1. What Information Do We Collect?
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You
In Short: The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
- Selfies
Application Data
If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's contacts, camera, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
Important: All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Sensitive Information
We do not collect biometric identifiers for the purpose of identifying you, and we do not perform facial recognition to authenticate users or recognize you across sessions. Users may voluntarily submit a selfie for acne-related analysis; we do not create biometric templates for identity purposes. TrueDepth/ARKit signals used during the scan (such as face detected/lost and pose angles) are processed in real time to guide the scan and are not stored as persistent biometric profile data. Selfie images may be stored when needed to provide analysis, profile display, and progress/history features, as described in the "Image Retention" section below.
Payment Data
If you make purchases, we may collect data necessary to process your payment, such as your payment instrument number and the security code associated with your payment instrument. All payment data is stored by Apple. You can find their privacy notice here.
Information Automatically Collected
In Short: Some information such as your Internet Protocol (IP) address and/or browser and device characteristics is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as:
- Your IP address
- Browser and device characteristics
- Operating system
- Language preferences
- Referring URLs
- Device name
- Country and location
- Information about how and when you use our Services
This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Log and Usage Data
Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include:
- Your IP address
- Device information
- Browser type and settings
- Information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use)
- Device event information (such as system activity, error reports sometimes called "crash dumps", and hardware settings)
Images Containing Faces (Selfies)
Users can voluntarily upload a facial image for acne analysis. We do not perform facial recognition or biometric identification. We only analyze visible skin features related to acne.
TrueDepth API Data (Face Scan)
On supported iOS devices, we use Apple's TrueDepth-based ARKit face tracking during the face-scan flow. During this scan, we process: (i) face tracking status (face detected/lost), (ii) face pose angles (yaw/pitch), and (iii) a camera frame (selfie image) captured for acne analysis.
We do not use this data for identity verification. We do not perform facial recognition, we do not create biometric templates, and we do not store depth maps as biometric identifiers.
2. How Do We Process Your Information?
We process your data to provide, improve, and secure our services. This includes:
- Maintaining and securing our application
- Providing customer support
- Ensuring compliance with legal regulations
AI Processing of Images
When you submit an image for acne analysis, the image is transmitted to our contracted AI processors (including OpenAI and AILABAPI) solely to generate acne insights. We do not use the image to identify you or to build biometric templates.
If the user chooses to display the image in their profile, we store that image to provide the profile feature and historical tracking.
How We Use TrueDepth / ARKit Data
Face scans are initiated only when you use the in-app face-scan flow. We use TrueDepth-based ARKit face tracking to detect whether a face is present, to measure face pose (for example yaw and pitch) to guide you to hold steady and turn your head as instructed, and to capture a camera frame (selfie) for acne-related analysis. We do not use TrueDepth data for Face ID, identity verification, or user recognition.
3. What Legal Bases Do We Rely On to Process Your Personal Information?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable laws, like with your consent, to comply with laws, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If You Are Located in the EU or UK
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Contact us to do it.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If You Are Located in Canada
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
4. When and With Whom Do We Share Your Personal Information?
In Short: We may share information in specific situations and with specific third parties.
We may share your data with service providers, contractors, or agents who perform services for us or on our behalf. These third parties are bound by contractual obligations to protect your data.
Vendors, Consultants, and Other Third-Party Service Providers
First-Party Storage
Images may be stored on infrastructure we control (for example cloud storage and databases provided through our service providers) to provide acne analysis, profile display, and progress/history features. We do not sell images and we do not share them with advertising partners.
We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that:
- They cannot do anything with your personal information unless we have instructed them to do so.
- They will not share your personal information with any organization apart from us.
- They commit to protecting the data they hold on our behalf and to retaining it only for the period we instruct.
- They retain data only as instructed by us and in line with this privacy policy, including the retention periods described below where applicable.
The categories of third parties with whom we may share personal information include:
- Data Analytics Services
- Data Storage Service Providers
AI Service Providers
To provide acne-related analysis and image processing features, we may share submitted images with contracted AI processors, including OpenAI and AILABAPI, solely to perform the service you request (for example generating insights or applying image processing). These providers act as processors under contractual obligations, must not use your images for purposes unrelated to providing our service, and must not sell your personal data. We do not share images with advertising partners.
Business Transfers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
5. What Is Our Stance on Third-Party Websites?
In Short: We are not responsible for the security of any information you share with third-party providers who advertise, but are not affiliated with, our websites.
The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us.
Important: The inclusion of a link to a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third parties.
Any data collected by third parties is not covered by this privacy notice. We are not responsible for the content, privacy, or security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Services. You should review the policies of such third parties and contact them directly if you have any questions.
6. Is Your Information Transferred Internationally?
In Short: Yes, your information may be transferred, stored, and processed in countries other than your own.
Our servers are located in Switzerland. We may transfer your personal data to countries outside Switzerland. In such cases, we ensure that appropriate safeguards are in place to protect your data, in compliance with Swiss data protection laws.
If you are located in the European Economic Area (EEA), United Kingdom (UK), or another region with laws governing data collection and use, please be aware that your information may be transferred to countries that do not have the same data protection laws as your jurisdiction. In such cases, we ensure that appropriate safeguards are in place, such as relying on Standard Contractual Clauses approved by the European Commission, to protect your personal information.
You can request a copy of these safeguards by contacting us at contact@acne-track.com.
European Commission's Standard Contractual Clauses
We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers.
