← Back to Cosmetry

Privacy Policy

Cosmetry — AI Skincare Tracker

Effective Date: March 28, 2026 | Last Updated: April 2, 2026

Cosmetry ("we," "our," or "the App") is operated by Mustafa Batin Efe. This Privacy Policy explains how we collect, use, and protect your information when you use our iOS application.

Cosmetry helps you manage your skincare product inventory, track allergens and skin reactions, build skincare routines, and get AI-powered skincare tips. Your privacy is fundamental to how we build and operate the App.

Key Principle: Your product photos are stored locally on your device. We do not upload or store your photos on our servers. AI processing of photos occurs only when you explicitly use the AI Photo Scan feature.

1. Data We Collect

Account Information

We use Apple's App Attest framework for device-level authentication. We collect:

  • App Transaction ID — A unique device identifier provided by Apple
  • Device attestation data — Cryptographic keys for fraud prevention
  • Support ID — A generated identifier for customer support purposes

We do not collect your name, email address, or Apple ID credentials directly.

Profile Data

Display name (optional), skin type, skin concerns, and notification preferences.

Product Inventory

Product names, brands, categories, ingredient lists, purchase/open/expiration dates, PAO values, and product status.

Allergen Data

Your personal allergen avoid list and allergen source information.

Skin Reaction Logs

Reaction date, severity, symptoms, body location, notes, and reaction photos (stored locally on device only).

Routine Data

Routine names, time of day, product order, usage logs, streaks, and reminder preferences.

AI Chat Conversations

Chat messages, AI responses, conversation history, titles, and message feedback.

Photos

Product, reaction, and profile photos are stored locally on your device and are never uploaded to our servers. Photos are only sent to Google Gemini API temporarily when you use the AI Photo Scan feature.

Purchase & Subscription Data

Credit balance, transaction history, and subscription status (managed by Adapty). Purchase receipts are processed by Apple and Adapty.

  • Subscription credits reset on each renewal period — unused credits do not carry over
  • Credit pack credits do not expire as long as your account is active
  • Trial credits (10) are provided during the free trial period

2. How We Use Your Data

  • Core Functionality — Managing your product inventory, tracking allergens, logging reactions, and building routines
  • AI-Powered Analysis — Providing personalized skincare tips, ingredient analysis, and product extraction via Google Gemini API
  • Allergen Detection — Automatically flagging products that contain ingredients on your avoid list
  • Expiry Tracking — Sending push notifications when products are approaching or past expiration
  • Credit & Subscription Management — Processing purchases and managing your credit balance
  • Customer Support — Using your Support ID to assist with issues

3. Third-Party Services

Google Gemini API

When you use AI Chat or AI Photo Scan, your product data, allergen list, reaction history, routine info, skin profile, and photos (during AI Photo Scan only) are sent to Google's Gemini API for processing. See Google Gemini API Terms.

Supabase

Backend infrastructure for database storage, authentication, and serverless functions. All data is secured with row-level security policies. See Supabase Privacy Policy.

Adapty

Manages subscriptions and in-app purchases. Processes purchase receipts and subscription status. See Adapty Privacy Policy.

Apple App Attest

Verifies that requests come from genuine iOS devices, preventing fraud and abuse.

4. Photo Storage & Processing

Important: All photos (product, reaction, profile) are stored exclusively on your device. We do not upload, store, or backup your photos on our servers.

When you use AI Photo Scan, your photos are temporarily sent to Google Gemini API for ingredient and product information extraction. The photos are processed in real-time and are not retained by our servers.

5. Analytics & Tracking

  • Adapty collects anonymized subscription analytics
  • We do not integrate any third-party advertising SDKs
  • We do not engage in cross-app tracking
  • We do not request App Tracking Transparency permission because we do not perform any such tracking

6. Data Retention & Deletion

  • Data is retained as long as your account is active
  • Delete your account anytime from Profile > Delete Account
  • Deletion permanently removes all products, allergens, reactions, routines, chat history, profile data, and notification tokens
  • Anonymized purchase records are retained after deletion solely to prevent fraud
  • Local photos are deleted from your device during account deletion
  • Deletion is irreversible — we cannot recover deleted data

7. Data Export

You can export all your data at any time using the Export My Data feature in Profile. The export includes your profile, products, ingredients, allergens, reactions, routines, and chat history. Photos are not included in exports as they are stored locally on your device.

8. Security

  • App Attest — Device-level verification prevents unauthorized access
  • Row-Level Security (RLS) — Database policies ensure users can only access their own data
  • JWT Authentication — Secure token-based authentication for all API calls
  • Keychain Storage — Credentials stored in iOS Secure Enclave via Keychain
  • TLS Encryption — All network communication is encrypted in transit
  • Server-Side Credit Management — Credit deductions are processed server-side

9. Your Rights

  • Access — Export your data anytime via Profile > Export My Data
  • Deletion — Delete your account and all data via Profile > Delete Account
  • Notification Control — Manage push notification preferences in Profile settings
  • AI Consent — You can choose not to use AI features; the Gemini consent is required only for AI Chat and AI Photo Scan
  • Correction — Edit your profile, products, and data at any time within the App

10. GDPR (European Economic Area Residents)

If you are located in the EEA, the UK, or Switzerland, the following additional provisions apply under the GDPR.

Data Controller: Mustafa Batin Efe — help@mbefe.com

Legal Basis: Legitimate Interest (core functionality), Consent (AI features via in-app consent screen), and Contract Performance (purchases/subscriptions).

Your Additional Rights: Right to Data Portability, Right to Object, Right to Lodge a Complaint with a supervisory authority.

Automated Decision-Making: We do not engage in automated decision-making or profiling that produces legal effects.

Cross-Border Transfers: Data may be transferred to the US (Supabase, Google Gemini API), safeguarded by Standard Contractual Clauses (SCCs).

11. CCPA/CPRA (California Residents)

  • We do NOT sell your personal information
  • We do NOT share your personal information for cross-context behavioral advertising
  • You have the Right to Know, Right to Delete, Right to Correct, and Right to Opt-Out
  • We will not discriminate against you for exercising your privacy rights

Contact: help@mbefe.com

12. Children's Privacy

Cosmetry is intended for users aged 12 and older. We do not knowingly collect data from children under 12. If you believe a child under 12 has created an account, please contact us at help@mbefe.com.

13. Medical Disclaimer

Cosmetry is NOT a medical application. The App provides informational skincare tips and ingredient tracking only. It does not diagnose, treat, or prevent any medical condition. Always consult a dermatologist or healthcare professional for skin concerns, allergies, or reactions.

14. Limitation of Liability & Indemnification

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, Cosmetry and its developer shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the App. The App is provided on an "as is" and "as available" basis without warranties of any kind.

15. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top will reflect changes. Continued use of the App after changes constitutes acceptance of the updated policy.

16. Contact Us

Email: help@mbefe.com

Developer: Mustafa Batin Efe

© 2026 Cosmetry. All rights reserved.