Last modified: September 2023
I. INTRODUCTION. REGIONAL PATTERNS (CALIFORNIA)
When we refer to personal data (or personal information) we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data.
It is a natural person who can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social status.
For the purposes of the GDPR, we are the data controller, unless otherwise stated.
IF YOU ARE A CALIFORNIA RESIDENT PLEASE READ THE FOLLOWING IMPORTANT NOTICE
Under the California Consumer Privacy Act of 2018 (CCPA) California residents shall have the right to request:
- the categories of personal information that is processed;
- the categories of sources from which personal information is obtained;
- the purpose for processing of user personal data;
- the list and categories of third parties with whom we may share your personal information;
- the specific pieces of personal information that we might have obtained about a particular user provided that the data provided in the request is reliable enough and allows to identify the user.
All about the categories of information, its sources and purposes of processing >>
Please mind that according to CCPA personal information does not include de-identified or aggregated consumer information.
How your information can be shared >>
Please note that all third parties that are engaged in processing user data are service providers that use such information on the basis of agreement and pursuant to business purpose.
If you do not want us to process your personal information any more please contact us through the contact form. In most cases there is no way to maintain the App’s further operating without functional data therefore you will be advised to remove the App from your device.
If you do not want us to share device identifiers and geolocation data with service providers please check your device settings to opt out as described below >>
To submit a verifiable consumer request for access, portability or deletion of personal data please contact us through the contact form. Please include in the text of your appeal the wording "Your rights to maintain confidentiality in the state of California”.
When submitting a verifiable request, you should be ready to:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: name, address, city, state, and zip code and email address. We may use this information to surface a series of security questions to you to verify your identity. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide written authorization confirming or a power of attorney, signed by you.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not be able to respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; or (ii) confirm that the personal information relates to you. We may ask you for additional information or documents to verify your identity. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. This is regarded as a safeguard measure to prevent disclosure of your personal information under a fake or scum request.
We ensure that personal information provided in a verifiable consumer request will be used only to verify the requestor’s identity or authority to make the request and not for any other purpose. We will keep it for the adequate term reasonably needed for the purpose described above and delete after the purpose is fulfilled.
We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Please note that we are only required to respond to two requests per customer each year.
Nothing in the way we deal with your request shall be interpreted as discrimination, which means that we will not set up different pricing or products, or different level or quality of services for you, if you choose to exercise your rights. However, in some circumstances, we may not be able to provide services if you choose to delete your personal information from our records.
SALE OF DATA
We do not sell any of your personal data to third parties.
II. INFORMATION WE PROCESS
There are several categories of information that can be processed.
We ask for and process the following information when you use the App. This information is necessary for the adequate performance of the contract between you and us. Without such information it is impossible to provide complete functionality of the App and perform the requested services.
- Activity Information directly related to your use of the App. After you set the relevant settings on your device we may have technical access to your camera or camera roll - to analyze the picture that you take or upload through the App. However, we cannot collect, store or use the data contained in your camera roll unless you upload such data to the App or otherwise share it.
Information associated with your account within the
If you register within the App by linking your account within the
App to your Apple ID, Google or Facebook account this will allow
you to use the full scope of its functions and save the data
related to your account within the App in case you change or lose
your device. In this case the following categories of data will be
processed: method of your registration in the App (Sign In with
Apple/Facebook/Google), your email address, name and photo (if you
choose to add them to your profile), scan history.
If you choose to delete your account within the App, all the saved information associated with your account will be erased without recovery and you will no longer have access to such information or opportunity to restore it.
- Contact Information (name, e-mail address, as well as any other content included in the email) which you may fill in by yourself when you contact us via email, support form. We collect, store and process it by our cloud storage provider (Amazon.com, Inc.). We use such information to respond effectively to your inquiry, fulfill your requests, send you communications that you request and perform the requested services.
Information That Is Processed Automatically
On the basis of your permission we use third-party automatic data processing technologies (advertising or analytics tools) to analyze certain information sent by your device via our App (Identity For Advertisers). Some integrated advertising or analytics tools (check Section IV to see the list of them) launch automated processing of your personal data, including profiling, which means any form of automated processing of personal data used to evaluate certain personal aspects relating to you, in particular to analyze or predict aspects concerning your personal preferences, interests, behavior, location or movements (see the list of data described below). Processing information through automatic data processing technologies starts automatically once you allow our App to track your activity. You can withdraw your permission at any time - please check opt-out options in Section VIII below.
