Privacy Policy
Last Updated: February 28, 2026
Introduction
Welcome to Aureya ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
By using Aureya, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Personal Information You Provide
Account Information:
- Email address
- Name (optional)
- Date of birth (for age verification)
- Password (encrypted)
Profile Information:
- Skin type
- Skin concerns
- Age group
- Gender (optional)
- Ethnicity/skin tone (optional)
- Chronic skin conditions
- Allergies
- Budget preferences
- Current skincare products
Photos:
- Selfies you take for facial skin analysis
- Body area photos (neck, hands, arms, legs, feet) for skin analysis
- Photos uploaded from your device
- Progress tracking photos
Food Logs:
- Meal descriptions
- Food photos (optional)
- Dietary information
User Content:
- Notes and comments you add
- Product reviews
- Feedback you submit
1.2 Information Collected Automatically
Device Information:
- Device model and manufacturer
- Operating system version
- Unique device identifiers
- Mobile network information
Usage Data:
- Features you use
- Time spent in the app
- Buttons and screens you interact with
- Crash reports and diagnostics
Camera Data:
- Image metadata (resolution, timestamp)
- Camera permissions status
1.3 Information from Third Parties
Firebase Services:
- Authentication data
- Analytics data
- Cloud storage metadata
Payment Processors (if applicable):
- Transaction records
- Payment method type (not full card details)
2. How We Use Your Information
2.1 Core Functionality
- Analyze your selfies and body area photos to assess skin conditions
- Generate personalized skincare routine recommendations
- Match products to your specific needs
- Track your skin health progress over time
- Provide food logging and dietary insights
2.2 App Improvement
- Improve our AI algorithms and accuracy
- Fix bugs and technical issues
- Understand how users interact with features
- Develop new features based on usage patterns
2.3 Communication
- Send you routine updates and reminders
- Respond to your support requests
- Notify you of important changes to the app
- Send promotional content (with your consent)
2.4 Security & Compliance
- Prevent fraud and abuse
- Enforce our Terms of Service
- Comply with legal obligations
- Protect user safety
3. How Your Photos Are Processed
3.1 Photo Storage
- All photos are encrypted in transit (HTTPS/TLS)
- Photos are stored in Firebase Cloud Storage with encryption at rest
- Each photo is linked only to your user ID
- Photos are accessible only by you and our secure backend systems
3.2 Photo Analysis
- Face selfies are analyzed using Google Cloud Vision API (for facial landmark detection) followed by Google Gemini AI (for skin condition interpretation)
- Body area photos (neck, hands, arms, legs, feet) are analyzed by Google Gemini AI only; no facial detection or biometric processing is performed on body area photos
- Analysis happens server-side for accuracy and speed
- Only skin-related features are extracted from the specific area photographed
- We do NOT use your photos for facial recognition
- We do NOT share your photos with third parties for marketing
3.3 Photo Retention
- Photos are kept until you delete them or your account
- You can delete individual photos anytime
- When you delete your account, all photos are permanently deleted within 30 days
3.4 Your Photo Rights
- You own your photos
- You can download all your photos anytime
- You can request deletion of specific photos
- We will never sell or license your photos
3A. Face Data Processing (Face Selfies Only)
This section applies specifically to face selfies. For body area photos, see Section 3B below.
3A.1 What Face Data We Collect
When you submit a selfie for skin analysis, our system uses Google Cloud Vision API to detect:
- Facial landmarks (up to 33 anatomical points such as eyes, nose, mouth, cheeks, jawline, forehead)
- Face bounding box and orientation
- Skin region mapping (forehead, nose, cheeks, chin areas)
This face landmark data is used solely to identify skin zones for analysis (e.g., T-zone, cheek area, forehead). We do NOT collect biometric identifiers, do NOT build a facial recognition profile, and do NOT use this data to identify you.
