Rodan mobile Kft («Company», «we», «us», or «our») highly values your privacy and is committed to protecting the personal data you provide when using the Rodan care skin scanner mobile application (the «App») and related services, including the website www.skinlycare.io (collectively, the «Services»). This Privacy Policy («Policy») outlines the types of data we collect, how we process it, who has access to it, and your rights regarding your data.

For any questions, please contact us using the details provided at the end of this document. If you disagree with any terms of this Policy, please discontinue using the Services.

1. About Us

• Company: Rodan Mobile Kft
• Reg. No.: 2161
• Address: Verebeshegy utca 11, 2161 Csomád, Hungary
• Email: Support@skinlycare.io
• Website: www.skinlycare.io

This Privacy Policy applies to the processing of all personal data in connection with your use of the Rodan care skin scanner App and the related Services.

2. Scope and Acceptance of the Policy

By accessing or using the App or related Services, you accept the terms and conditions outlined in this Policy. If you do not agree, please discontinue your use of the Services.

We may amend or update this Policy periodically. The revised version will be made available through www.skinlycare.io and/or within the App. For substantial modifications, we will make reasonable efforts to alert users (e.g., via email or in-app notification). We advise checking this Policy periodically to stay informed of any updates.

3. What Data We Collect

We may gather and process the following categories of personal data:

3.1. Data Provided Directly

• Registration data: Email address, username, password (if required), and other details provided during account creation.
• Contact data: First and last name, email address, phone number, physical address, etc. (when voluntarily shared).
• Health/medical information: Skin images, details about skin conditions, responses to skin type and risk questionnaires, date of birth, gender, and any additional comments you provide. This constitutes sensitive data requiring your explicit consent for processing.
• Payment data: For paid features: card details, billing information, or other necessary payment processing details.
• Support and feedback: Communications sent to us (via email, chat, surveys, etc.).
• For professional (B2B) users: Job title, organization name, legal entity details, and contact information. When uploading third-party data (e.g., patient information), you act as the data controller. We process this data on your behalf in accordance with applicable laws.

3.2. Data Collected Automatically

We may automatically collect and process the following categories of data:

• Device technical data: Smartphone model, operating system version, browser type, IP address, language settings, application version, and access timestamps.
• Cookies and similar technologies: When you visit www.skinlycare.io or use our web services, we may utilize cookies to manage logins, store preferences, analyze traffic, and enable technical functionality.
• Interaction data: Pages and features accessed, timestamps of actions performed, along with error reports and exception logs.

3.3. Third Party Data

We do not recommend uploading third party data (e.g. skin images of others) without their explicit consent. The application is intended for personal use. If you want to help others, we recommend that you invite them to register an account.

Rodan care skin scanner allows users to submit anonymized skin images for automated analysis of dermatological conditions. The images are not linked to any personal data and cannot be used to identify an individual.

The analysis is performed using CE-marked technology provided by Skinive B.V., acting as a third-party service provider under a commercial agreement. Skinive acts solely as a technical processor of the anonymized data and does not store, reuse or repurpose the images provided beyond the immediate analysis. All data processing is compliant with the General Data Protection Regulation (GDPR), as the data processed is not personally identifiable and is not subject to personal data provisions. Learn more about Skinive’s technology and approach to compliance at: skinive.com

For professional use, you are required to comply with data protection laws when uploading third-party data.

3.4. Use of Third-Party Services and SDKs

We use third-party services and SDKs for analytics, functionality, error tracking, and payments:

• Analytics: Firebase, Google Analytics, Appsflyer, AppMetrica, Amplitude
• Crash logging and monitoring: Firebase Crashlytics, Sentry
• Payments and subscriptions: Stripe, Adapty.io
• Cloud storage: Amazon S3
• Marketing: Facebook SDK, AdMob

These services may process technical identifiers, app events, and anonymized data necessary for their functionality.

Privacy policies of third-party providers:

• Amazon AWS
• Facebook
• Google

3.5. Camera data

To create a visual effect during onboarding, the Skinly app requests access to the camera and the TrueDepth sensor. We 

use scene depth data exclusively in real-time on your device to display an animation that follows the contour of your face. This data is not stored on your device, transmitted to our servers, or used for analysis or identification. Access to the camera and TrueDepth sensor is requested only once on the onboarding screen and is not used in the app’s subsequent operation.

4. Face data

While faсе data may be considered biometric data in some jurisdictions, the technologies we implement in the app do not identify or authenticate people in the images or videos you upload, and we do not train our technologies to do so. We do not collect or use users’ facial data to improve our features.

