Privacy Policy | Peak Skin

1. Important Information and Who We Are

Purpose of This Privacy Policy

This privacy policy describes how Peak Skin Ltd (“Peak Skin AI”, “we”, “us”, or “our”) collects, uses, processes, and protects your personal data when you use the Peak Skin AI mobile app or visit our website. It also explains your privacy rights and how the law protects you.

Peak Skin AI provides tools for skincare analysis, routine recommendations, and educational content.

Our app is not intended for children, and we do not knowingly collect data relating to children under 16.

This policy supplements any other privacy notices you may receive from us and is not intended to override them.

Controller

Peak Skin Ltd is the data controller responsible for your personal data when you use the Peak Skin AI app or website.

Contact Details

Legal entity: Peak Skin Ltd
Email: privacy@peakskin.ai

You have the right to make a complaint to the UK Information Commissioner's Office (ICO). We ask that you contact us first so we can address your concerns.

Changes to the Privacy Policy

We keep our privacy policy under regular review. The latest version will always be available in the app and on our website.

It is important that any personal data we hold about you is accurate and up-to-date. Please notify us of any changes to your information.

Third-Party Links

Peak Skin AI may include links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

2. The Data We Collect About You

Personal data means any information that can identify you. Because Peak Skin AI performs AI-based skincare analysis, some images you choose to upload may be considered Special Category Data, as they can reveal information relating to your health or skin conditions. We only process this data with your explicit consent.

Types of Data We Collect

Identity Data

First name and last name
Username
Date of birth (optional)
Gender (optional)

Contact Data

Email address
Phone number (optional)

Account & Authentication Data

Login credentials
Authentication tokens

Image & Skin Analysis Data (processed only with explicit consent)

Photos you upload to receive skin analysis
AI-generated feature extraction (e.g., acne severity, redness, pigmentation)
Skincare recommendations generated from analysis

Technical Data

IP address
Device model, OS version
App usage information
Mobile device identifiers
Crash logs & diagnostics

Usage Data

How you use the app
Interactions with features
Session duration
Product recommendation interactions

Marketing & Communications Data

Marketing preferences
Notification preferences

Financial Data (when applicable)

For subscription purchases through the App Store or Google Play. We never store full payment card details; these are handled by Apple/Google.

Aggregated Data

We also collect anonymised and aggregated statistical data for product improvement. This data does not identify you.

Special Category (Sensitive) Personal Data

Peak Skin AI may process health-related data when you submit images for analysis. This includes skin condition-related data extracted from images and information you choose to provide about your symptoms or concerns. We only process this data when you explicitly consent by uploading an image or entering health-related information.

If you decline to provide such data, certain features of the app (e.g., AI skin analysis) will not be available.

Face Data Handling

What is Face Data? Face Data refers to the images that you provide, which are essential for conducting our skin, makeup and bare-face analysis services.

Why do we store Face Data? We retain Face Data to enable access to your historical scan results, enhancing your experience by allowing you to track changes and compare past analyses.

How long do we store this data and why? Face Data is stored for one year to allow you sufficient time to review and compare your scan results over an extended period. Unless a longer retention period is mandated by law, data older than one year is deleted.

Which third parties have access to Face Data? OpenAI is the sole third party with access to your Face Data.

How long do third parties store the data and why?OpenAI may securely retain API inputs and outputs for up to 30 days to provide their services effectively and to monitor for any misuse of the data. Post this period, all inputs and outputs are removed from OpenAI's systems, except in cases where retention is required by law.

3. How Your Personal Data Is Collected

We collect your data through:

Direct Interactions — when you create an account, upload a photo for skin analysis, contact support, complete forms, or participate in surveys.
Automated Technologies — when you use the app we automatically collect device data, usage data, performance analytics, and cookies (on the website only).
Third-Party Sources — analytics providers (e.g., Google Analytics, Mixpanel), app stores, authentication providers (Apple, Google), and cloud hosting and machine-learning providers processing your data on our behalf.

4. How We Use Your Personal Data

We will only use your data when allowed by law. Key purposes include:

Registering your account — Identity and contact data, for performance of contract.
Providing AI skin analysis — Photos, skin analysis data, and technical data, with explicit consent.
Improving and personalising recommendations — Usage, analysis, and technical data, for legitimate interests.
Payment processing — Financial data, for performance of contract.
App functionality, security, troubleshooting — Technical and usage data, for legitimate interests.
Marketing (if opted-in) — Contact and usage data, with consent.
Research, analytics, algorithm improvement — Aggregated, anonymised data, for legitimate interests.

We never use Sensitive Personal Data (photos, health-related information) for marketing or advertising.

5. Disclosures of Your Personal Data

We may share your data with:

Internal Parties — Peak Skin Ltd staff who need access to operate the service.
External Parties (acting as processors) — Cloud hosting providers (e.g., AWS, GCP), AI model providers, customer support tools, analytics tools, payment processors (Apple/Google).

We do not sell your data.

Business Transfers: If Peak Skin AI is acquired, merged, or sold, your data may be transferred to the new owners under the same privacy conditions.

6. International Transfers

Some service providers may be outside the UK. We ensure adequate protection by using UK adequacy regulations, Standard Contractual Clauses (SCCs), and appropriate security safeguards.

7. Data Security

We use industry-standard security including encryption in transit and at rest, access controls, secure cloud infrastructure, regular audits, and monitoring for unauthorized access.

If a data breach occurs, we will notify you and relevant authorities when legally required.

8. Data Retention

We retain personal data only as long as needed:

Account data: retained while your account is active
Image data used for AI analysis: deleted automatically after analysis unless you choose to save it
Health-related inference data: stored only with explicit consent
Marketing data: retained for 12 months after last activity
Aggregated data: may be stored indefinitely

You may request deletion at any time.

9. Your Legal Rights

You have the right to:

Request access
Request correction
Request erasure
Withdraw consent (including image/health data)
Object to processing
Request restriction
Data portability
Not be subject to automated decision-making without meaningful explanation

To exercise any rights, email: privacy@peakskin.ai

10. Glossary

Legitimate Interest: Our interest in running the business to provide and improve Peak Skin AI responsibly.
Performance of Contract: Processing necessary to deliver the services you request.
Explicit Consent: Your clear permission to process sensitive data (e.g., photos).

11. Requesting Removal of Your Data

You may request full deletion of your account and data at any time by contacting: support@peakskin.ai