Privacy Policy

Last updated: March 4, 2026

1. Introduction

Pulse Labs ("we," "our," or "us") operates the Derma AI mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using Derma AI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, name, date of birth, and gender when you create an account.
  • Onboarding responses: answers to skin-related questions (skin type, concerns, product usage, sun exposure, diagnosed conditions).
  • Photos: facial photos you take for skin analysis and check-ins. These are processed by our AI and stored securely.
  • Routine and habit data: skincare routine completion, habit tracking entries (water intake, sleep, SPF use).

2.2 Information Collected Automatically

  • Device information: device type, operating system version, and unique device identifiers.
  • Usage data: app interactions, feature usage patterns, and session duration.
  • Crash and performance data: error logs and diagnostics to improve app stability.

3. How We Use Your Information

We use the information we collect to:

  • Provide personalized skin analysis using AI (Gemini Vision).
  • Generate customized skincare routines based on your skin profile and questionnaire answers.
  • Track your skin health progress over time.
  • Analyze product ingredients for compatibility with your skin.
  • Generate AI-powered insights connecting your routine and habits to skin improvements.
  • Improve and optimize our App and AI models.
  • Communicate with you about your account, updates, and support.

4. Photo Data

Your facial photos are central to Derma AI's functionality. Here is how we handle them:

  • Photos are transmitted securely (encrypted in transit) to our AI processing service for analysis.
  • Photos are stored in your private account storage and are not shared with other users.
  • We retain photos for up to 90 days after your last activity. Our automated photo cleanup service removes older photos.
  • You can request deletion of all your photos at any time through the App or by contacting us.
  • We do not use your photos for advertising or sell them to third parties.

5. Data Sharing

We do not sell your personal information. We may share your information with:

  • AI processing services: Google Gemini API processes your photos and skin data for analysis. This data is transmitted securely and is subject to Google's data processing terms.
  • Cloud infrastructure: Supabase for authentication and data storage. Your data is encrypted at rest and in transit.
  • Error monitoring: Sentry for crash reporting and diagnostics (no personal data is included in error reports).
  • Legal requirements: if required by law, court order, or governmental authority.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS/SSL) and at rest.
  • Secure authentication via Supabase Auth.
  • Row-level security policies ensuring users can only access their own data.
  • Regular security audits and monitoring.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access: request a copy of your personal data.
  • Rectification: request correction of inaccurate data.
  • Erasure: request deletion of your personal data.
  • Data portability: export your data in a structured, machine-readable format. You can use the data export feature in the App under Profile > Export My Data.
  • Restriction: request restriction of processing.
  • Objection: object to processing based on legitimate interests.

To exercise any of these rights, please contact us at the email address below.

8. Data Retention

  • Account data: retained for as long as your account is active.
  • Photos: retained for up to 90 days after your last activity, then automatically cleaned up.
  • Analysis results: retained for the life of your account to enable progress tracking.
  • Cached AI insights: stored locally on your device and refreshed periodically.

When you delete your account, all associated data is permanently removed within 30 days.

9. Children's Privacy

Derma AI is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the "Last updated" date above.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Pulse Labs
Email: privacy@derma-ai.app