Undertone Privacy Policy

Overview

This Privacy Policy explains how UNDERTONE BEAUTY Inc. (“we”, “us”, “our”) collects, uses, and shares information when you use the Undertone app and related services (the “Service”).

This template is provided for general informational purposes and isn’t legal advice. You should have counsel review before launch.

Who we are (data controller)

UNDERTONE BEAUTY Inc. is the organization responsible for your personal information when you use the Service (the “controller” in EEA/UK terms).

Contact: privacy@yourdomain.com

Information we collect

• Account information: email address and account name (if you set one).
• Uploads: photos/images you upload for analysis, and any information you include with them.
• Usage & device data: app version, device/OS, basic diagnostics, approximate region/timezone, and feature usage events for reliability and security.
• Subscription info: purchase/entitlement status and subscription identifiers needed to confirm access to paid features.
• Support communications: messages you send us (and any info you choose to include).

If you add analytics, ads, or tracking SDKs later, you must update this policy and your App Store “App Privacy” disclosures to match.

How we use information

• Provide, operate, and maintain the Service (including processing uploads to generate results).
• Create and manage accounts and subscription access.
• Secure the Service, prevent fraud/abuse, debug and troubleshoot.
• Improve performance and user experience (for example, reliability and feature improvements).
• Communicate with you (support, important service updates, and administrative messages).

Legal bases (EEA/UK/Switzerland)

If you are in the EEA/UK/Switzerland, we process personal data on the following legal bases:

• Contract: to provide the Service, including account and subscription functionality.
• Legitimate interests: to secure, maintain, improve, and prevent abuse of the Service (balanced against your rights).
• Consent: where required (for example, optional marketing or certain analytics if enabled in the future).
• Legal obligation: to comply with applicable laws and lawful requests.

How we share information

We do not sell your personal information.

We may share information with:

• Service providers that help us run the Service (hosting, storage, customer support tools, subscription management). They may process data only on our instructions and as needed to provide their services to us.
• Apple for payments and subscription management (handled through Apple’s systems for iOS purchases).
• Legal/safety when required to comply with law, enforce our terms, or protect rights, users, and the Service.

International transfers

Your information may be processed in Canada and other countries where we or our providers operate. These locations may have different data protection rules than your country/region.

If you are in the EEA/UK/Switzerland and your data is transferred internationally, we rely on recognized transfer mechanisms where required (such as adequacy decisions or contractual safeguards like Standard Contractual Clauses) and implement supplementary measures as appropriate.

Retention

We keep personal information only as long as necessary for the purposes described above, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Retention may vary based on the type of data, whether you have an active account, and legal or operational requirements. You can request deletion (see “Your rights and choices”).

Security

We use reasonable administrative, technical, and organizational safeguards appropriate to the sensitivity of the information. No method of transmission or storage is 100% secure.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict or object to certain processing, and (where applicable) portability.

EEA/UK: you also have the right to lodge a complaint with your local data protection authority, and you may withdraw consent at any time where processing is based on consent.

To make a request, contact privacy@yourdomain.com. We may need to verify your identity.

Automated processing

The Service may use automated processing to analyze images and generate results. This processing is intended to provide the Service’s features and does not make decisions that produce legal or similarly significant effects for you.

Children

The Service is not intended for children under 13 (or the minimum age required by local law). If you believe a child provided personal information, contact us so we can address it.

Changes to this Privacy Policy

We may update this policy from time to time. We will post the updated version and revise the “Last updated” date.

Contact

Privacy questions or requests: privacy@yourdomain.com

(Optional) Add a business mailing address here if you want one for global operations.