0 login via Google/Apple
• Monitoring: Periodic access reviews and security monitoring
• Regular Updates: Security patches and vulnerability assessments

Data Retention

• Account Active: Data retained while your account exists
• Account Deletion: All personal data deleted within 30 days
• Legal Requirements: Some data may be retained longer if required by law

6. Your Rights & Controls

You have the following rights regarding your personal data:

Access & Export

• View all your stored data within the app
• Request a copy of your data by emailing sriramnarlapati4@gmail.com

Deletion

• You can delete your account in Settings → Account → Delete Account. This permanently removes your personal data from our servers within 30 days.
• We permanently delete personal data (including photos and analysis results) from our active systems within 30 days and from backups within 90 days.
• Certain transaction records may be retained if required by law.

Control & Management

• Manage notification preferences in app settings
• Revoke camera and photo library permissions in device settings
• Update or correct your profile information

Portability

• Export your skincare routine and analysis history
• Request data in machine-readable format

7. Sensitive Data Handling

Biometric Data

DermAI processes facial images only to evaluate skin attributes (e.g., texture, redness, hydration). We do not use facial images for identity verification or facial recognition. Unless you explicitly opt in, your photos and analysis data are not used to train our machine learning models. You may withdraw consent at any time by turning off photo uploads or deleting your account.

• Purpose: AI-powered skin health analysis only
• No Identity Verification: We do not use facial images for identity verification or facial recognition
• Model Training: Photos are not used for AI training unless you explicitly opt in
• Retention: Photos stored securely, deleted upon account deletion
• No Sharing: Never shared with advertisers or third parties

Health-Related Information

Medical Disclaimer: DermAI provides general skincare information and is not intended for medical diagnosis or treatment. Our analysis results are for informational purposes only.

• Data is handled with healthcare-level security standards
• No sharing with insurance companies or employers
• Consult healthcare professionals for medical concerns

8. Legal Compliance

GDPR (European Union)

• Lawful Basis: Consent and legitimate interest
• Data Subject Rights: Access, rectification, erasure, portability
• Contact: sriramnarlapati4@gmail.com for GDPR requests

CCPA/CPRA & Other US State Laws

For residents of California, Virginia, Colorado, Connecticut, and Utah, you may have rights to access, delete, correct, and opt out of targeted advertising, sale, or profiling. DermAI does not sell or share personal information for cross-context behavioral advertising. To exercise rights or appeal a decision, email sriramnarlapati4@gmail.com; we respond within 45 days.

• Right to Know: Categories and sources of personal information
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: No sale of personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices
• Appeals: If we deny a rights request, you may appeal by replying to our response email; we'll respond within 45 days

COPPA Compliance

DermAI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

9. International Data Transfers

We use Google Firebase, which may process data in multiple regions. For EU/UK users, transfers rely on Standard Contractual Clauses (SCCs) and comparable safeguards.

• Firebase: Google's global server infrastructure
• Transfer Mechanism: Standard Contractual Clauses (SCCs) with Google/Firebase
• Safeguards: Adequate protection mechanisms in place
• EU/UK: We are not required to appoint an EU/UK representative

10. Cookies & Tracking

Our mobile app uses minimal tracking technologies:

• Analytics: Basic usage statistics (anonymized)
• Authentication: Session management tokens
• No Advertising: We don't use advertising cookies or trackers

11. Policy Updates

We may update this Privacy Policy from time to time:

• Notification: In-app notification and email for material changes
• Effective Date: Changes take effect 30 days after notification
• Continued Use: Using the app after changes constitutes acceptance
• Version History: Previous versions available upon request

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

General Inquiries

• Email: sriramnarlapati4@gmail.com
• Developer: Sriram Narlapati
• App: DermAI

Data Protection Requests

For GDPR, CCPA, or other privacy law requests, please email us with:

• Your registered email address
• Specific request type (access, deletion, portability)
• Verification information

Response Time

We respond to privacy requests within 30 days (GDPR) and up to 45 days where permitted by law (e.g., California).

Summary

DermAI is committed to protecting your privacy. We collect only the information necessary to provide our AI-powered skin analysis service, use industry-standard security measures, and give you full control over your data. Your photos and personal information are never sold or shared for advertising purposes.

For questions or to exercise your privacy rights, contact us at sriramnarlapati4@gmail.com.