Privacy Policy — Lumière Skin

Who We Are

Lumière Skin is an AI-powered skincare analysis application that helps you understand your skin, build personalised routines, and track your progress over time. We use advanced artificial intelligence to analyse your skin and provide tailored recommendations.

This Privacy Policy explains how Lumière Skin ("Lumière", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our mobile application and related services (collectively, the "Service").

By using Lumière, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Age Requirement

You must be at least 13 years old to use this app. If you are located in the European Union or European Economic Area (EU/EEA), you must be at least 16 years old.

We do not knowingly collect personal data from children under these ages. If we become aware that we have inadvertently collected personal data from a child under the applicable minimum age, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at privacy@lumiere-skin.us and we will promptly remove the data.

Information We Collect

Account Data

When you create an account, we collect your email address, display name, and authentication method (email/password, Google Sign-In, or Sign in with Apple). This information is required to create and manage your account.

Skin Profile Data

We collect information you provide through our skin quiz and profile setup, including your skin type, skin concerns, age range, gender, ethnicity, lifestyle factors (sleep, diet, stress levels, sun exposure), and skincare preferences. This data is used to personalise your AI analysis and product recommendations.

Face Data & Photographs

When you use our AI Skin Analysis feature, we capture and store photographs of your face ("face scan photos"). You may also upload progress photos and journal photos.

What face data is collected:

A photograph of your face (JPEG/PNG image file)
AI-derived skin assessments: skin type classification, Fitzpatrick phototype (I–VI), skin tone/undertone, texture analysis, pore visibility, hydration score, clarity score, firmness score, glow score, and identified skin conditions (e.g., acne, hyperpigmentation, dryness, rosacea indicators)
Skin health scores (0–100) across five dimensions: hydration, clarity, glow, texture, and firmness

How face data is used:

Your face photo is sent to Google Gemini AI (via Google's Generative Language API) for skin analysis. The AI returns a structured skin assessment. No other third party receives your photo.
The AI-generated assessment is stored in our database to provide you with personalised skincare routines, product recommendations, progress tracking, and skin trend analysis over time.
Your photo is NOT used for facial recognition, identity verification, or biometric identification. We do not create or store facial geometry templates, face prints, or biometric identifiers.

Where face data is stored:

Photos: Encrypted at rest (AES-256) on Amazon Web Services (AWS) S3 in the US-East-1 region, with server-side encryption and strict access controls.
Analysis results: Stored in our MySQL database hosted on Railway (US region), encrypted in transit (TLS 1.3).

How long face data is retained:

Face scan photos: Retained for a maximum of 24 months from upload, then automatically deleted. You can delete any photo at any time via the app's Privacy Controls.
Analysis results: Retained for the duration of your account. Deleted within 30 days of account deletion.

Third-party sharing:

Your face photo is transmitted to Google's Gemini AI API (operated by Google LLC) solely for the purpose of generating your skin analysis. Google processes the image under their Generative AI Terms of Service, which prohibit using API-submitted data to train their general models.
No other third party receives, accesses, or processes your face photos or face-derived data.
We do NOT share face data with advertisers, data brokers, analytics providers, or any other entity.

Health-Related Data

We store the results of your AI skin analysis, including skin health scores, hydration levels, texture assessments, pore visibility scores, hyperpigmentation analysis, and other AI-generated skin assessments. This data is derived from your photos and skin profile.

Location Data (Optional)

With your permission, we collect city-level location data to provide weather-based skincare recommendations (e.g., adjusting your routine for humidity or UV index). You can disable location access at any time through your device settings.

Device Information

We automatically collect technical information including your browser type, operating system, screen size, device model, and app version. This helps us optimise the app for your device.

Payment Data

The free tier of Lumière Skin requires no payment information. If you upgrade to Lumière Pro, payment processing is handled by Lemon Squeezy (Lemon Squeezy, Inc.), our merchant of record on web and Android.

What we receive from Lemon Squeezy:

Your Lemon Squeezy customer ID
The plan you selected (monthly / annual) and its expiry date
Subscription status (trialing, active, past_due, cancelled)
The country your card was billed from (for tax compliance)

What we never see or store:

Your full card number, CVC, or expiry
Your billing address
Your Lemon Squeezy account password

Lemon Squeezy is PCI-DSS compliant and stores card details on tokenised, encrypted infrastructure. Their privacy policy lives at lemonsqueezy.com/privacy . You can manage your card, view receipts, update billing details, and cancel anytime through the Lemon Squeezy customer portal — a link is included with every receipt.

If you are an iOS user and Apple In-App Purchase becomes the billing path on iOS in a future update, payment information for those purchases will be handled by Apple under their privacy terms; we would only receive the receipt validation result (active / not active) from Apple, not your card or Apple ID.

How We Use Your Data

AI Skin Analysis — Your face photos are processed by our AI system to generate personalised skin assessments, identify concerns, and calculate skin health scores.
Personalised Routines & Recommendations — Your skin profile, quiz responses, and analysis history are used to build customised skincare routines and recommend products suited to your skin type and concerns.
Progress Tracking — We store your historical skin data and photos so you can track changes and improvements in your skin over time.
Push Notifications — With your permission, we send weather-based skincare alerts (e.g., high UV warnings), routine reminders, and product recommendations. You can manage notification preferences at any time.
Product Recommendations — We recommend skincare products based on your skin profile. Some product recommendations may include affiliate links (see our Affiliate Disclosure).
Service Improvement — Aggregated and anonymised data helps us improve our AI models, refine recommendation algorithms, and develop new features.
Customer Support — Your account and usage data helps our support team assist you with any issues.

