Privacy Policy — SkinAI Last updated: June 30, 2026 This Privacy Policy explains how SkinAI ("we", "us", the "App") handles information when you use the App. By using SkinAI you agree to this policy. 1. Photos and AI report processing SkinAI's basic scan experience is processed on your iPhone. Your scan photo and cosmetic scan results are saved locally on your device unless you choose to use features that require cloud processing. If you choose to generate an AI Deep Report or otherwise consent to cloud AI processing, SkinAI uploads a resized, compressed version of your scan photo to our backend service so the report can be generated. Our backend is hosted by Cloudflare and may process or route data through servers located in the United States and other countries. The backend may forward the photo to our AI service provider, such as Qwen/DashScope, including United States regional endpoints where configured. We use the uploaded photo only to generate your cosmetic skin report. We do not use it to identify you, build a face recognition profile, or sell it. We do not intentionally store uploaded scan photos after the report is returned, though our service providers may temporarily process request data according to their own security, logging, and retention practices. 2. Information we (and our partners) collect We do not require an account and we do not collect your name. The following limited data may be collected through the App or third-party services: Scan photo for AI Deep Report — only when you choose or consent to cloud AI processing. Usage & event data (e.g., screens viewed, scan completed, paywall viewed) — to understand and improve the App. Device identifiers, including the Advertising Identifier (IDFA) when you allow tracking — used for advertising attribution (to measure which ad brought you to the App) via our measurement partner. Purchase information (subscription status, transaction identifiers) — to provide and manage your subscription. General device/technical data (device model, OS version, country, language). 3. Service providers We use the following processors, each under its own privacy terms: Tenjin — mobile measurement / advertising attribution. RevenueCat — subscription management. Apple — app distribution and in-app purchases. Cloudflare — backend hosting, security, and request routing. Qwen/DashScope — AI report generation when cloud AI processing is enabled. 4. International data transfers If you use cloud AI features, your scan photo and related technical request data may be transferred to, processed in, or routed through the United States and other countries where we or our service providers operate. Data protection laws in those countries may differ from the laws where you live. 5. App Tracking Transparency On iOS we ask for your permission before using the IDFA for tracking. If you decline, we do not use the IDFA; attribution then relies on Apple's privacy-preserving SKAdNetwork. You can change this anytime in iOS Settings → Privacy & Security → Tracking. 6. Children SkinAI is not directed to children under 13 (or the minimum age in your country). We do not knowingly collect data from children. 7. Your rights Depending on your region (e.g., EEA/UK under GDPR, California under CCPA), you may have rights to access, correct, or delete your data, and to opt out of certain processing. To exercise these rights, contact us below. 8. Data retention Locally saved scan photos and results remain on your device unless you delete the App or remove them through available device/app controls. Cloud AI requests are processed to return your report; we do not intentionally store uploaded scan photos after the report is returned. Usage, technical, attribution, and purchase data is retained only as long as needed for the purposes above or as required by law. 9. Changes We may update this policy. Material changes will be reflected by the "Last updated" date above. 10. Contact Questions? Email us at wanyier652@gmail.com.