Privacy Policy

Last updated: April 21, 2026

Scan Girl ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use the Scan Girl mobile application and website (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account information: email address, name, date of birth, gender.
  • Profile data: skin type, skin concerns, skincare preferences.
  • Face images: standard facial photos you capture or upload for skin analysis. We do not extract, store, or use any biometric identifiers, face embeddings, face-recognition templates, or FaceID/ARKit data. We only handle the raw image.
  • Communications: messages you send to our support team.

1.2 Information Collected Automatically

  • Device information: device type, operating system, unique device identifiers.
  • Usage data: features used, interaction patterns, timestamps.
  • Log data: IP address, browser type, referring pages, crash reports.

2. How We Use Your Information

We use your information to:

  • Provide and operate the Service, including AI-powered skin analysis.
  • Personalize your experience and skincare recommendations.
  • Track your skin progress over time.
  • Communicate with you about the Service (updates, support).
  • Improve and develop new features.
  • Ensure the security and integrity of the Service.
  • Comply with legal obligations.

3. How We Process Your Face Images

The face images you capture in the app are used solely to provide AI-powered skin analysis. They are never used for identification, tracking, advertising, or user profiling.

3.1 Processing flow

  • Your face image is uploaded from the app over an encrypted connection (HTTPS/TLS).
  • The image is temporarily stored on Cloudflare (our infrastructure provider) for the sole purpose of transferring it to our AI provider.
  • The image is then sent to OpenAI together with a specific prompt, using a model fine-tuned on common skin concerns (e.g. blemishes, redness, dryness), in order to produce the skin analysis displayed to you.
  • Once the analysis is returned, the image is deleted from our Cloudflare storage. We do not keep a copy on our servers after the request completes.
  • OpenAI processes the image under its API data policy and does not retain it for training.

3.2 What we do not do

  • We do not use face recognition, biometric identification, or face embeddings.
  • We do not share your face images with any third party other than the AI provider named above.
  • We do not use your face images for advertising or to train any model.

4. Data Sharing

We do not sell your personal data. We may share your information with:

  • Service providers: hosting, analytics, and payment processors that help us operate the Service, under strict data protection agreements.
  • AI analysis partner (OpenAI): your face images are shared with OpenAI solely for the purpose of skin analysis. OpenAI does not use the images for model training and does not retain them after processing.
  • Infrastructure provider (Cloudflare): images are temporarily stored on Cloudflare only to be transferred to OpenAI, then deleted.
  • Legal requirements: when required by law, regulation, or legal process.
  • Business transfers: in the event of a merger, acquisition, or sale of assets.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time. After deletion, we may retain certain data for a limited period to comply with legal obligations.

6. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption, access controls, and regular security assessments. However, no method of transmission or storage is 100% secure.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent at any time.

To exercise these rights, contact us at contact@floai.me.

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected such data, we will delete it promptly.

9. Third-Party Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Cookies & Tracking

Our website may use cookies and similar technologies to improve your experience and collect analytics data. You can manage your cookie preferences through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service. Your continued use after changes constitutes acceptance.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at: contact@floai.me