Privacy Policy

Drop Skincare LLC (“Drop Skincare,” “Drop,” “we,” “us,” “our”) is a skincare guidance app that helps you understand the products you already own, build a routine, and decide whether to add more. We cite the studies behind every ingredient flag we surface.

This Privacy Policy explains what data we collect, what we do with it, and the choices you have. It applies to:

• The Drop Skincare mobile app (iOS and Android).
• The website at drop-skincare.com, including public sharing pages and the logged-out compatibility checker.

Contact us:

• Privacy questions: privacy@drop-skincare.com.
• General support: support@drop-skincare.com.
• Mailing address: Drop Skincare LLC, [FOUNDER: needs Georgia business address from D-035 LLC formation — registered-agent address per founder’s selection at week -6].

We are based in Georgia, United States (single-member LLC). We process data globally where our subprocessors operate (see Section 6).

We collect what we need for the app to work, and nothing more.

2.1 Required for app function

• Account identifier — an email address, an Apple ID, or a Google ID, depending on which sign-in method you choose.
• Handle — a public-facing username you pick at signup.
• Skin profile— skin type, top concerns, sensitivities, age range (banded — we don’t collect exact date of birth), and pregnancy or breastfeeding status. The pregnancy and age fields are used only to exclude ingredients that aren’t appropriate for those contexts — not for advertising or recommendations.
• Inventory — products you tell us you own or have used.
• Routines — the morning and evening routines we build with you and any edits you make.
• Empties and wishlist— products you’ve finished and products you’d like to try.
• Effectiveness logs — when you started using a product and any check-in entries.
• Compatibility check history — recent results of the compatibility checker (saved for rate-limiting and so you can revisit recent checks).
• Affiliate click events — when you tap a recommendation link to a retailer. We log that the click happened so we can track revenue. We do not share your identity with the retailer beyond a pseudonymous link.

2.2 Optional, only with your explicit consent

• Photos for skin tracking. By default, photos stay on your device.Cloud sync is an opt-in toggle; if you don’t enable it, we never receive your photos.
• Geolocation if you enable Climate Mode (a future feature, not in V1). Coarse precision only, never your exact location.
• Push notification token, if you say yes to the iOS or Android notification prompt.
• Optional gender identity, defaulted to “prefer not to say.” If you choose to share this, it’s used only for aggregate analytics; it is never used to filter recommendations or personalize the routine engine.

2.3 What we never collect

• Your exact date of birth (we use age ranges).
• Your real name (handles only).
• Your home or shipping address.
• Your phone number (we don’t use phone-based auth).
• Government IDs.
• Browsing history outside our app.
• Voice or biometric data.
• Health data from Apple Health or Google Fit (not in V1; if added later, with explicit consent).
• Data from third-party advertising or tracking SDKs (we don’t install any).

2.4 Inventory-input photos (shelf and single-product photos)

Different from skin-tracking photos. When you photograph your shelf or a single product to add it to your inventory, the photo is transient:

• The photo bytes are sent to our LLM provider (Anthropic) for the duration of the API call to extract product names. EXIF metadata is stripped before the call.
• Anthropic does not retain the photo after the call and does not train its models on API inputs (per their published API policy).
• We retain only the structured output (the product names recognized).
• We do not store the photo bytes on our servers.

This is surfaced to you at the moment you take your first shelf photo, not buried in settings.

• Account auth and core function — to give you a working app: routines, inventory, empties, wishlist, compatibility checks, effectiveness check-ins.
• Hard safety rules— pregnancy, breastfeeding, and age data filter the ingredients we recommend so you don’t see something contraindicated for your situation.
• Affiliate revenue — when you tap a recommendation link, we log the click so we know which recommendations earn revenue. We earn a commission when you buy through these links, at no extra cost to you. We never accept payment to recommend products.
• Product analytics(anonymized event counts, feature usage) — to understand which features people actually use, so we can improve the ones that matter and remove the ones that don’t. Processed by PostHog Cloud (EU region) under a Data Processing Agreement. Opt-out is available under Settings → Privacy.
• Customer support — to answer your emails about your account.

We do not use your data for:

• Advertising of any kind.
• Targeted product recommendations based on demographic data.
• Selling, leasing, or sharing your data with anyone for their own marketing.
• Training AI models on your photos or content (without separate, explicit consent).

