Privacy Policy

1. Introduction

Welcome to Makeup DNA ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you visit our website at makeupdna.ai, use the Makeup DNA mobile applications on iOS and Android, and use our related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the collection, use, and disclosure of your information as described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

We collect different types of information depending on how you interact with our Service:

2.1 Personal Information You Provide

• Email address: When you create an account or complete our quiz
• Payment information: Credit card details and billing information are processed and stored directly by our payment processors, Stripe and Revolut. We do not store your full card number on our servers.
• Photos and selfies: Images you capture or upload for generating personalized makeup looks

2.2 Quiz Response Data

When you complete our personalized beauty quiz, we collect your responses including:

• Age range
• Skin tone and skin concerns
• Eye color
• Makeup skill level and experience
• Makeup routine and products currently owned
• Makeup challenges and goals
• Preferred makeup occasions and look styles
• Tutorial viewing experience and preferences
• Personal comfort level and aspirations related to makeup

2.3 Automatically Collected Information

• IP address: Collected when you submit the quiz or interact with our Service
• User agent: Browser type, version, and operating system information
• Device information: Type of device, screen resolution, and browser capabilities
• Usage data: Pages visited, features used, time spent on pages, click patterns, and interaction data
• Referral data: How you arrived at our website, including referring URLs and advertising campaign identifiers

2.4 Cookies and Tracking Identifiers

• Authentication cookies: Used to manage your login session
• Advertising cookies: Set by advertising partners to identify your browser and attribute ad clicks
• Temporary cookies: Used for account registration flow (e.g., linking your quiz results to your account)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Generate personalized makeup looks using AI based on your selfie and quiz responses
• Provide tailored makeup tutorials, tips, and product recommendations
• Perform real-time face detection and analysis during selfie capture
• Create and manage your user account
• Process subscription payments and manage billing

3.2 Communication

• Send you verification codes for account authentication
• Send transaction confirmations and billing receipts
• Respond to your support inquiries and customer service requests
• Send you important updates about the Service, including changes to our terms or policies

3.3 Analytics and Improvement

• Monitor and analyze usage trends and patterns to improve the Service
• Measure the effectiveness of our features and user experience
• Detect, investigate, and prevent fraudulent transactions or unauthorized access

3.4 Advertising and Marketing

• Track advertising conversions to measure the effectiveness of our marketing campaigns
• Send hashed (anonymized) email addresses to Meta for ad optimization and conversion tracking
• Attribute subscriptions and purchases to specific advertising campaigns

4. Photo Storage and Processing

Your photos are a sensitive category of data, and we take special care in handling them:

4.1 How Photos Are Captured

• Camera capture: You may use your device's camera to take a selfie directly in the app. Camera access is requested through your browser's standard permissions and can be revoked at any time through your browser settings.
• File upload: Alternatively, you may upload an existing photo from your device.
• Example images: If you prefer not to use your own photo, you may select a pre-provided example image.

4.2 How Photos Are Processed

• Face detection: Real-time face detection runs entirely in your browser (client-side). No face detection data is sent to our servers.
• AI makeup generation: Your photo is sent to a third-party AI service to generate personalized makeup looks. The AI provider processes the image according to their own privacy policy.
• Storage: Your original selfie and AI-generated images are stored securely in our cloud storage infrastructure.

4.3 Photo Protections

• Photos are stored using industry-standard encryption
• Your photos are used solely for generating your personalized makeup looks and providing the Service
• We do not sell, rent, or share your photos with third parties for advertising or marketing purposes
• We do not use your photos to train AI models
• Your photos are not publicly accessible and cannot be viewed by other users
• You may request deletion of all your photos at any time by contacting us

5. Third-Party Services and Data Sharing

We share your information with the following third-party services that are necessary to operate the Service:

5.1 Payment Processing

• Providers: Stripe (Stripe, Inc., USA) and Revolut (Revolut Payments UAB, Lithuania). On mobile, in-app purchases are processed by Apple App Store, Google Play, and RevenueCat.
• Data shared: Email address, payment method details, billing address, transaction amounts
• Purpose: Process subscription payments and manage recurring billing
• Security: Both Stripe and Revolut are PCI-DSS Level 1 certified, the highest level of payment security compliance.

