Privacy Policy

Introduction

This Privacy Policy explains how Sera (“Sera,” “we,” “our,” or “us”) handles your information when you use our mobile application (“the App”). Sera is a beauty and skincare app that helps you scan products, understand ingredients, get personalized skincare information, and build a routine. The App is an informational and cosmetic tool and is not a medical or dermatological service.

We have designed Sera to be privacy-first. Wherever possible, your personal skincare information stays on your device, and we minimize what we store about you.

Contact: For any privacy question, email us at seraskincareapp@gmail.com.

Privacy at a Glance

• Your face scan photos are never stored on our servers. A photo is sent to our AI provider for analysis and then discarded. Only the resulting scores stay on your account. The photo itself remains on your device only.
• Your skincare profile stays on your device. Your onboarding answers (skin type, concerns, sensitivities, etc.) are stored locally on your phone. They are sent to our AI provider only at the moment we generate a result for you, and are not used to build a profile of you on our servers.
• You can start anonymously. You do not need an account to use core features.
• Analytics is anonymous and privacy-preserving. We do not put your name or email into our analytics tools.

What Data We Collect and How

Account & identity

When you first open the App, we create an anonymous account identified by a random ID. This does not contain your name or email. If you choose to save your progress across devices, you can sign in with:

• Sign in with Apple — we receive your email address (or Apple’s private relay address if you choose to hide it), and your name only if you choose to share it.
• Email magic link — we receive the email address you provide.
• Display name — optional. You can set or change a name inside the App.

Skincare information you provide

During onboarding and use, you provide skincare-related information such as your skin type, skin concerns, sensitivities, age range, and preferences. This information is stored locally on your device. It is transmitted to our AI provider only transiently, to generate personalized results for you (for example, a product match or a recommendation), and is not stored as a personal profile on our servers.

Face scans

• The photo: When you take a face scan, the image is sent securely to our AI provider (Google) for visual skin analysis. It is then discarded — we do not store the photo in any database or storage bucket. The photo, along with any on-device face-mapping data, stays on your device so you can view your scan history.
• The results: Only the numeric outputs of the analysis (skin scores, metric values, and the assistant’s text summary) are saved to your account.

Because a face scan analyzes features of your face, we treat it with extra care and only perform it after you confirm an in-app notice. You can skip storing results by not signing in, and you can delete results at any time.

Product scans

When you scan a skincare product, the photo is sent to our AI provider to identify the product and read its ingredient list. Unlike face scans, product photos are uploaded and stored so that we can identify and curate the product. If a product is not yet in our catalog, it stays visible to you on your device while it is under review.

We may publish a product image to our shared catalog only if it shows the product alone. If a photo contains a person or anything other than the product, we replace it with a proper product image and delete your uploaded photo. We also keep your personal scan history (which products you scanned, and when) on your account.

AI assistant (chat)

• Free users: your chat history is stored locally on your device. Each message is sent to our AI provider to generate a reply, with minimal context.
• Pro users: your chat sessions and messages are stored on your account so they sync across devices, and may include context such as your skin information, routine, and most recent face-scan summary to give better answers.

Routines & saved products

Your routine (morning/evening product order) and saved products are stored on your account so they sync across your devices.

Subscriptions

In-app purchases are handled by Apple and managed through RevenueCat. We receive your subscription status and transaction identifiers, linked to your account ID. We do not receive your full payment-card details.

Analytics

We use PostHog (hosted in the EU) to understand how the App is used so we can improve it — for example, which screens and features are used, and where people drop off during onboarding. Analytics events are sent anonymously. After you sign in, we may associate analytics with your account using your random account ID (a pseudonymous identifier) to understand retention and engagement — we do not send your name or email to our analytics provider.

Advertising & attribution

We use, or will use, advertising and measurement partners (such as Meta, TikTok, and Apple Ads) to promote the App and understand which campaigns lead to installs. On iOS, any such tracking only happens if you grant permission through Apple’s App Tracking Transparency prompt. If you decline, we do not use these advertising/attribution partners for you, but we still run our anonymous, first-party analytics described above.

Device permissions

• Camera & photo library — to take or select photos for product and face scans.
• Notifications — to send routine reminders. These reminders are scheduled locally on your device.

AI Processing (Google Gemini)

Sera uses Google’s Gemini API on a paid plan to power features such as product analysis, face-scan analysis, recommendations, and the AI assistant. Photos, messages, and the skincare information needed for a result are sent to Google for processing.

Because we use the paid Gemini API, Google does not use this content to train its models, and retains it only transiently for security and abuse-prevention purposes before deletion. Google acts as our processor for this purpose.

How We Use Your Data & Legal Bases

Under the EU/UK General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Performance of a contract — to provide the App’s core features (scanning, routines, recommendations, the assistant) and to manage your subscription.
• Your consent — to process the skincare information and face scans you choose to submit, and to use advertising/attribution partners (via the ATT prompt). You can withdraw consent at any time.
• Legitimate interests — to run privacy-preserving analytics, keep the App secure, prevent abuse, and improve our product and catalog.

We do not:

• Sell your personal data.
• Store your face-scan photos on our servers.
• Put your name or email into our analytics tools.

Service Providers We Share Data With

We use a limited set of trusted providers to operate the App:

• Supabase — database, authentication, and storage (hosting our backend).
• Google (Gemini API) — AI processing, as described above.
• RevenueCat & Apple — subscription management and payments.
• PostHog — anonymous/pseudonymous product analytics (EU-hosted).
• Meta, TikTok, Apple Ads — advertising and attribution, only with your ATT consent.

Product information and some product images in our catalog are sourced from Open Beauty Facts under their open licenses. This is product data, not your personal data.

International Data Transfers

Some of our providers (including Supabase, Google, RevenueCat, and certain advertising partners) process data in the United States. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

Data Retention

• Registered accounts: we keep your data until you delete your account.
• Anonymous accounts: we may delete an anonymous account and its associated data after a period of inactivity (currently around 90 days).
• On-device data (your skincare profile, face-scan photos, free-tier chats) is removed when you delete the App.
• Face-scan photos are never retained on our servers.

Your Rights

Under the GDPR you have the right to:

• Access — request a copy of the personal data we hold about you.
• Deletion — delete your account in the App, or request deletion by email. This removes your personal data from our servers.
• Rectification — correct inaccurate data.
• Portability — receive your data in a portable format.
• Object / restrict — object to processing based on legitimate interests.
• Withdraw consent — at any time, for processing based on consent (for example, disabling tracking in your device settings).
• Complain — lodge a complaint with a data protection supervisory authority.

To exercise any of these rights, contact us at seraskincareapp@gmail.com. We will respond within the time required by law (generally within 30 days).

Children’s Privacy

Sera is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at seraskincareapp@gmail.com and we will delete it.

Security

We use industry-standard measures to protect your data, including encryption in transit, access controls, and row-level security on our database. No method of transmission or storage is completely secure, but we work to protect your information and limit what we collect.

Not Medical Advice

Sera is a beauty and informational tool. Skin scores, product ratings, and assistant responses are based on publicly available ingredient data and AI-assisted analysis, and are for general informational purposes only. They are not medical advice, diagnosis, or treatment, and do not replace a qualified dermatologist or healthcare professional. See our Terms of Service for more.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above. For significant changes, we will notify you through the App or other appropriate means.

Contact Us

For privacy questions or to exercise your rights, email us at seraskincareapp@gmail.com.