Privacy Policy – Clearface

Clearface ("Clearface", "the App", "we", "our") is a mobile application for iOS and Android that helps people understand product ingredients and track skin patterns associated with rosacea. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

Plain-language summary

        You sign in with Apple, Google, or an email and password.
We store your profile, diary entries, and scanned products in our cloud database (Supabase) so they sync across your devices.
We don't sell your data, run ads, or use third-party analytics or tracking SDKs.
You can delete your account and all associated data at any time from inside the app.
Clearface is not a medical device. Information shown is educational, not medical advice.

      

1. Information We Collect

1.1 Account Information

When you create an account, we collect the following depending on your sign-in method:

Sign in with Apple: Apple User ID, your name (if you choose to share), and your email address (which may be an Apple private relay address).
Sign in with Google: Google account ID, name, email address, and profile picture URL.
Email and password: the email address and password you provide. Passwords are hashed by our authentication provider and we never see the plaintext.

1.2 Profile Information

During onboarding, you provide:

First name (or any display name you choose)
Rosacea subtype (Type 1–4)
Severity level (Mild, Moderate, Severe)
Known triggers (e.g. sun exposure, spicy food, stress)

1.3 Diary Entries

When you log a diary entry, we store:

Date and time
Flare level (Flare-free, Mild, Moderate, Severe)
Selected triggers
Stress level
Suspected items (food, drink, skincare, makeup, medication, or other items you believe may have contributed to a flare)
Notes you write

1.4 Scanned Products

When you scan a product barcode, we store:

Product name, brand, and category
Ingredient list
Educational ingredient notes generated from your profile
Your personal shelf label (Safe, Use with caution, Avoid)

1.5 Location Data

If you grant location permission, we use your approximate location (city-level accuracy) only to fetch the current UV index for your area. Your coordinates are sent to the Open-Meteo weather API at the time of the request and are not stored by Clearface.

1.6 Camera Access

We access your device camera solely for scanning product barcodes. No photos or images are captured, stored, or transmitted.

1.7 Diagnostic Data (Crash and Error Reports)

To improve app stability, Clearface uses Sentry as a crash and error reporting service. When the App encounters an unexpected error or crash, Sentry receives diagnostic information including the stack trace, app version, operating system version, and device model. Sentry does not receive personally identifying information, email addresses, IP addresses, or any data you have entered into the App (such as diary entries or scanned products). This data is used solely to debug and fix problems in the App.

1.8 Information We Do Not Collect

We do not collect device identifiers for advertising, browsing history, contacts, microphone audio, or any data not listed above. We do not use third-party analytics or tracking SDKs. Sentry, used for crash reporting, is not used for analytics, advertising, or user tracking.

2. How Your Data Is Stored

Your profile, diary entries, and scanned products are stored:

In our cloud database hosted by Supabase (a managed PostgreSQL service). This allows your data to sync across multiple devices when you sign in.
Locally on your device as a cache for offline access and faster startup, using your platform's secure local storage.

Each user's rows are isolated from other users' rows by row-level security policies in our database, so your records can only be read or modified by you when you are signed in.

Authentication tokens (used to keep you signed in) are stored in your device's secure local storage by our authentication provider's client library.

3. Third-Party Services

Clearface relies on the following third-party services to operate. Each is bound by its own privacy policy.

Service	Purpose	Data Sent	Policy
Supabase	Authentication and cloud database (data processor)	Account information, profile, diary entries, scanned products	Supabase
Apple Sign In	Optional sign-in method	Apple manages this process	Apple
Google Sign In	Optional sign-in method	Google manages this process; we receive your basic profile and email	Google
Vercel	Hosting for clearface.app and the OAuth bridge page that returns you to the app after sign-in	Standard web request data (IP address, user agent) at the moment of the request	Vercel
Open Food Facts	Product / ingredient lookup	Barcode number only	OFF
Open Beauty Facts	Cosmetic / skincare lookup	Barcode number only	OBF
Open-Meteo	UV index data	Approximate latitude / longitude at the moment of the request	Open-Meteo
Sentry	Crash and error reporting (data processor)	Diagnostic data only: stack traces, app version, OS version, device model. No personally identifying information, email addresses, IP addresses, or user content.	Sentry

We do not share, sell, or rent your personal data to any third party for marketing purposes. We do not use advertising networks.

4. Data Retention

We keep your data for as long as your account exists. You can delete your data at any time by:

Deleting your account in-app via Profile > Delete Account. This permanently removes your profile, diary entries, scanned products, and authentication record from our cloud database, and clears the local cache on your device.
Emailing us at support@clearface.app from the email associated with your account. We will complete the deletion within 30 days.
Deleting the App from your device. This removes the local cache; your account record on our servers is preserved until you delete the account.

Backups in our database provider's infrastructure are retained for up to 30 days after deletion, after which they are permanently overwritten.

5. Data Security

We protect your data through:

Encryption in transit: all communication between the App and our servers uses TLS (HTTPS).
Encryption at rest: databases are encrypted at rest by our cloud provider.
Row-level security: database policies enforce that each user can only access their own rows.
Hashed passwords: if you sign up with email and password, your password is hashed and salted by our authentication provider; we cannot see it.
No advertising or tracking SDKs.

No method of transmission or storage is 100% secure. We work to protect your information but cannot guarantee absolute security.

6. International Data Transfers

Our servers and processors may store and process your data outside your country of residence, including in the European Union, the United Kingdom, and the United States. Where required by law, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

7. Children's Privacy

Clearface is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at support@clearface.app and we will promptly delete it.

8. Your Rights

You have the following rights with respect to your personal data:

Access: see your data inside the App (Profile, Diary, Products) or request a copy by emailing us.
Correction: edit your profile, triggers, diary entries, and product shelf labels at any time inside the App.
Deletion: delete your account and all associated cloud data via Profile > Delete Account, or by emailing us.
Portability: request a machine-readable export of your data by emailing us.
Objection / Restriction: ask us to limit how we process your data.

If you are in the European Economic Area or the United Kingdom (GDPR / UK GDPR)

You can exercise the rights above and you have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office at ico.org.uk). Our legal basis for processing your data is your consent (granted when you create an account) and our legitimate interests in providing the App's features.

If you are a California resident (CCPA / CPRA)

You have the right to know what personal information we collect, request deletion of that information, and opt out of any "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell or share your personal information.

9. Account Deletion

You can delete your account directly inside the App at Profile > Delete Account. Doing so will:

Permanently remove your profile, diary entries, and scanned products from our cloud database;
Delete your authentication record so you can no longer sign in with that account;
Clear the local cache on your device.

If you cannot access the App, you can also email support@clearface.app from the address associated with your account to request deletion. We will complete the deletion within 30 days.

10. Health Information Disclaimer

Clearface collects health-related information (rosacea subtype, severity, flare history, triggers, scanned product responses). This data is used solely to personalise the App's educational ingredient notes and tracking features. Clearface is not a medical device, does not diagnose or treat any condition, and the information shown is not medical advice. Always consult a qualified healthcare professional for medical questions.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this policy and, where appropriate, by an in-app notice. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your rights:

Email: support@clearface.app
Website: https://clearface.app/support