We may process some information about your device and your user behavior on the ground of our legitimate interest. This information falls within categories of data described above in Subsection “Information That Is Processed Automatically”, it is generally non-personal, i.e. it does not, on its own, permit direct association with any specific individual, and we may access it only in aggregated form. We use this information for improving our App and giving our users the best experience.
Device Details. When you use a mobile device to access our App, some of the details about your device are reported, including “device identifiers”. Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device (but not your personality). Device identifier enables generalized reporting or personalized content and ads by the third parties.
What data can be processed:
- Information about the device itself: type of your device, type of operating system and its version, model and manufacturer, screen size, screen density, orientation, audio volume and battery, battery life, loading time, latency, framerate, device memory usage.
- Information about the Internet connection: mobile carrier, network provider, network type, IP address, timestamp and duration of sessions, speed, browser.
- Location-related information: IP address, the country code/ region/ state/ city associated with your SIM card or your device, language setting, time zone, neighboring commercial points of interest (eg. “coffee shop”).
- Other device identifiers: e.g. user identifiers (if they are set up by the App’s developer).
- Information about the applications. Name, API key (identifier for application), version, properties of our App can be reported for automated processing and analysis. Some services also record the list of applications and/or processes which are installed or run on your device.
- Log file information. Log file information is automatically reported each time you make a request to access the App. It can also be provided when the App is installed on your device. When you use our App, analytics tools automatically record certain log file information, including time and date when you start and stop using the App, and how you interact with the App.
- Ad-related information. The following data might be reported about the ads you can view: the date and time a particular ad is served; a record if that ad was “clicked” or if it was shown as a “conversion” event; what the ad offer is about; what type of ad it is (e.g., text, image, or video); which ad placement is involved (where the ad offer is displayed within the App); whether you respond to the ad.
- In-App events. When you use our App, analytics tools automatically record in-App information (tutorial steps, leveling up, payments, in-app purchases, custom events, progression events, method of limiting the processing of user data).
Information provided automatically to advertising or analytics tools does not generally come to our control, therefore we cannot be responsible for processing such information. Please mind that some services are engaged in personal data profiling and may obtain information related to your personality and/or your device by using technologies that do not belong to our scope of responsibility. In case when your user ID is linked to your Facebook account, Facebook may use your device information in association with categorized data that were already recorded in its databases (eg. your age, gender or other demographic indication). We do not control, supervise or stand surety for how the third parties process your personal data, that might be collected by their own means (not through our App). Any information request regarding the disclosure of your personal information should be directed to such third parties (see Section IV).
Our e-commerce providers are responsible for billing, processing and charging for in-app purchases, handle your personal information and keep it absolutely safe and secure. This information is processed as part of the performance of the contract between you and us. We cannot access or use your credit or debit card information.
You may access the applicable “in-app” purchase rules and policies directly from the app stores.
When you register within the App and provide your email information by choosing the option “Sign in with Apple” we may use such email information to send you communications (“newsletters”) regarding special subscription offers, new features and functionalities and other news related to the App on the grounds of our legitimate interest. To receive newsletters about the App, you may also leave information about your email address in the App Settings (if available) or we may request your email address in a separate popup window within the App (if available). Sending you newsletters will allow you to stay up to date and receive the latest news about our App, including about the best price offers. Note that when you provide your email information by using “Sign in with Apple” you may choose either to share your email or to keep your personal email address private and to hide it (“Hide my email” option, if available), in the latter case Apple will generate and provide us with a unique, random email address that automatically forwards to your personal inbox. You also hereby acknowledge and accept the treatment of some categories of your personal data (i. e. the information about your name if you provide it, date of registration within the App, subscription purchase date, geolocation data, activity information, etc.) for market analysis activities, particularly for the purpose of delivering you targeted newsletters that most align with your needs and interests. The information about your email address that we’ve received may be transferred to the email marketing tool for the purposes of optimization and automation of the email delivery process (please check Section IV to learn more about the tool’s privacy policies and practices). You may also unsubscribe, opt-out of receiving communications to your email address at any time by using the resignation link provided in each email you receive from us. Your unsubscribe request shall be honored within a reasonable period of time.
