Undertone Privacy Policy

Overview

This Privacy Policy explains how UNDERTONE BEAUTY Inc. (“we”, “us”, “our”) collects, uses, and shares information when you use the Undertone app and related services (the “Service”).

Who we are (data controller)

UNDERTONE BEAUTY Inc. is the organization responsible for your personal information when you use the Service (the “controller” in EEA/UK terms).

Contact: support@undertoneapp.io

Information we collect

• Account information: email address and account name (if you set one). Your password is stored on our servers only as a cryptographic hash.
• Uploads (face photos): face photos you choose to upload or capture for undertone analysis. These photos may contain your face, skin, jawline, neck, and related visual facial features needed to estimate undertone.
• Analysis outputs: the results we generate from your uploads (for example undertone/season/confidence, photo suitability, and tone number/depth). To support scan history, result consistency, and usage-limit enforcement, we store the analysis output and may store a cryptographic hash of the uploaded image. We do not store the raw image bytes on our servers after processing.
• Chat messages: messages you send in the analysis chat feature and limited recent chat history you provide with your request.
• Subscription and purchase data: entitlement status (for example whether you have Pro), plan interval, and identifiers needed to confirm access to paid features. Purchases are processed through the billing provider for your platform, such as Apple In-App Purchase on iOS or Google Play Billing on Android. We use a subscription management provider (currently RevenueCat) to help verify entitlements.
• Device and usage data: basic diagnostics and device information (such as app version, device/OS, language/timezone) and server logs (such as IP address and timestamps) used for security, fraud prevention, reliability, and enforcing usage limits.
• Support communications: messages you send to us and information you choose to include.

On-device storage: certain information may be stored locally on your device (for example your product list/kit, saved analysis history, and chat history) using device storage. This local data remains on your device unless you delete it (for example by uninstalling the app) or unless we later add an explicit sync feature.

Face data and photo processing

When you use the undertone scan feature, the app processes a face photo that you choose or capture. We use that face photo only to determine whether the image contains a usable human face, generate undertone analysis results, and support related app features. We do not use face data to identify you, authenticate you, create a biometric template, or perform face recognition.

• What face data we collect: the face photo you choose to submit, whether the photo is usable for analysis, and derived outputs such as undertone, season, confidence, tone number, and tone depth.
• How we use face data: to generate undertone results, support chat and recommendations based on those results, maintain scan history, improve consistency across your scans, and enforce usage limits.
• Third parties and storage: the submitted face photo is transmitted to our AI service provider (currently OpenAI) for processing on our behalf. We do not sell face data. We do not store raw uploaded image bytes on our servers after processing. We may store the resulting analysis output and a cryptographic hash of the uploaded image in our database, and some scan history may also be stored locally on your device.
• Retention: raw uploaded face photos are not retained on our servers after processing. Derived analysis outputs and cryptographic image hashes are retained while your account remains active so the app can provide scan history and enforce usage limits, and are deleted from our active systems when you delete your account, subject to limited legal or operational retention.

How we use information

• Provide the Service: create and manage your account, authenticate you, and provide core app functionality.
• Photo analysis: process your uploaded face photos to determine whether they contain a usable human face and to generate undertone analysis results.
• AI chat and recommendations: answer questions about your results and provide recommendations based on your analysis.
• Subscriptions: confirm purchases and entitlement status for paid features.
• Password reset and support: deliver password reset emails and respond to support requests.
• Safety, security, and reliability: prevent abuse, troubleshoot, and enforce usage limits.

Legal bases (EEA/UK/Switzerland)

If you are in the EEA/UK/Switzerland, we process personal data on the following legal bases:

• Contract: to provide the Service, including account and subscription functionality.
• Legitimate interests: to secure, maintain, improve, and prevent abuse of the Service (balanced against your rights).
• Consent: where required (for example, optional marketing or certain analytics if enabled in the future).
• Legal obligation: to comply with applicable laws and lawful requests.

How we share information

We do not sell your personal information.

We may share information with:

• AI service providers: to analyze uploaded face photos and generate chat responses/recommendations (currently OpenAI). This may include processing your submitted face photo and related analysis context. These providers process data on our behalf to provide their services and may handle data according to their policies and security requirements.
• Email delivery providers: to send password reset emails (when enabled; currently Resend).
• Subscription and payment providers: Apple processes iOS in-app purchases and Google processes Android in-app purchases through Google Play Billing. We also use a subscription management provider (currently RevenueCat) to verify entitlements and manage subscription status.
• Infrastructure providers: hosting, database, and other providers that help operate the Service.
• Legal and safety: if required to comply with law, enforce our terms, or protect rights, users, and the Service.

International transfers

Your information may be processed in Canada and other countries where we or our providers operate. These locations may have different data protection rules than your country/region.

If you are in the EEA/UK/Switzerland and your data is transferred internationally, we rely on recognized transfer mechanisms where required (such as adequacy decisions or contractual safeguards like Standard Contractual Clauses) and implement supplementary measures as appropriate.

Retention

We keep personal information only as long as necessary for the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.

Photos / face data: we do not store raw uploaded image bytes on our servers after processing. We may retain derived analysis outputs (and a cryptographic hash of the uploaded image) while your account remains active to support scan history, improve consistency of results, and enforce usage limits. When you delete your account, those stored analysis outputs are removed from our active systems, subject to limited legal or operational retention.

On-device data: some information (such as your product list/kit and chat history) may be stored locally on your device and will remain there unless you delete it (for example by uninstalling the app).

Security

We use reasonable administrative, technical, and organizational safeguards appropriate to the sensitivity of the information. No method of transmission or storage is 100% secure.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict or object to certain processing, and (where applicable) portability.

EEA/UK: you also have the right to lodge a complaint with your local data protection authority, and you may withdraw consent at any time where processing is based on consent.

Account deletion: if you have an account, you can initiate deletion in the app (Account → Delete account) or through our web deletion page at undertoneapp.io/undertone-legal/delete-account/index.html. Deleting your account removes your server-side data associated with your account (such as sessions and stored analysis outputs), subject to limited legal/operational retention.

To make a request, contact support@undertoneapp.io. We may need to verify your identity.

Automated processing

The Service uses automated processing, including AI-based analysis of face photos, to generate undertone results and to answer questions about those results. This processing is intended to provide the Service’s features, is not used for face recognition or identity verification, and does not make decisions that produce legal or similarly significant effects for you.

Children

The Service is not intended for children under 13 (or the minimum age required by local law). If you believe a child provided personal information, contact us so we can address it.

Changes to this Privacy Policy

We may update this policy from time to time. We will post the updated version and revise the “Last updated” date.

Contact

Privacy questions or requests: support@undertoneapp.io