Privacy Policy

This Privacy Policy ("Policy") explains how BeautySync Corp., a company registered in the Province of Alberta, Canada (“we”, “us”, “our”), collects, uses, stores, transfers, and protects the personal data of users (“User”, “you”) in connection with the use of the website www.beautysync.ai and all associated services (“Website”, “Service”).

We recognize the importance of privacy and are committed to processing personal data in good faith and in compliance with applicable laws, including but not limited to:

• PIPEDA (Canada)
• GDPR (European Union)
• CCPA (State of California, USA), if applicable

This Policy applies to all users who interact with our Service, including visiting the Website, registering an account, uploading photographs, making payments, subscribing, and using BeautySync’s analytical tools.

By using our Website and Service, you acknowledge that you have read, understood, and agreed to the terms of this Policy and consent to the processing of your data as described below.

We collect various categories of data necessary to provide and improve our Service. This data may be provided directly by you (e.g., during registration or when uploading photos) or collected automatically through your interaction with the Website.

2.1 Personal Information

We may request and store the following personal data:

• First and last name (if provided)
• Email address
• Age
• Gender
• Location (city, country, ZIP/postal code)
• Interface language
• Social media account (if using third-party login)

2.2 Photographs and Visual Data

• 4 user-uploaded photos: front, left side, right side, and back (including visible neck and shoulders)
• Additional images if the user undergoes repeat analysis
• Photos of food, body, hair, and other visuals within optional modules (e.g., SmartBody, Hair Analysis)

Important: All images are processed strictly for analysis purposes and are not published or shared without user consent.

2.3 Questionnaire Data

• Information about skin type and condition
• Skincare goals or concerns (e.g., breakouts, dryness, wrinkles)
• Lifestyle factors (e.g., stress, sleep, diet)
• Hormonal indicators (e.g., menstrual cycle, pregnancy, contraception)
• History of cosmetic procedures (e.g., peels, injections, lasers)
• Current skincare products and routines

2.4 Payment Data

• Information related to payment transactions (processed via gateways like Stripe)
• Note: We do not store credit card numbers, CVC codes, or other sensitive payment credentials. These are processed directly by the payment provider.

2.5 Technical Information

• IP address
• Device and browser type
• Operating system
• Screen resolution
• Time and duration of visit
• Referral sources (e.g., from ads)
• Pages visited on the Website

2.6 Cookies and Similar Technologies

We collect data through cookies and tracking pixels, as detailed in our separate Cookie Policy.

The data we collect is used strictly within the functionality of the BeautySync Service and is not shared with third parties unless specified in this Policy. We process users' personal data solely for the following purposes:

3.1 Core Service Delivery

• Performing automated skin and visual data analysis
• Generating personalized skincare recommendations
• Creating an individualized 30-day care plan
• Shipping skincare boxes (if ordered)

3.2 Subscription and Payment Management

• Managing user accounts
• Confirming payments and activating access to paid features
• Notifying users about subscription expiration or renewal

3.3 Communication with Users

• Sending notifications (via email or in-app)
• Responding to support inquiries
• Reminders to upload new photos and monitor progress

3.4 Service Improvement

• Analyzing user behavior on the Website
• Testing and launching new features
• Enhancing algorithm accuracy using anonymized data

3.5 Advertising and Marketing (only with consent)

• Personalizing marketing content
• Informing users about new products and modules
• Conducting surveys and research

Users can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting customer support.

3.6 Legal Compliance

• Complying with legal obligations
• Responding to lawful requests from government authorities
• Ensuring platform security and preventing fraud

4.1 User Consent (Art. 6(1)(a) GDPR)

We request your consent for:

• Uploading and processing your photographs
• Submitting questionnaire data
• Receiving marketing communications
• Setting non-essential cookies

You may withdraw your consent at any time by contacting customer support or adjusting your settings.

4.2 Performance of a Contract (Art. 6(1)(b) GDPR)

Data processing is necessary to fulfill our contractual obligations under the BeautySync Terms of Use

• Providing skin analysis
• Delivering personalized recommendations
• Processing payments
• Managing your subscription

4.3 Legitimate Interests (Art. 6(1)(f) GDPR)

We may process data to:

• Improve the quality of our service
• Protect against fraud
• Conduct technical analysis of user behavior (e.g., using analytics tools), provided these do not override your fundamental rights and freedoms

4.4 Legal Obligations (Art. 6(1)(c) GDPR)

In certain cases, we may be required to retain or disclose information to:

• Comply with tax or financial regulations
• Respond to lawful requests from regulatory authorities

For users outside the EU (e.g., in Canada or the U.S.), we apply equivalent principles of fair and lawful data processing in accordance with local laws such as PIPEDA, CCPA, and others.

5.1 Data Storage Location

• All data, including photos, questionnaires, and technical information, is stored on secure servers located in Canada and/or the United States.
• Processing may be performed through trusted cloud platforms (such as Amazon Web Services, Google Cloud, etc.) certified under security standards such as ISO 27001, SOC 2, and others.