If you’re in the European Union, the European Economic Area, or the United Kingdom, GDPR and the UK GDPR apply. We rely on the following lawful bases:

• Contract (Art. 6(1)(b)) — processing necessary to provide the app: auth, inventory, routines, compatibility checks, etc.
• Consent (Art. 6(1)(a)) — photo cloud sync, push notifications, geolocation, marketing emails (if any).
• Legitimate interest (Art. 6(1)(f)) — pseudonymous product analytics (you can opt out), fraud prevention, and rate limiting on the public compatibility checker.

Special category data:skin condition information and pregnancy status may qualify as “health data” under GDPR Art. 9. We process them on the basis of your explicit consent, captured during onboarding (“we’ll use this to give you safer recommendations”). You can opt out of these fields and continue using the app with reduced personalization.

Whatever country you’re in, you have these rights. EU/EEA, UK, and California users have formal legal rights backing them; we extend the same controls to everyone.

California (CCPA/CPRA):you have the rights above plus the right to opt out of “sale” or “sharing” of personal information. We don’t sell or share your data for cross-context behavioral advertising — the opt-out is honored by default. A “Do Not Sell or Share My Personal Information” link appears in the website footer.

We respond to verified rights requests within 30 days (typically much faster).

We use a small set of subprocessors to run the service. We do not sell, lease, or share your data with anyone for their own marketing purposes.

International data transfersfor EU/EEA and UK users: where data leaves the EU/EEA, we rely on Standard Contractual Clauses with our subprocessors and PostHog’s EU residency for analytics.

• Active accounts — while your account is active and for as long as needed to provide the service.
• Deleted accounts — soft-deleted immediately when you click delete; fully purged from primary databases within 30 days. Backups age out within 90 days.
• Anonymous compatibility checker history — 30 days, then deleted.
• Event analytics — 6 months, then deleted or aggregated to anonymous counts.
• Affiliate click history — retained as anonymized aggregates for revenue accounting.

We do not knowingly collect data from anyone under 13. The app is rated 12+ in the App Store. Onboarding asks for an age range; selecting an under-13 range blocks signup with a polite message (“Drop is for users 13 and older”). Selecting under-18 enables age-appropriate ingredient filtering (no retinoids, etc.) without affecting your ability to use the app.

If you believe a child under 13 has signed up, email privacy@drop-skincare.com and we will delete the account.

• Encryption in transit — TLS 1.3 for all network traffic.
• Encryption at rest — handled by our infrastructure provider (Supabase) for the database and object storage.
• Auth — Apple Sign In, Google Sign In, or email magic-link via Supabase Auth. We do not store passwords ourselves.
• Principle of least privilege — only the systems that need access to a piece of data have it. Row-level security in the database scopes per-user data to its owner.
• No credentials in the client app — secrets stay on the server.
• Subprocessor incidents— if any subprocessor reports a breach affecting your data, we’ll notify you per the timeline GDPR requires (without undue delay, and at most 72 hours for material breaches).

We don’t use advertising or behavioral tracking cookies. We don’t run Google Analytics, the Facebook Pixel, or any ad-tech script.

• Session cookies — standard cookies that keep you logged in if you have an account.
• Pseudonymous product analytics — PostHog Cloud (EU region) loads on the public compatibility checker page (/check) and on public sharing pages to count feature usage. An opt-out toggle is available in the app’s Settings → Privacy.
• EU consent banner— shown to EU/EEA visitors as a courtesy; even though we don’t use tracking cookies, transparency matters.

If we change this policy in any material way, we’ll:

1. Update the “Last updated” date at the top.
2. Notify active users by email (via Resend) at least 14 days before the change takes effect.
3. Post a notice in the app’s “What’s new” surface.

For minor changes (typo fixes, link updates), we’ll just update the page.

• Privacy questions and rights requests: privacy@drop-skincare.com.
• Postal mail: Drop Skincare LLC, [FOUNDER: needs Georgia business address from D-035 LLC formation — registered-agent address per founder’s selection at week -6].
• EU/UK representative:V1 launch is US-only. Article 27 EU representative is not designated at V1 launch. We’ll revisit at the V2 region split when EU/UK targeting becomes intentional. EU/EEA users who reach the app organically retain their GDPR rights under Section 5; we rely on Standard Contractual Clauses for international transfers per Section 6.

We respond within 48 hours for general questions and within 30 days for formal rights requests.