Privacy Policy and Data Protection Notice

Welcome to SkinYzer - OphtaOl SASU!

Thank you for choosing to be part of our community at OphtaOl SASU ("OphtaOl", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, process, and protect your personal data when you use our App. We comply with the GDPR, French data protection laws, and the privacy requirements of the Apple App Store and Google Play Store.

If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at contact@skinyzer.com.

We are particularly mindful of the sensitive nature of facial data and have implemented special measures to ensure your facial photos are processed with the highest level of security and privacy protection. As detailed in Section 3.C, facial photos are never stored and only used momentarily for analysis purposes.

1. Introduction and Scope

This privacy notice describes how we might use your information if you:

• Download and use our mobile application
• Engage with us in other related ways — including any sales, marketing, or customer support

The purpose of this privacy notice is to explain in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.

Please read this privacy notice carefully, as it will help you understand what we do with the information that we collect.

2. Data Controller Information

• Data Controller: OphtaOl SASU
• Registered Address: 60 Rue François Ier, 75008 Paris, France
• SIREN: 934 202 201
• Contact: contact@skinyzer.com

3. Data Collected and Processing Purposes

We collect personal information that you voluntarily provide to us when you register on the App, express an interest in obtaining information about us or our products and Services, when you participate in activities on the App or otherwise contact us.

4. Legal Bases for Data Processing

• Contract Performance: Data is processed to fulfill the App's service (e.g., generating personalized routines).
• Explicit Consent: For processing sensitive data such as health information or biometric data (face photo).
• Legitimate Interests: For account management, security, and service improvements.
• Compliance with Legal Obligations: As required under French and EU law.

5. Data Sharing and Third Parties

• Supabase: Acts as a data processor for storing your data securely.
• Face Analysis: Processes your face photo for analysis. We ensure that this third party complies with applicable privacy laws and does not store your image.
• Platform Providers: Apple and Google process subscription payments and authentication data.
• Other Processors: Any additional third-party services (e.g., for email communications) are bound by confidentiality and data protection agreements.
• No Data Sale: We do not sell your personal data to third parties.

6. Data Retention and Deletion

• Retention Period: Personal data is retained as long as your account is active or as required by law. Upon account deletion, data is permanently erased (except where retention is legally mandated).
• Backups: Data may exist temporarily in backup systems but will be purged in accordance with our retention policies.

7. Your Rights

Under the GDPR and French law, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Deletion: Request deletion of your data (right to be forgotten).
• Objection/Restriction: Object to or restrict processing in certain circumstances.
• Data Portability: Request your data in a structured, commonly used format.
• Withdraw Consent: Withdraw consent for processing at any time.
• Lodge a Complaint: File a complaint with the French CNIL or your local data protection authority if you believe your data rights have been violated.

How to exercise your rights:

• Log in to your account settings and update your user information
• Contact us directly at contact@skinyzer.com

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

8. Data Security Measures

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These include:

• Encryption: All data is transmitted via HTTPS and stored with strong encryption.
• Access Controls: Strict authentication protocols, Row-Level Security in Supabase, and limited administrative access.
• Regular Audits: We conduct regular security assessments and ensure that all third-party processors comply with industry-standard security measures.
• Incident Response: In the event of a data breach, we will notify affected users and the relevant authorities in accordance with GDPR requirements.
• Employee Training: All team members are trained in data protection practices and procedures.
• Face Data Security: We implement additional safeguards for facial photos:
  • Transmission using industry-standard TLS encryption
  • Secure memory management during processing
  • Verification of immediate deletion after analysis
  • Regular audit of our facial analysis provider's security practices
  • Strict contractual obligations with our provider prohibiting any data retention

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We encourage you to take steps to protect your personal data, such as keeping your account credentials confidential and using secure networks when accessing our App.

9. Cookies and Tracking Technologies

The App does not use browser cookies. However, local storage may be used for caching preferences. No third-party tracking tools or cross-app tracking are implemented.

10. International Data Transfers

Your data may be transferred and stored outside the EEA (e.g., in the United States) only with adequate safeguards (e.g., Standard Contractual Clauses) in place. By using the App, you consent to such transfers.

11. Changes to This Policy

We reserve the right to update this Privacy Policy. Any material changes will be communicated via the App and on our website. The "Last Updated" date at the top of this page will reflect the current version.

We encourage you to review this privacy notice frequently to be informed of how we are protecting your information. Your continued use of our App after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact and Complaints

For any privacy concerns, questions about this policy, or to exercise your rights, please contact:

If you believe your data is being mishandled, you may lodge a complaint with the French CNIL (Commission Nationale de l'Informatique et des Libertés) at www.cnil.fr or your local data protection authority.

13. How Can You Review, Update, or Delete Your Data?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information:

• Access your account settings within the App
• Contact us at contact@skinyzer.com

We will respond to your request within the timeframe required by applicable law.