Privacy Policy

Effective date: April 5, 2026

Aureli ("we", "us", "our") operates the Aureli mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our app.

1. Information We Collect

Account Information

When you create an account, we collect your email address, age range, and gender (optional). If you sign in with Apple or Google, we receive only the information you authorize.

Skin Scan Data (Biometric Data)

When you use the scan feature, our AI analyzes your face to generate skin metric scores. We process facial images on-device using ML Kit face detection. Raw facial images are not stored on our servers. Only the derived metric scores (numerical values) are stored in your account.

Profile & Preferences

During onboarding, we collect your skin type, skin concerns, health conditions, makeup preferences, and product values (e.g., vegan, fragrance-free). This data personalizes your routines and recommendations.

Trigger & Lifestyle Logs

If you use trigger tracking, we store the data you voluntarily log — sleep, stress, diet, water intake, exercise, and cycle phase — to correlate with skin changes.

Product Data

When you scan product barcodes, we look up ingredient data from third-party databases. Your product usage history is stored in your account.

Usage Data

We collect anonymous analytics about app usage (screens visited, feature usage, crash reports) to improve the product. This data cannot be used to identify you.

2. How We Use Your Information

• Generate personalized skin analysis and scores
• Create tailored AM & PM skincare routines
• Provide AI-powered skin chat recommendations
• Generate daily cards, weekly reports, and monthly summaries
• Correlate triggers and lifestyle factors with skin changes
• Check product ingredient compatibility with your skin profile
• Send notifications (scan reminders, streak alerts, milestone celebrations) if you opt in
• Improve our AI models and app experience

3. Data Storage & Security

Your data is stored in Supabase (hosted on secure cloud infrastructure) with row-level security. All data is encrypted in transit (TLS) and at rest. We follow industry-standard security practices to protect your information.

4. Biometric Data Consent

Before your first scan, we ask for explicit consent to process your facial data. You can withdraw this consent at any time in the app settings, which will disable the scan feature. We comply with biometric data regulations including BIPA (Illinois), GDPR (EU), and equivalent laws.

5. AI Transparency

Aureli uses artificial intelligence to analyze your skin and generate recommendations. AI-generated content (routines, daily cards, chat responses) is clearly labeled. Our AI does not replace professional dermatological advice.

6. Data Sharing

We do not sell your personal data. We may share data with:

• Service providers — cloud hosting (Supabase), authentication (Apple/Google), payment processing (Apple/Google in-app purchases via RevenueCat)
• Analytics — anonymous, aggregated usage data only
• Legal requirements — if required by law or to protect our rights

7. Your Rights

You have the right to:

• Access your data — export all your data from the app at any time
• Correct your data — update your profile and preferences anytime
• Delete your data — permanently delete your account and all associated data
• Withdraw consent — disable biometric processing or notifications
• Data portability — export your data in a standard format

To exercise these rights, use the in-app settings or contact us at info@getaureli.app .

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymous, aggregated analytics may be retained indefinitely.

9. Children's Privacy

Aureli is not intended for children under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it.

10. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR and applicable laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

info@getaureli.app