5.2 Cloud Infrastructure

• Providers: Supabase (Supabase Inc., USA — database, authentication, and file storage) and Vercel (Vercel Inc., USA — application hosting and serverless functions).
• Data shared: All account data, quiz responses, photos, and authentication data
• Purpose: Database hosting, user authentication, and secure file storage

5.3 AI Processing

• Provider: Google Gemini API (Google LLC, USA), used to generate personalized makeup looks and tutorial feedback.
• Data shared: Your selfie photo, AI-generated images, and quiz responses needed to generate the look.
• Purpose: Generate AI-powered personalized makeup looks based on your photo
• Note: Face detection during selfie capture runs entirely in your browser and does not send data to external servers.

5.4 Advertising and Analytics

• Providers: Meta Pixel and Meta Conversions API (Meta Platforms Ireland Ltd.) for conversion tracking and ad optimization, and Vercel Analytics (Vercel Inc., USA) for aggregated, privacy-friendly traffic analytics. We do not use TikTok, Google Ads, or Google Analytics pixels.
• Data shared: Hashed email address, IP address, user agent, advertising cookie identifiers, purchase amounts, and conversion events
• Purpose: Measure advertising effectiveness, track conversions, and optimize ad delivery
• Events tracked: Page views, quiz completion, content views, payment initiation, subscription completion, and purchases

5.5 Other Disclosures

We may also disclose your information:

• Legal requirements: If required by law, regulation, legal process, or governmental request
• Rights protection: To enforce our Terms of Service or protect the rights, property, or safety of Makeup DNA, our users, or others
• Business transfers: In connection with any merger, acquisition, sale of assets, or bankruptcy proceeding, in which case you will be notified

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Service. The following table summarizes the cookies and tracking technologies we use:

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling essential cookies may prevent you from using certain features of the Service, such as staying logged in.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specifically:

• Account data and quiz responses: Retained for the duration of your account. Deleted upon account deletion request.
• Photos: Retained for the duration of your account or until you request deletion, whichever comes first.
• Payment records: Retained as required by applicable tax and accounting regulations (typically up to 7 years).
• Server logs and analytics data: Retained for up to 12 months for analysis and security purposes.

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL (HTTPS)
• Encryption of stored data using industry-standard methods
• Secure authentication with support for Google sign-in and email verification codes
• Payment processing through PCI-DSS Level 1 compliant infrastructure
• Access control policies on our database to prevent unauthorized data access
• Server-side validation and authorization for all sensitive operations
• Email addresses are hashed before being shared with advertising partners

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent legislation:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure: You have the right to request deletion of your personal data ("right to be forgotten"), subject to certain legal exceptions.
• Right to restriction of processing: You have the right to request that we limit the processing of your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller.
• Right to object: You have the right to object to processing of your personal data for direct marketing purposes or processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

To exercise any of these rights, please contact us at support@makeupdna.ai. We will respond to your request within 30 days.

10. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide you with the Service, including account creation, quiz processing, AI image generation, and subscription management.
• Consent: Where you have given explicit consent, such as uploading your photo for AI processing or opting in to marketing communications.
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests do not override your fundamental rights.
• Legal obligation: Processing necessary to comply with applicable laws, such as tax record-keeping and responding to legal requests.

11. International Data Transfers

Because we rely on US-based service providers, your personal data is transferred to and processed outside the European Economic Area. Specifically:

• United States: Stripe, Supabase, Vercel, and Google (Gemini API) process data on US infrastructure.
• European Union (Lithuania / Ireland): Revolut and Meta process data primarily within the EU.
• Customer support and operations: We are established in Lithuania and access data from there.

When we transfer data outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) with each provider, supplemented by the EU-U.S. Data Privacy Framework where the recipient is certified. You may request a copy of the safeguards in place by contacting us.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@makeupdna.ai. If we discover that we have collected personal information from a child under 18, we will promptly delete that information.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is currently no universally accepted standard for how to respond to DNT signals. At this time, we do not respond to DNT signals, but we will continue to monitor developments in this area.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last updated" date
• Sending you an email notification for significant changes (if we have your email address)

Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.