We do not sell your personal data to third parties. We do not use your photos for advertising purposes.

AI Processing Disclosure

What is sent to Google Gemini AI: When you initiate a skin scan, the following data is transmitted securely (TLS 1.3) to Google's Generative Language API (Gemini 2.5 Flash model):

Your face photograph (the image file only)
A structured analysis prompt (no personal identifiers such as name, email, or account ID are included)
Your skin profile context (skin type, concerns, age range) to improve analysis accuracy — no personally identifiable information is sent

What Google returns: A structured JSON response containing skin scores, detected conditions, skin type classification, and personalised recommendations. Google does not retain your image after processing under their Generative AI API Terms.

AI chat messages are also processed by Google Gemini. When you use the AI Chat feature, your text messages (along with your skin profile context and recent scan history) are sent to Google Gemini for response generation. No photos are sent during chat — only text.

No other AI provider (such as OpenAI, Anthropic, or Meta) receives any of your data. Google Gemini is our sole AI processing partner.

AI results are not medical diagnoses. The skin assessments, scores, and recommendations generated by our AI are for informational and educational purposes only. They do not constitute medical advice, diagnosis, or treatment. Always consult a qualified dermatologist or healthcare provider for medical skin concerns.

Photos are stored encrypted and can be deleted at any time. All face scan photos are encrypted at rest using AES-256 encryption on AWS S3. You can delete any individual photo or all photos at any time through the app's Privacy Controls page or by contacting us at privacy@lumiere-skin.us.

Third-Party Services

We use the following third-party services to operate Lumière. Each provider is bound by data processing agreements that require them to protect your data:

Google Gemini AI — Powers our skin analysis engine. Skin scan images are transmitted to Google's API for processing. Images are not used by Google to train their general models.
Firebase Authentication (Google) — Provides secure account creation, login, and authentication services.
Amazon Web Services (AWS) S3 — Provides encrypted cloud storage for your photos and data.
Open-Meteo — Provides weather and UV index data for location-based skincare recommendations. No personal data is shared with Open-Meteo.

Data Retention

Account Data — Retained for the duration of your account. Deleted within 30 days of account deletion request.
Face Scan Photos — Retained for a maximum of 24 months from the date of upload, then automatically deleted. You can manually delete photos at any time.
Chat History — AI chat conversations are retained for 12 months, then automatically deleted.
Journal Entries — Retained for the duration of your account.
Subscription Records — Lemon Squeezy customer ID and subscription status are retained while your subscription is active and for 7 years after cancellation for tax / accounting compliance. Your card details are held by Lemon Squeezy, not us.
Aggregated Analytics — Anonymised and aggregated data that cannot identify you may be retained indefinitely for service improvement.

When you delete your account, we will delete or anonymise all your personal data within 30 days, except where retention is required by law.

Your Rights

All Users

Access — View your personal data through the Privacy Controls page in the app.
Export — Download a copy of all your data in JSON format.
Deletion — Delete your account and all associated data at any time.
Opt Out — Opt out of marketing notifications.
Restrict AI Processing — Stop AI analysis while retaining your account.

EU/EEA Residents (GDPR)

In addition to the above, you have the right to:

Portability — Receive your data in a machine-readable format.
Rectification — Correct inaccurate personal data.
Erasure — Request deletion ("right to be forgotten").
Restriction — Restrict processing in certain circumstances.
Objection — Object to processing for specific purposes.
Lodge a Complaint — File a complaint with your local data protection authority.

California Residents (CCPA)

Know — Request details about the personal information we have collected.
Delete — Request deletion of personal information.
Opt-Out — Opt out of the "sale" of personal information. We do not sell your personal information.
Non-Discrimination — You will not receive discriminatory treatment for exercising your CCPA rights.

To exercise any of these rights, visit the Privacy Controls page in the app or contact us at privacy@lumiere-skin.us.

Data Security

All data is encrypted in transit using TLS 1.3.
All stored data, including photos, is encrypted at rest using AES-256.
Skin scan photographs are stored in isolated, encrypted AWS S3 buckets.
Access to personal data is restricted to authorised personnel on a need-to-know basis.
We maintain detailed access logs and active monitoring.
Authentication tokens and sessions are managed securely through Firebase.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

International Data Transfers

Lumière is operated from the United States. Your data may be processed and stored in the United States and other countries where our service providers operate.

If you are located in the EU/EEA, UK, or other regions with data protection laws, please be aware that your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with applicable law.

Cookies

Our website uses minimal first-party cookies for session management and basic analytics. The mobile app does not use tracking cookies. If you visit our affiliate partner websites (e.g., Amazon) through links in our app, those sites may set their own cookies subject to their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date at the top of this page.
We will notify you via the app through an in-app banner.
For significant changes, we will provide at least 30 days' notice.

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Lumière Skin
Privacy: privacy@lumiere-skin.us
Support: support@lumiere-skin.us