3A.2 How Face Data Is Used
Face landmark data is used exclusively to:
- Map skin zones for condition analysis (e.g., oiliness, redness, dryness in specific facial regions)
- Improve the accuracy of personalized skincare recommendations
- Analyze progress photos over time (comparing the same facial regions)
3A.3 Face Data Sharing and Storage
- Face landmark data is processed in real-time by Google Cloud Vision API (a Google LLC service)
- Extracted landmark coordinates are temporarily used during analysis and are NOT stored as a separate facial profile
- Your raw selfie photos are stored in Firebase Cloud Storage (encrypted at rest)
- Google processes this data under their Privacy Policy: https://policies.google.com/privacy
- Google does not use your face data to identify you or build advertising profiles
3A.4 Face Data Retention
- Raw selfie photos: Retained until you delete them or close your account (deleted within 30 days)
- Facial landmark extraction results: Used transiently during analysis, not stored long-term as raw landmark data
- Derived skin analysis results (e.g., "oily T-zone", "redness on cheeks"): Stored as part of your skin profile until account deletion
3A.5 Your Rights Regarding Face Data
- You can delete any or all selfie photos from within the app at any time
- You can request deletion of your entire skin profile by deleting your account
- You can opt out of AI-powered skin analysis by not submitting selfies (basic features remain available)
- To request deletion of specific face data records, email: contact@aureya.io
3A.6 No Facial Recognition
This app does NOT perform facial recognition, does NOT create a biometric identifier from your face, and does NOT use your face data for any purpose other than skin condition analysis. We do not use face data to identify you across sessions beyond linking it to your user account.
3B. Body Area Photo Processing
This section applies to photos of non-face body areas: neck, hands, arms, legs, and feet.
3B.1 What Body Area Data We Collect
When you photograph a body area for skin analysis, we collect:
- The photo of the selected body area
- The body area label you selected (e.g., "Neck," "Hands," "Arms," "Legs," "Feet")
- AI-derived skin metrics: Dryness, Hydration, Redness, Texture, and Irritation scores
3B.2 How Body Area Photos Are Processed
- Body area photos are analyzed by Google Gemini AI only
- NO facial detection, facial landmarks, or biometric processing is performed on body area photos
- The AI evaluates visible skin characteristics relevant to the selected body area
- Analysis is tailored for conditions common to each body area (e.g., eczema on hands, dryness on legs)
3B.3 No Biometric Data
Body area photos do NOT involve:
- Facial recognition or facial landmark detection
- Biometric identifiers of any kind
- Any data that could be used to identify you from the photo alone
3B.4 Body Area Data Storage and Retention
- Body area photos are stored in Firebase Cloud Storage with encryption at rest, the same as face selfies
- Photos are retained until you delete them or close your account (deleted within 30 days of account closure)
- AI-derived skin analysis results (e.g., "moderate dryness on hands") are stored as part of your skin profile until account deletion
3B.5 Your Rights Regarding Body Area Data
- You can delete any body area photo from within the app at any time
- You can request deletion of your entire skin profile by deleting your account
- You can opt out of body area analysis by not submitting body area photos
- To request deletion of specific body area data, email: contact@aureya.io
4. How We Share Your Information
We do NOT sell your personal information. We share information only in these limited circumstances:
4.1 Service Providers
We use trusted third-party services:
Firebase (Google):
- Authentication
- Cloud storage for photos and data
- Analytics
- Crash reporting
Google Cloud Vision API (Google LLC):
- Receives: Your face selfie photos and food log photos (NOT body area photos)
- Purpose: Face landmark detection for facial skin zone mapping; food label detection for dietary analysis
- Data sent: Raw image data (JPEG/PNG)
- Google's privacy policy: https://policies.google.com/privacy
Google Gemini AI (Google LLC):
- Receives: Image data (face selfies and body area photos) and your skin profile (skin type, concerns, conditions, age group, selected body area)
- Purpose: AI-powered skin condition analysis for face and body areas, personalized routine generation, ingredient analysis
- Data sent: Image data + text description of your skin profile + body area label
- Google's privacy policy: https://policies.google.com/privacy
By using features that require AI analysis (skin analysis, food logging, ingredient scanning), you consent to your data being sent to these Google services. You may opt out by not using those features.
Payment Processors (if applicable):
- Stripe or Google/Apple for in-app purchases
All service providers are contractually bound to protect your data and provide equivalent privacy protections.
4.2 Legal Requirements
We may disclose your information if required by law:
- In response to a subpoena or court order
- To comply with legal processes
- To protect our rights or safety
- To investigate fraud or abuse
4.3 Business Transfers
If Aureya is acquired or merged with another company, your information may be transferred. You will be notified of any such change.