- These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations.
- Our Standard Contractual Clauses can be provided upon request.
- We have implemented similar appropriate safeguards with our third-party service providers and partners, and further details can be provided upon request.
International Transfers for AI Processing
Image processing via third-party AI processors (including OpenAI and AILABAPI) and related cloud infrastructure may involve transfers outside your country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses). Details are available upon request.
7. How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice, unless otherwise required by law.
We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law (such as for tax, legal, accounting, or other regulatory purposes).
- User Account Data: We retain this data as long as you maintain an account with us. If you choose to delete your account, all associated data will be permanently deleted within 30 days, except where required for legal or regulatory purposes.
- Payment Data: We retain this data only for the duration required to complete the transaction or as required for financial records and audit purposes.
- Analytics and Log Data: We keep this information for up to 12 months to ensure we can monitor app performance, improve our services, and address any issues with user engagement or fraud detection.
Important: Once your personal information is no longer necessary for our legitimate business interests or required by law, we will securely delete, anonymize, or isolate it to prevent further processing.
Image Retention
Images submitted for acne analysis and chosen by the user to appear in their profile are stored securely and encrypted at rest. We keep these images until the user deletes them from the app, or for a maximum of 24 months after the last account activity, whichever occurs first. When deleted by the user or upon account deletion, images are permanently removed from our storage within 30 days.
TrueDepth / ARKit Data Retention
Real-time TrueDepth/ARKit tracking signals used during the scan (such as face detected/lost and pose angles) are ephemeral and are not retained as account profile data after the scan session ends. Temporary files created on the device during capture may be removed as part of normal app operation.
8. How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process.
Our Security Measures
- Encryption: We encrypt sensitive data to prevent unauthorized access.
- Access Controls: Only authorized personnel have access to personal data.
- Firewalls: We use firewall protection to block unauthorized access.
- Regular Monitoring: We regularly scan and monitor our systems for vulnerabilities and potential cyber threats.
- Transport Encryption: Images sent to the AI processor are protected in transit using encryption.
- Encryption at Rest: Profile images are stored encrypted at rest in our cloud storage.
Important: Although we do our best to protect your personal information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.
9. Do We Collect Information from Minors?
Our app is designed for general audiences, and we prioritize the privacy and safety of all users, including minors.
We do not knowingly collect personal information from children under the age of 13 where this is restricted by law, such as under the Children's Online Privacy Protection Act (COPPA) in the United States. If we become aware that personal information has been inadvertently collected from a child under the applicable age of consent in their jurisdiction, we will take immediate steps to delete such data.
Our application does not have an age restriction and can be used by individuals of all ages. However, we encourage parents or guardians to actively supervise and be involved in the online activities and app usage of their children.
Important: If you believe that your child has provided us with personal data without your consent, please contact us at contact@acne-track.com, and we will address your concerns promptly.
10. What Are Your Privacy Rights?
In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.
In certain regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to:
- Request access and obtain a copy of your personal information.
- Request rectification or erasure of your personal data.
- Restrict the processing of your personal information.
- Data portability: If applicable, request the transfer of your data to another service.
- Object to automated decision-making that affects you significantly.
Opting Out of Marketing and Promotional Communications
You can unsubscribe from our marketing and promotional communications at any time by:
- Replying "STOP" or "UNSUBSCRIBE" to the SMS messages that we send.
- Contacting us using the details provided in the "How Can You Contact Us?" section.
Contact Us: If you have questions or comments about your privacy rights, you may email us at contact@acne-track.com.
11. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and applications include a Do-Not-Track ("DNT") feature or setting that you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected.
At this time, no uniform standard for recognizing and implementing DNT signals has been adopted. As a result, we do not currently respond to DNT browser signals or other mechanisms that automatically communicate your choice not to be tracked. If such a standard is adopted in the future, we will update this privacy policy accordingly.
12. Do United States Residents Have Specific Privacy Rights?
In short: If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you are granted specific rights regarding access to your personal information.
We comply with the California Consumer Privacy Act (CCPA) and other applicable laws that grant specific privacy rights to residents of the United States. You can learn more about your rights and how to exercise them by contacting us:
Contact Us: If you have any privacy-related questions or wish to exercise your rights, you may email us at contact@acne-track.com.
13. Do Other Regions Have Specific Privacy Rights?
In short: You may have additional rights based on the country you reside in.
If you are a resident of other regions, including Australia, New Zealand, or the Republic of South Africa, we will collect and process your personal information in line with the specific legal requirements of your country. You may have the right to:
- Request access to your personal information.
- Request correction of inaccurate or outdated data.
- Request deletion of your personal information.
If you believe your data has been processed unlawfully, you can file a complaint with the appropriate data protection authority in your country.
Need Assistance? If you have any questions about your rights under your country's data protection laws, please contact us at contact@acne-track.com.
14. Do We Make Updates to This Notice?
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy policy from time to time. The updated version will be indicated by an updated "Revised" date, and the updated version will be effective as soon as it is accessible.
If we make material changes to this privacy policy, we may notify you by prominently posting a notice of such changes on our website or application, or by directly sending you a notification.
Stay Informed: We encourage you to review this privacy policy frequently to stay informed about how we are protecting your information.
15. How to Contact Us
If you have any questions or comments about this notice, you may contact us at:
- Email: contact@acne-track.com
- Address: 210 impasse des Brasse, 74100 Vétraz-Monthoux, France