5.2 Security Measures

We employ the following cybersecurity measures:

• Encryption of personal data during storage and transmission (TLS/SSL)
• Restricted access to data (authorized personnel and analytical modules only)
• Access log audits and system monitoring
• Regular updates of server software and infrastructure
• Protection against DDoS attacks and intrusions via firewalls and anti-bot systems

5.3 Data Retention Periods

• Photos: Stored for up to 90 days from upload unless reused for progress tracking; automatically deleted afterward
• Questionnaire and analytical data: Retained for up to 3 years unless a deletion request is submitted
• Payment and transaction data: Stored in accordance with tax and financial regulations (typically up to 7 years)
• Anonymized aggregate data: May be retained indefinitely for research purposes

5.4 Incident Response

In the event of a data breach, we will:

• Immediately block access and initiate an internal investigation
• Notify regulatory authorities within legally required timeframes
• Inform affected users, where applicable

6.1 Payment Providers

To process payments, we use third-party payment gateways (e.g., Stripe), which handle payment information directly. We do not store credit card numbers or other sensitive credentials.

6.2 Analytics and Marketing Services

• Google Analytics – for analyzing user behavior and improving the interface
• Facebook Pixel / Meta Pixel – for measuring ad effectiveness and retargeting (if enabled)
• Hotjar or similar services – for visual behavioral analysis (e.g., heatmaps, clicks, scroll tracking)

These services may use cookies or other identifiers. For details, see our Cookie Policy.

6.3 AI API Providers

To process images and generate recommendations, we may use secure API channels of third-party AI providers (e.g., OpenAI, Google Cloud Vision API). Data is transmitted in encrypted form and is not used by these services for model training unless separate consent is provided.

6.4 Cloud Storage and Content Delivery Providers

Data servers may be hosted by companies such as Amazon Web Services (AWS) or Google Cloud.

6.5 Legal and Regulatory Authorities

We may disclose personal data:

• If legally required or ordered by a court
• For tax or financial audits
• To protect our legal interests, rights, or security

6.6 Contracted Partners and Contractors

Trusted contractors working under agreement with BeautySync (e.g., IT developers, analysts, support staff) may receive temporary, limited access to data necessary for specific tasks. All such access is subject to signed confidentiality agreements (NDAs).

We never share your personal data for bulk marketing, spam, or resale to third-party companies.

8.1 Right to Access

You have the right to request a copy of all personal data we hold about you, as well as information on how and why we process it.

8.2 Right to Rectification

You may request corrections or updates to your personal data if it is inaccurate or incomplete.

8.3 Right to Erasure ("Right to Be Forgotten")

You may request the deletion of your personal data, including photos, recommendations, and questionnaire data, if:

• the data is no longer necessary for the purposes it was collected;
• you withdraw your consent;
• the data was processed unlawfully.

Note: In some cases, we are legally required to retain certain data (e.g., transaction records) for a defined period.

8.4 Right to Restrict Processing

You may temporarily block the processing of your data (e.g., if you dispute its accuracy or the legality of processing).

8.5 Right to Data Portability

Where applicable (e.g., under GDPR), you may request your data to be exported in a machine-readable format.

8.6 Right to Withdraw Consent

If data is processed based on your consent (e.g., uploading photos, receiving newsletters), you can withdraw it at any time without affecting the lawfulness of processing already performed.

8.7 Right to File a Complaint

If you believe your rights have been violated, you may file a complaint with:

• In Canada — Office of the Privacy Commissioner of Canada (OPC)
• In the EU — the supervisory authority of your residence
• In California — the California Consumer Protection Agency (CCPA)

How to Exercise Your Rights

Please send your request to support@beautysync.ai with the subject line “Data Access/Deletion/Correction Request.” We will process your request within 30 days unless otherwise required by law.

9.1 Account and Data Deletion

You may request:

• Deletion of your account
• Deletion of all previously uploaded photos
• Deletion of questionnaire and analytical data
• Cancellation of your subscription and termination of data processing

To do so, send a written request to support@beautysync.ai, including the email address used during registration.

Deletion timeline: All data will be deleted within 7 business days of identity confirmation, unless retention is legally required (e.g., for financial reporting).

9.2 Partial Data Management

You may:

• Update or edit questionnaire data in your profile
• Upload new photos to refresh your recommendations
• Unsubscribe from marketing emails by clicking “unsubscribe” in any email
• Adjust cookie preferences via the banner or your browser settings

9.3 Exceptions

We may retain certain data if necessary for:

• Completing financial transactions
• Complying with tax or legal obligations
• Protecting against fraud or spam

In such cases, the data is blocked from operational use and deleted after the legally required retention period.

10.1 Age Restrictions

BeautySync is intended for use by adults aged 18 and older. However, the platform may be used by minors aged 13 to 17 under the following conditions:

• Registration is completed with the consent of a parent or legal guardian
• The user confirms that accurate age information was provided during registration
• Recommendations for minors are adapted to account for teenage skin characteristics, age, sensitivity, and ingredient restrictions

10.2 Parental Consent

If we discover that data from individuals under 18 has been collected without appropriate consent, we reserve the right to:

• Delete the account and all associated data
• Contact the parent or guardian to obtain retrospective consent, if necessary

10.3 Legal Compliance

We comply with data protection laws regarding minors, including:

• PIPEDA (Canada)
• GDPR (EU) — specifically regarding the processing of children's data
• COPPA (USA) — applies to users under 13 (currently, users under 13 are not allowed on BeautySync)

If you are under the age of 13, you are not permitted to use the BeautySync service.

11.1 Update Procedure

• The updated version of the Policy will be published on this page with the date of the latest revision
• In the event of significant changes (e.g., related to third-party data sharing, new processing purposes, etc.), we may notify you by email or via the Service interface

11.2 Effective Date of Changes

• Changes take effect upon publication of the new version on the Website, unless otherwise stated
• Continued use of the Service after such changes indicates your acceptance of the updated Policy
• We recommend reviewing this Privacy Policy periodically to stay informed about any updates