Dermelloa

Privacy Policy

Last updated: June 2026

The short version: we collect as little as we possibly can, and the tools that touch your skin data don’t store any of it. This page explains exactly what that means in plain English.

Educational tools (free)

Our ingredient explainer, sunscreen guide, app & scanner comparison, and other reading content don’t require an account and don’t collect personal information.

The Skin Profile Educator sends the answers you type to an AI model to generate your educational profile, then discards them. We don’t log your answers, your results, or your IP address in connection with that tool. Gender and ethnicity are optional and are used only to make the research translation more accurate.

Paid AI Skin Analysis — zero data retention

This is the only tool with a payment. It is built so that we never hold your skin data:

  • Your image and your result are never stored. Your photo is sent straight to the AI model and your analysis is returned to your browser. Neither is ever written to a database, a log file, a storage bucket, or any file system. They exist only in server memory for the few seconds the analysis takes, and then they’re gone.
  • No account, no email. Checkout is guest-only. We don’t ask you to register, and we don’t capture your email unless you explicitly choose to have your result emailed — and even then, that email is not stored after delivery.
  • Payments. Stripe processes your payment. We never see or touch your card details. Stripe keeps only what it’s legally required to keep for the transaction on their side.
  • What we keep. For each purchase we store an anonymous transaction record — a transaction id, timestamp, amount, the Stripe payment reference (so we can issue refunds), a hashed one-time access token, whether the analysis succeeded, and the number of AI tokens used (so we can monitor cost). That’s the complete list. No images. No results. No profile answers. No IP address. No device fingerprint.

Because we don’t collect this personal data, there is nothing to leak: we cannot be breached for skin-analysis data we never stored. This is also how we stay compliant with GDPR and CCPA by design.

Your rights

Under GDPR and CCPA you have rights to access, correct, and delete personal data a company holds about you. For the skin tools, there is effectively nothing to delete because we don’t keep your inputs or outputs. For a payment, you can ask us to look up a transaction by its Stripe reference and issue a refund. Contact us and we’ll help.

Changes to this policy

If we change how we handle data, we’ll update this page and the “last updated” date above. Material changes to the paid tool’s zero-retention model would be called out clearly before you pay.

Questions about your data? Reach out and we’ll answer in plain English.