Privacy Policy
Acnera Effective Date: March 25, 2026 Last Updated: April 4, 2026
1. Introduction
Acnera ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Acnera mobile application ("App").
This policy applies to all users globally. Depending on your jurisdiction, additional rights and protections may apply — see Sections 13 (GDPR), 14 (CCPA), and 15 (Children's Privacy) for jurisdiction-specific details.
Please read this policy carefully. By using Acnera, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the App.
2. Information We Collect
In plain terms, here is the data Acnera collects:
- Face scan images — photos of your face taken for acne analysis, stored in cloud storage
- Skin analysis data — acne counts, severity scores, and skin feature assessments generated from your scans
- Scanned product data — photos and ingredient analysis of skincare products you scan
- Routine and habit data — your daily skincare routine logs and check-ins
- Account identifiers — a unique user ID linked to all your data
- Name — collected if you sign in with Apple and choose to share it
- Purchase history — your subscription status via RevenueCat
Full details by category are in the tables below.
2.1 Information You Provide Directly
| Category | Data Points | Purpose |
|---|---|---|
| Account Information | Name, email address (optional), password (hashed) | Account creation and authentication |
| Skin Photos | Face photos taken via camera or uploaded from photo library | AI skin analysis; progress tracking |
| Product Data | Skincare product names, brands, categories, and scanned ingredient labels | Ingredient analysis; conflict detection |
| Health & Lifestyle Data | Water intake, sleep times, menstrual cycle dates, stress level, energy level | Habit tracking; personalized insights |
| Journal Entries | Free-form text notes about skin, mood, or health | Personal log and insight correlation |
| Skin Analysis Results | AI-generated skin score, acne type, redness, pore visibility scores | Stored to track progress over time |
2.2 Information Collected Automatically
| Category | Data Points | Purpose |
|---|---|---|
| User Identifier | Anonymized UUID assigned by Supabase authentication | Linking data to your account |
| Device Information | Device model, iOS version, app version | Debugging; service improvement |
| App Usage Data | Feature usage patterns, session frequency | Analytics; service improvement |
| Subscription Status | Subscription state (active/inactive/trial), entitlement information | Gating premium features |
| Game Progress | Achievement completions, daily quest data, farm game state | App functionality |
2.3 Information from Third Parties
| Source | Data Received | Purpose |
|---|---|---|
| Apple (Sign in with Apple) | Anonymized Apple ID, optional name and email | Account linking |
| RevenueCat | Subscription status, purchase history | Subscription management |
| Supabase | Authentication tokens, session data | Secure backend access |
3. Sensitive Health Data
Acnera collects categories of data that may be considered sensitive health or personal data under applicable laws:
3.1 Skin and Facial Images
Your face photos are processed by AI models to generate skin analysis results. Photos are stored encrypted in cloud storage and are accessible only to you. Photos are never used for facial recognition, identity verification, advertising profiling, or shared with third parties for commercial purposes.
3.2 Menstrual Cycle Data
If you choose to log menstrual cycle data, this information is used solely to identify potential correlations between hormonal cycles and skin health patterns within your personal dashboard. We do not sell, share, or use menstrual data for advertising or any purpose other than providing this feature to you.
3.3 Sleep and Wellness Data
Sleep, water intake, stress, and energy data are used exclusively to provide personalized habit insights within the App. This data is not shared with health insurance companies, employers, or any third party.
Important Notice (United States): Health and wellness data collected by Acnera is not covered by HIPAA (Health Insurance Portability and Accountability Act), as Acnera is not a covered entity or business associate under HIPAA. However, we voluntarily apply strong protections to your health data as described in this policy.
4. How We Use Your Information
We use your information for the following purposes:
4.1 Core App Functionality
- Create and manage your user account.
- Process and display AI skin analysis results.
- Store progress photos and display comparison tools.
- Analyze skincare product ingredients for safety and compatibility.
- Track habits, routines, and health data to generate insights.
- Deliver personalized skincare recommendations.
4.2 Subscription Management
- Verify your Acnera Pro subscription status via RevenueCat.
- Process and validate in-app purchases through Apple.
- Restore prior purchases on reinstall or new devices.
4.3 Service Improvement
- Aggregate, anonymized analytics to improve App features and performance.
- Debug errors and improve App stability.
- Develop and train AI models on aggregated, de-identified data only (never on individually identifiable photos or personal data without explicit opt-in consent).
4.4 Communications
- Transactional notifications (e.g., subscription renewal reminders).
- In-app notifications about new features (you may opt out in iOS notification settings).
- Response to support requests.
4.5 Legal and Safety
- Comply with applicable law, regulations, or legal processes.
- Enforce our Terms of Service.