III. THE PURPOSES OF PROCESSING YOUR PERSONAL DATA
Our mission is to constantly improve our App and provide you with new experiences. As part of this mission, we use your information for the following purposes:
(a) To make our service available. We use functional information and information that is processed automatically to provide you with all requested services.
(b) To improve, test and monitor the effectiveness of our App. We use information that is processed automatically to better understand user behavior and trends, detect potential outages and technical issues, to operate, protect, improve, and optimize our App.
(c) To provide you with interest-based (behavioral) advertising or other targeted content. We may use information that is processed automatically for marketing purposes (to show ads that may be of interest to you based on your preferences). We provide personalized content and information to you, which can include online ads or other forms of marketing.
(d) To communicate with you. We use the contact information we have to communicate with you through newsletters, i.e. to send you marketing notifications, receive your feedback about our App experience, and let you know about our policies and terms. We also use your information to respond to you when you contact us.
IV. SHARING OF YOUR INFORMATION
Please note that while integrating external services we choose third parties that can assure they apply all necessary technical and organizational measures to protect user personal data. However, we cannot guarantee the security of any information transmitted from us to any such third party. We are not responsible for any accidental loss or unauthorized access to your personal data through a fault of third parties.
We will not rent or sell your personal data to any third parties, but we may share your information from tools like cookies, log files, and device identifiers and location data, with third-party organizations that provide automatic data processing technologies for the App. We do not control or influence these third parties’ tracking technologies or how they may be used.
We may also share certain information such as cookie data with third-party advertising partners. This information allows third-party ad networks, inter alia, to deliver targeted advertisements that they believe will be of most interest to you.
We may engage the following third-party service providers in order to provide us with necessary infrastructure for delivery and improvement of our services:
|Amazon.com, Inc.||Cloud storage provider||U.S.A.||
|Amplitude Inc.||Analytics service provider||U.S.A.||https://amplitude.com/privacy|
|AppsFlyer Inc.||Analytics service provider||U.S.A.||
|Firebase Crashlytics (Google LLC)||Analytics service provider||U.S.A.|
|Mailchimp (Intuit Inc., The Rocket Science Group LLC)||Email marketing tool||U.S.A.||https://www.intuit.com/privacy/statement/|
|OpenAI, L.L.C.||AI-generated content provider||U.S.A.||
To learn more information about applicable license terms with respect to User Content, visit https://openai.com/terms/
|StackSocial Inc.||Product discovery and native commerce platform||U.S.A.||https://www.stackcommerce.com/privacy/|
|Qonversion Inc.||In-App subscription implementation and analytics service provider||U.S.A.||https://qonversion.io/page/privacy|
In case you want to learn more about the services and privacy options (including opt-out) please consult the correspondent websites and privacy policies.
Our App may contain links to third-party websites/services or you may access the App from a third-party site. We are not responsible for the privacy practices of these third-party sites or services linked to or from our App, including the information or content contained within them.
We may disclose your personal information if it is needed for objective reasons, due to the public interest or in other unforeseen circumstances:
- as required by law;
- when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via prominent notice in our App of any change in ownership or your personal information usage, as well as any choices you may have regarding your personal information.
V. INTERNATIONAL DATA TRANSFERS
We work in the cross-border area and provide our App to our Users around the world.
We and third-party organizations that provide automatic data processing technologies for the App or our third-party advertising partners may transfer the automatically processed information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.
If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction.
This means that your personal information can be transferred to a third country, a territory or one or more specified sectors within that third country, or to the international organization where data protection and confidentiality regulations may not provide the same level of protection of personal data as your country does.
We try to make sure that the recipient of any personal data provides a proper protection of the personal data received, in accordance with the current legislation on the protection of such information. By using the App, you agree that we may transfer your personal data to any third country, a territory or one or more specified sectors within that third country, or to the international organization.
For the purposes of data storage, we recourse to the services of the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data - if possible - before sending it to the hosting organizations for the purposes of its storage. Please note that we cooperate only with those hosting organizations that have passed our security and reliability check.