4.4 With Your Consent
We may share information with your explicit permission, such as:
- Sharing progress photos with your dermatologist (if you choose)
- Posting anonymous before/after results (with your consent)
5. Data Security
5.1 Technical Safeguards
- End-to-end encryption for photos
- Secure HTTPS connections
- Firebase security rules to protect your data
- Regular security audits
- Automatic security updates
5.2 Access Controls
- Your data is accessible only to you (via authentication)
- Our team has limited access for support purposes only
- All access is logged and monitored
- Multi-factor authentication for team accounts
5.3 Data Breach Response
In the unlikely event of a data breach:
- We will notify you within 72 hours
- We will inform relevant authorities as required
- We will take immediate action to secure systems
- We will provide guidance on protective measures
6. Your Privacy Rights
6.1 Access & Portability (GDPR/CCPA)
- Request a copy of all your data
- Download your data in machine-readable format
- Receive your data within 30 days
6.2 Correction
- Update your profile information anytime
- Correct inaccurate data
6.3 Deletion ("Right to be Forgotten")
- Delete your account and all associated data
- Request deletion of specific photos or entries
- Data deleted within 30 days
6.4 Opt-Out
- Unsubscribe from marketing emails
- Disable analytics (Settings → Privacy)
- Revoke camera/photo permissions
- Stop data collection (by deleting your account)
6.5 Object to Processing
- Object to automated decision-making
- Request human review of AI analysis
6.6 Restrict Processing
- Temporarily suspend use of your data
- Limit how we process your information
To exercise these rights:
Email: contact@aureya.io
Subject: "Privacy Rights Request"
Include: Your name, email, and specific request
7. Children's Privacy
Aureya is NOT intended for children under 13 (or 16 in the EU).
- We do not knowingly collect data from children
- If we learn a child has provided information, we delete it immediately
- Parents can contact us at contact@aureya.io to request deletion
8. International Data Transfers
Your data may be processed outside your country of residence:
- We use Firebase, which has servers worldwide
- Data is protected by Google's security standards
- EU users: Data transfers comply with GDPR (Standard Contractual Clauses)
- We ensure adequate protection regardless of location
9. Data Retention
| Data Type | Retention Period |
|---|
| Account info | Until account deletion |
| Photos (face and body area) | Until you delete them or account deletion |
| Skin analyses (face and body area) | Until account deletion |
| Food logs | Until account deletion |
| Usage analytics | 26 months (anonymized) |
| Crash reports | 90 days |
| Support tickets | 3 years |
After account deletion:
- All personal data deleted within 30 days
- Some anonymized analytics may be retained
- Legal records kept as required by law
10. Cookies & Tracking
Mobile App:
- We do NOT use cookies in the app
- We use Firebase Analytics for app usage
- You can disable analytics in Settings → Privacy
Website:
- We use essential cookies for functionality
- Analytics cookies (Google Analytics)
- You can disable cookies in browser settings
11. Third-Party Links
The app may contain links to third-party websites or services:
- We are not responsible for their privacy practices
- Review their privacy policies before providing information
- Affiliate links to product retailers are clearly marked
12. California Privacy Rights (CCPA)
12.1 Right to Know
Request details about:
- Categories of personal information collected
- Purposes for collecting information
- Categories of third parties we share with
- Specific pieces of information we have about you
12.2 Right to Delete
Request deletion of your personal information (with exceptions for legal obligations).
12.3 Right to Opt-Out of Sale
We do NOT sell personal information. However, you can opt-out of data sharing for advertising purposes.
12.4 Non-Discrimination
We will not discriminate against you for exercising your rights.
To exercise CCPA rights:
Email: contact@aureya.io
Subject: "CCPA Request"
We will respond within 45 days.
13. European Privacy Rights (GDPR)
If you are in the EU/EEA, you have these rights under GDPR:
- Right of Access: Get a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Transfer data to another service
- Right to Object: Stop processing your data
- Right to Withdraw Consent: Revoke permissions anytime
Legal basis for processing:
- Consent (for optional features)
- Contract performance (for app functionality)
- Legitimate interests (for analytics and improvements)
- Legal obligations (for compliance)
Data Protection Officer: contact@aureya.io
Supervisory Authority: You can file a complaint with your local data protection authority.