- Protect the rights, property, and safety of users or the public.
- Detect and prevent fraud or abuse.
5. Legal Basis for Processing (GDPR / EEA Users)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance (Art. 6(1)(b) GDPR) |
| Core app features (analysis, tracking) | Contract performance (Art. 6(1)(b) GDPR) |
| Sensitive health data (photos, menstrual cycle) | Explicit consent (Art. 9(2)(a) GDPR) |
| Service improvement analytics | Legitimate interests (Art. 6(1)(f) GDPR) |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
You may withdraw consent for processing sensitive data at any time by deleting the relevant data or your account. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
6. Data Storage and Security
6.1 Where Data is Stored
- On-Device (SwiftData): A local encrypted SQLite database stores data for offline use.
- Supabase Cloud: User data, preferences, and analysis results are stored in Supabase PostgreSQL databases hosted on AWS infrastructure in the United States (us-east-1).
- Supabase Storage: Photos and product images are stored in Supabase's object storage (backed by AWS S3) with server-side encryption at rest, in the United States (us-east-1).
By using Acnera, you consent to your data being transferred to and processed in the United States.
6.2 Security Measures
We implement industry-standard security measures including:
- Encryption in Transit: All data transmitted between the App and our servers uses TLS 1.2 or higher.
- Encryption at Rest: All data stored in Supabase is encrypted at rest using AES-256.
- Signed URLs: Photos are accessed only through time-limited (1-hour) signed URLs — direct access to storage is not permitted.
- Row-Level Security (RLS): Database policies ensure users can only access their own data.
- Anonymous Authentication: The App begins with anonymous authentication, minimizing the data required for initial use.
6.3 Data Retention
All data is retained for as long as your account is active. This includes face scan images, skin analysis history, scanned products, and routine logs.
| Data Type | Retention Period |
|---|---|
| Account data and preferences | Until account deletion |
| Skin photos (face scan images) | Until manually deleted by user or account deletion |
| AI analysis results | Until account deletion |
| Health and habit logs | Until manually deleted by user or account deletion |
| Product data | Until manually deleted by user or account deletion |
| Anonymized analytics | Up to 2 years, aggregated and de-identified |
| Support correspondence | Up to 3 years for legal and fraud prevention purposes |
When you delete your account, all data — including face images from cloud storage — is permanently and immediately deleted with no residual copies retained.
6.4 No Guarantee of Security
While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.
7. Sharing and Disclosure of Your Information
We do not sell your personal information. We may share your information in the following limited circumstances:
7.1 Service Providers
We share data with trusted third-party providers who process data on our behalf under strict data processing agreements:
| Provider | Data Shared | Purpose | Privacy Policy |
|---|---|---|---|
| Supabase, Inc. | All user data, photos, analysis results | Backend infrastructure (auth, database, storage) | supabase.com/privacy |
| RevenueCat, Inc. | User ID, subscription/purchase data | Subscription management | revenuecat.com/privacy |
| Apple, Inc. | Purchase receipts, optional Apple ID | In-app purchase processing; Sign in with Apple | apple.com/privacy |
| AI Processing Services | Anonymized photo data for analysis | Skin and ingredient AI analysis (via Supabase Edge Functions) | Subject to Supabase's subprocessor list |
7.2 Legal Requirements
We may disclose your information if required by law, court order, subpoena, or other governmental request, or to protect the rights, property, or safety of Acnera, our users, or the public.
7.3 Business Transfers
If Acnera is acquired, merged, or undergoes a similar transaction, your information may be transferred to the acquiring entity. We will notify you via App notification or email before your information is subject to a materially different privacy policy.
7.4 With Your Consent
We will share your data for any other purpose only with your explicit, informed consent.
8. Your Privacy Controls
8.1 Access and Correction
You may view and update your account information at any time within the App (Profile section).
8.2 Data Deletion
You may delete specific data points (individual photos, habit logs, journal entries, products) at any time within the App. To delete your entire account and all associated data:
- Go to Profile → Settings → Delete Account within the App.
- Confirm deletion when prompted.
Account deletion is immediate and irreversible. All personal data — including face images from cloud storage — is permanently deleted with no residual copies retained.
Note: Deleting your account does not automatically cancel your Acnera Pro subscription. Cancel your subscription separately in iOS Settings → [Your Name] → Subscriptions.
8.3 Photo Permissions
You may revoke camera and photo library access at any time in iOS Settings → Acnera. Revoking these permissions will disable features requiring camera or photo access.
8.4 Notifications
You may disable push notifications at any time in iOS Settings → Notifications → Acnera.
8.5 Data Export
To request an export of your personal data, email us at support@acnera.app with subject "Data Export Request." We will respond within 30 days.