VI. HOW LONG WE USE YOUR PERSONAL DATA
We generally retain your personal information for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. If you no longer want us to use your information that we physically access and store, you can request that we erase your personal information.
However, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if information is necessary to comply with legal obligation (taxation, accounting, audit) or in order to maintain safety and data backup settings, prevent fraud or other malicious acts.
Specific storage terms applicable to the User Content related to the skin analysis feature. We use your User Content related to the skin analysis feature (the face photos uploaded by you) solely to provide you with your personal skin analysis. Your User Content related to the skin analysis feature is permanently deleted from our servers within 24 hours after use or earlier.
VII. EXERCISING YOUR RIGHTS
Applicable data protection laws give you certain rights regarding your personal information. You have the following options in relation to your personal information that was collected:
- Data Access and Portability. You can request copies of your personal information.
- Change or Correct Data. Where you cannot update data by yourself through your account, you have the right to ask to correct, change, update or rectify your data.
- Data Retention and Deletion. The user data is generally retained for as long as your user profile is in existence or as it is needed to provide the relevant services. However, specific retention times can vary based on context of the processing performed. You have the right to ask to delete all or some of the personal data that is held about you.
- Restriction of Processing. Under certain circumstances, you may have the right to limit the ways in which your personal information is used.
- Lodge a complaint. You can lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.
To exercise any of the rights described above, you can contact us through contact form. Please bear in mind that we ensure the above mentioned rights only with respect to the information that we physically access and store.
If you are located in the European Union, you may address our
representative when you have questions on privacy issues:
Konrad Gutowski, privacy @ aiby.com.
VIII. HOW TO OPT OUT
Opt-out of marketing tracking
You can manage your activity tracking permissions. Inter alia, if you do not want third-party service providers to use the personalized ads on the basis of your interests please follow the instructions below:
Go to Settings > Privacy > Tracking, then tap to turn off or turn
on permission to track for a specific app. You can also control
whether apps can ask for permission to track your activity. If you
don’t want to be asked for your permission, or do not want apps to
access your device’s Advertising Identifier, go to Settings >
Privacy > Tracking and then disable the “Allow Apps to Request to
Track” switch. If you turn off "Allow Apps to Request to Track",
you won't get prompts from apps that want to track your activity.
Each app that asks for permission to track while this setting is
turned off will be treated as if you tapped “Ask App Not to
Track”. Please find additional information here:
or in the Settings > Privacy > Tracking section on your device.
If you want to disable Apple’s ad targeting, go to Settings > Privacy > Apple Advertising, then set the “Personalized Ads” switch to the “off” position. Please find additional information here: https://support.apple.com/en-us/HT202074.
You can also visit https://youradchoices.com for the same purpose.
Please mind that when you opt out of certain interest based advertising, you may still continue to receive contextual ads based on other non-personal information, such as ads related to the content of other digital products you are using.
Opt-out of Location Data Processing
If you don’t want third-party service providers to use your precise location data, or street-level location information about you please follow the instructions below:
- iOS 11 or later: turn Location Services off for the applicable Product via the menu “Settings > Privacy > Location Services”. Then select the applicable App and set the “Share My Location” status to “Never”. Please see additional information here: https://support.apple.com/en-us/HT203033.
The security of your personal information is highly important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We take reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your personal data to be encrypted with proper and strong encryption algorithms, including hashing where possible.
Unfortunately, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We do our best to protect your personal data, nevertheless, we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law.
If you have any questions about the security of our App, you can contact us through the contact form displayed below.
X. CHILDREN’S PRIVACY
Our App is not intended for children under the age of eighteen (18). Therefore, we do not knowingly collect or solicit any personal information from children under eighteen (18). If you have not reached the age of majority or legal age in your jurisdiction (i.e. if you are between the ages of thirteen (13) and seventeen (17), your use of the App is possible only with the relevant consent and under the supervision of the holder of parental responsibility for you. No one under the age of thirteen (13) may provide any personal information to the App. If we learn that we have collected personal information from a child under the age of eighteen (18) without verification of the holder of parental responsibility for a child, we will erase that information as quickly as possible. If you believe that we might have any information from or about a child under eighteen (18) and data processing is carried out without the relevant consent of the holder of parental responsibility for a child, please contact us.
XII. HOW TO CONTACT US