14. Changes to This Policy
We may update this Privacy Policy from time to time:
- Changes will be posted in the app with "Last Updated" date
- Significant changes will trigger an in-app notification
- Continued use after changes means you accept the new policy
- We will notify you 30 days before material changes (via email)
Version History:
- v1.0 — November 13, 2025 — Initial release
- v2.0 — February 13, 2026 — Added face data processing section (3A), expanded AI data sharing disclosures (4.1)
- v3.0 — February 28, 2026 — Added body area photo processing section (3B), updated photo analysis and data retention for body area support
15. Medical Disclaimer & Terms of Use
IMPORTANT: PLEASE READ CAREFULLY
Aureya is a wellness and skincare information application. It is NOT a medical device, does NOT provide medical advice, diagnosis, or treatment, and is NOT a substitute for professional medical care.
15.1 Educational Information Only
The app provides general skincare recommendations and educational information for informational purposes only. All content, including AI-generated analysis, product recommendations, and routine suggestions, is:
- For educational and informational purposes only
- NOT personalized medical treatment
- NOT a diagnosis of any medical condition
- NOT a substitute for professional medical advice
- NOT intended to treat, cure, or prevent any disease or medical condition
15.2 No Medical Advice
Aureya does NOT:
- Diagnose skin conditions or medical problems
- Provide medical advice or treatment recommendations
- Prescribe medications or treatments
- Replace the judgment of licensed healthcare professionals
- Guarantee any specific results or outcomes
15.3 AI Analysis Limitations
Our AI-powered skin analysis:
- Uses general pattern recognition and is not a medical diagnostic tool
- Provides suggestions based on common skincare knowledge
- May not be accurate for all individuals or skin types
- Should not be used to make medical decisions
- Results are NOT a medical diagnosis
15.4 Professional Medical Care Required
You MUST:
- Consult a licensed dermatologist or healthcare provider for any skin concerns
- Seek immediate medical attention for serious skin conditions, infections, or allergic reactions
- Not delay seeking professional medical advice because of information from this app
- Not use this app to diagnose or treat medical conditions
- Verify any product recommendations with your healthcare provider, especially if you have allergies or medical conditions
15.5 Product Recommendations
Product recommendations are:
- Suggestions based on general skincare principles
- NOT personalized medical prescriptions
- NOT guaranteed to work for your specific situation
- Subject to individual variation and results
- Should be reviewed with a dermatologist before use, especially if you have sensitive skin or medical conditions
15.6 No Warranties or Guarantees
We make NO warranties or guarantees regarding:
- The accuracy of AI analysis or recommendations
- The effectiveness of suggested products or routines
- Any specific results or outcomes from using the app
- The suitability of recommendations for your individual needs
15.7 Limitation of Liability
To the maximum extent permitted by law:
- We are NOT responsible for any adverse effects, allergic reactions, or negative outcomes from using recommended products or routines
- We are NOT liable for any decisions made based on information from this app
- We are NOT responsible for any medical costs or expenses resulting from app use
- You use the app at your own risk
15.8 Individual Results Vary
Skincare results vary significantly between individuals due to:
- Genetics and skin type
- Environmental factors
- Lifestyle and diet
- Medical conditions and medications
- Other individual factors
What works for one person may not work for another.
15.9 Emergency Situations
If you experience:
- Severe allergic reactions
- Skin infections or open wounds
- Sudden changes in skin appearance
- Pain, swelling, or other concerning symptoms
STOP using any recommended products immediately and seek emergency medical care.
15.10 Acceptance of Terms
By using Aureya, you acknowledge and agree that:
- You understand this app provides recommendations only, not medical advice
- You will consult licensed healthcare professionals for medical concerns
- You will not use this app to diagnose or treat medical conditions
- You accept all risks associated with using the app
- You will not hold Aureya liable for any outcomes from using the app
16. Contact Us
If you have questions or concerns about this Privacy Policy:
- Email: contact@aureya.io
- Support: support@aureya.io
- Website: aureyaskin.io
- Company: MoLabs LLC
Response Time: We aim to respond within 48 hours.
17. Consent
By using Aureya, you consent to:
- This Privacy Policy
- Our collection and use of information as described
- Processing of your face selfies and body area photos for skin analysis
- Data transfers to service providers
You can withdraw consent anytime by deleting your account.
Thank you for trusting Aureya with your skincare journey!
Copyright 2024–2026 MoLabs LLC. All rights reserved.