9. Apple Privacy Manifest Compliance
In accordance with Apple's privacy requirements, we declare the following data practices:
9.1 Data Types Collected and Linked to Identity
The following data types are collected and linked to your user identity:
- Photos and Videos — Used for core app functionality (skin analysis, progress tracking)
- Health and Fitness Data — Used for core app functionality (habit tracking, insights)
- Email Address — Used for core app functionality (account management)
- User ID — Used for core app functionality (account linking)
9.2 Tracking
Acnera does not track users across apps or websites owned by other companies for advertising purposes (NSPrivacyTracking: false).
9.3 Required Reason APIs
- UserDefaults API: Used for storing local app preferences. Reason: CA92.1 (app functionality only).
10. Cookies and Tracking Technologies
The App does not use web cookies. The App may use local device storage (UserDefaults, SwiftData) for app preferences and offline data. No advertising SDKs, behavioral analytics SDKs, or cross-app tracking technologies are used.
11. Data Transfers
Your data is stored on servers located in the United States (us-east-1) using Supabase, a third-party database and storage provider. By using Acnera, you consent to your data being transferred to and processed in the United States.
If you are located in the EEA, UK, or Switzerland, your data is transferred outside these regions under appropriate safeguards:
- Supabase uses Standard Contractual Clauses (SCCs) for international data transfers.
- RevenueCat is certified under applicable data transfer frameworks.
12. Do Not Track (DNT)
Acnera does not respond to Do Not Track browser signals, as the App does not employ cross-site tracking.
13. Your Rights Under GDPR (EEA / UK / Swiss Users)
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
| Right | Description |
|---|---|
| Right of Access | Request a copy of the personal data we hold about you. |
| Right to Rectification | Request correction of inaccurate or incomplete data. |
| Right to Erasure ("Right to be Forgotten") | Request deletion of your personal data. |
| Right to Restriction | Request that we restrict processing of your data. |
| Right to Data Portability | Receive your data in a structured, machine-readable format. |
| Right to Object | Object to processing based on legitimate interests. |
| Right to Withdraw Consent | Withdraw consent for sensitive data processing at any time. |
| Right to Lodge a Complaint | File a complaint with your national data protection authority. |
To exercise these rights, email support@acnera.app with subject "GDPR Rights Request." We will respond within 30 days (extendable by 2 additional months for complex requests, with notice).
Our EU/UK representative for data protection inquiries can be contacted at support@acnera.app.
14. Your Rights Under CCPA / CPRA (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
14.1 Categories of Personal Information Collected (CCPA)
- Identifiers: Name, email address, user ID.
- Characteristics of Protected Classification: Inferred from menstrual cycle data (not actively disclosed).
- Commercial Information: Subscription purchase history.
- Internet or Other Electronic Network Activity: App usage patterns.
- Biometric Information: Facial image data processed for skin analysis (not stored as biometric template — raw photos only).
- Health and Medical Information: Sleep, water intake, stress, menstrual data.
14.2 CCPA Rights
- Right to Know: Request disclosure of the categories and specific pieces of personal information collected, used, disclosed, or sold.
- Right to Delete: Request deletion of your personal information (subject to certain exceptions).
- Right to Opt-Out of Sale: We do not sell your personal information. No opt-out needed.
- Right to Opt-Out of Sharing: We do not share your personal information for cross-context behavioral advertising.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information: You may limit the use of sensitive personal information (health data, photos) to that necessary for providing the requested service.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
14.3 How to Exercise CCPA Rights
Submit a verifiable consumer request to: support@acnera.app (Subject: "CCPA Request") or through the in-app account deletion feature. We will respond within 45 days (extendable by 45 additional days with notice).
15. Children's Privacy (COPPA)
15.1 Age Restriction
Acnera is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age.
15.2 Parental Rights
If you are a parent or guardian and believe your child under 13 has used Acnera or provided personal information, please contact us immediately at support@acnera.app. We will:
- Verify the claim.
- Delete all personal information associated with the child's account.
- Terminate the account.
15.3 Teen Users (13–17)
Users between 13 and 17 should use the App only with parental awareness and consent where required by applicable law. Parents and guardians may contact us to review or delete a teen's account data.
16. Third-Party Links and Services
The App may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the App.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the "Last Updated" date at the top of this page.
- Sending an in-app notification.
- Notifying you via email (if you have provided one).
Your continued use of the App after changes take effect constitutes acceptance of the revised Privacy Policy.
18. Contact Us
For privacy questions, requests, or concerns, contact us at:
Email: support@acnera.app Website: https://www.acnera.app/privacy-policy
We aim to respond to all privacy inquiries within 30 days.