5. Purposes of data processing

We process your data for the following purposes:

1. Provision of the app’s functionality and services:

• User registration and account management
• Analysis of uploaded skin images using artificial intelligence algorithms
• Provision of preliminary recommendations, notifications and service messages

1. Improvement and development of the Services: analysis of user experience, testing of new features and ensuring the quality and effectiveness of algorithms.
2. Customer support and communication:

• Answering inquiries via email or contact forms
• Sending notifications (including email) about test results, recommendations, and reminders to consult a doctor

1. Marketing and feedback:

• Sending newsletters and promotional emails (with your consent)
• Inviting you to participate in surveys or providing feedback
• Contacting you about updates and offers (unless you opt out)

1. Research and statistics:

• Anoonymizing or depersonalizing data to improve algorithms and conduct research (e.g. in the field of dermatology)
• Cooperation with research institutions and partners (only anonymous or depersonalized data is transmitted)

1. Compliance and protection of rights:

• Fulfillment of legal obligations, including tax and accounting
• Protection of the rights and interests of the Company and users (e.g. in litigation, investigations, official requests)

6. Legal bases for processing

Your data is processed based on the following legal bases (depending on the situation and jurisdiction):

• Contractual necessity: for example, when data processing is necessary to provide the app’s features or to fulfill our Terms of Use.
• Legitimate interests: for example, improving and promoting the Services, ensuring security, preventing fraud and similar activities that do not violate your rights and freedoms.
• Legal obligations: to comply with legal requirements (e.g., keeping financial records).
• Consent: for the processing of certain types of data (e.g. sending marketing emails, using cookies, downloading medical images), we obtain your consent.
• Explicit consent: for the processing of sensitive health-related data, we ask for your explicit consent. Without it, we will not be able to provide the relevant services.

7. Transfer of data to third parties

We may transfer your data to third parties in the following cases:

• Third-party providers and contractors: hosting services, cloud platforms, payment systems, email services, analytics providers — all of them are bound by data processing agreements compliant with the GDPR.
• Social networks and plugins:
  • We may offer login through social platforms (e.g. Telegram, Facebook), receiving a limited set of data (usually email). We do not control their privacy policies.
  • Our site may contain “Share” or “Like” buttons. These platforms may collect data when you interact with them. We are not responsible for such processing.
• Legal requests or protection of rights: we may disclose your data to public authorities (e.g. in response to an official request) or to protect our legitimate interests in accordance with applicable law.
• Business transfer: in the event of a merger, acquisition or sale of assets, your data may be transferred to the successor on a confidential basis.

8. Data storage and deletion

• We store personal data for no longer than is necessary for the purposes described in this Policy or as required by law.
• If you request deletion of your account or withdraw your consent, we will retain your personal data for up to 12 months (if necessary for legal or rights protection purposes), after which it will be securely deleted or anonymised.
• Images and other medical data may be stored in anonymous form for research or artificial intelligence training if you have given your explicit consent for such use.
• Some data may be stored for longer if required by law, to resolve disputes or to pursue legitimate interests (e.g. security logs).

9. Data security

We process your data in accordance with the EU General Data Protection Regulation (GDPR).

We use technical and organisational security measures: data transfer encryption (TLS), encrypted storage, access control, change logs, etc.

Access to confidential data is restricted to authorised employees and contractors in accordance with confidentiality agreements.

Despite all our efforts, no method of data transmission is completely secure. In the event of a data breach, we will notify the supervisory authorities and affected users in accordance with legal requirements.

10. Age restrictions

The Rodan care skin scanner app and services are not intended for persons under the age of 18. We do not knowingly collect data from children. If you believe that a minor has provided personal data without parental consent, please contact us and we will delete this information.

11. Your rights

• In accordance with applicable law (e.g., GDPR), you have the right to:
• Request access to your personal data (obtain a copy, find out how it is used).
• Request correction of inaccurate data.
• Request deletion of your data (‘right to be forgotten’) if there is no legal basis for retaining it.
• Restrict processing in certain cases, for example, if you dispute the accuracy of the data.
• Receive your data in a machine-readable format (data portability).
• Withdraw consent at any time (if processing is based on consent).
• Object to processing based on legitimate interests, including marketing.

To exercise your rights, please contact us at Support@skinlycare.io. We may request proof of identity (e.g., a masked copy of your ID) to verify your request.

You may also contact your local data protection authority if you have questions or complaints.

12. Contact information

• Company: Rodan mobile Kft
• Registration number: 2161
• Address: Hungary, 2161 Csomád, Verebeshegy utca 11
• Email: Support@skinlycare.io
• Websites: www.skinlycare.io

If you have any questions or requests regarding this Privacy Policy or the processing of your personal data, please contact us using the contact details provided above.

13. Final provisions

• This Policy may be supplemented by other documents (e.g., the Cookie Policy) published on our website.
• Your use of the Application and Services constitutes your agreement to this Policy.
• If any provision of this Policy is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.