This Privacy Policy explains how Epiderm AI ("we", "our", "us") collects, uses, and safeguards information when you use our AI-powered skin and hair analysis platform via epiderm.ai and app.epiderm.ai. By using our platform, you consent to the data practices described here.

We collect only the data necessary to provide our AI skin and hair analysis service. This includes business account information, analysis photos submitted by your end-users, and usage analytics to improve our platform.

• Business account information: company name, email, billing details, and API credentials.
• Analysis photos uploaded by end-users for skin/hair analysis (processed in real-time, not permanently stored).
• Anonymized usage analytics: number of analyses performed, feature usage, API call patterns.
• Metadata: timestamps, browser/device information, and session tokens for authentication.

Your data helps us operate, improve, and deliver accurate AI-powered skin and hair analysis. We do not sell your information. User-uploaded photos are analyzed in real-time and immediately discarded. Anonymized data may be used to improve AI model accuracy.

• To authenticate business accounts and manage API access.
• To perform real-time AI analysis of skin and hair conditions from uploaded photos.
• To generate personalized skincare and haircare product recommendations.
• To troubleshoot, secure, and optimize platform performance and AI accuracy.
• To comply with legal obligations and enforce Terms of Service.

We only share data with trusted third-party services that help us run Epiderm AI. These providers are under contractual obligations to protect your data and never use it for their own purposes. We never sell or share end-user photos with any third parties.

• AWS or Google Cloud (secure infrastructure for AI processing and data storage)
• AI processing services (for skin/hair analysis - photos are never stored)
• Authentication providers (secure login and API key management)
• Payment processors like Stripe (for subscription billing)

Our platform uses advanced AI models to analyze skin and hair conditions from uploaded photos. User photos are processed in real-time and immediately discarded after analysis. We may use anonymized analysis results (without any identifying information or photos) to improve AI accuracy over time.

• AI analyzes skin conditions, pore visibility, hydration levels, wrinkles, and other dermatological features in real-time.
• Photos are never stored permanently - they are analyzed and immediately deleted from our servers.
• We may retain anonymized analysis metadata (e.g., "skin type: oily" without photos) to improve AI models.
• No personally identifiable photos or user data are ever used for AI training.

You have the right to access, export, update, or delete your personal data under applicable laws like GDPR and CCPA. You may also withdraw consent and request account deletion.

• Request access to your data or correct inaccuracies by emailing us.
• Request deletion of your account and all associated data.
• Export your data upon request in a structured format.
• Opt out of analytics and communication where legally required.

We use secure cloud platforms like AWS and Google Cloud with enterprise-grade security. All data is encrypted at rest and in transit. While no system is 100% secure, we implement industry-standard protections including SOC 2 compliance measures and strict access controls.

• Business data is stored in secure cloud infrastructure with encryption and access control.
• All transmissions occur over HTTPS with TLS 1.3 encryption.
• User photos are processed in-memory only and never written to permanent storage.
• Access to systems is restricted to authorized personnel only with multi-factor authentication.

We retain your business account data for as long as your subscription is active. User-uploaded photos are never retained - they are analyzed in real-time and immediately deleted. You may request account deletion at any time, and some data may be retained to meet legal or compliance obligations.

• Business account data (company info, billing, API keys) is retained during active subscription.
• User photos are never stored - they exist only in memory during analysis (typically 2-5 seconds).
• After account deletion, business data is permanently purged within 30 days unless legally required.
• Anonymized usage analytics may be retained for service improvement purposes.

Epiderm AI is a B2B platform intended for business use. Our clients are responsible for ensuring their end-users comply with applicable age restrictions. We do not knowingly collect personal information from children under 13. If you believe we have unintentionally processed such data, contact us immediately.

• Our platform is designed for business accounts, not individual minors.
• Clients must ensure their implementations comply with COPPA and similar regulations.
• If minor data is inadvertently processed, it is automatically deleted per our photo retention policy.

We may update this Privacy Policy at any time. Continued use of Epiderm AI after changes are posted constitutes your acceptance of the revised policy. We encourage business clients to review it periodically.

• Changes will be posted on this page with updated dates.
• Major changes may be communicated via email to account administrators.

For any privacy-related questions or requests, you can reach us at [email protected].