Privacy Policy
Last updated: April 28, 2025
1. Data Controller & ScopeData Controller: Monday Loop, Inc. (“we,” “us,” or “Service Provider”), his Privacy Policy applies solely to the ClearSkin AI iOS application (“Application”). It describes what data we collect, how we use it, with whom we share it, how long we retain it, and your rights under applicable laws (including GDPR and CCPA). By downloading or using the Application, you consent to this policy. If you disagree, please do not use the Application.
2. Categories of Personal Data & Legal Bases (GDPR)
Data Category | Examples | Legal Basis |
|---|---|---|
Account Data | Email address, username, password | Performance of a contract (Art. 6(1)(b) GDPR) |
Facial Images (Biometric Data) | Photos of your face used for skin analysis | Explicit consent (Art. 9(2)(a) & Art. 6(1)(a) GDPR) |
Profile Data | Age range, skin concerns | Consent (Art. 6(1)(a) GDPR) |
Device & Usage Data | Device model, OS version, unique device ID, IP address, crash logs, session data | Legitimate interests (Art. 6(1)(f) GDPR) |
Analytics (Aggregate & Anonymized) | Feature usage metrics, screen views | Legitimate interests (Art. 6(1)(f) GDPR) |
3. How We Collect Your Data
Direct Input: You actively provide account credentials, profile answers, and upload facial images.
Automatic Collection: We gather device and usage data via built-in Apple frameworks and anonymize it before analysis.
4. Purposes of Processing
Core Service Delivery: Analyze skin via Gemini AI, generate tailored routines.
Product Improvement: Debug crashes, optimize performance, enhance user experience.
Communications: Send service notices, updates, and support responses.
Legal & Safety: Comply with court orders, protect rights, prevent fraud or abuse.
5. Facial Image Processing & Storage
On-Device Analysis: Whenever your device meets minimum requirements, analysis runs locally and no image leaves your iPhone.
Server-Side Analysis: Otherwise, images are transmitted over TLS to our AWS servers in the U.S., processed solely for analysis, then archived or deleted per our retention policy.
No Biometric Tracking: We do not perform face recognition, identity verification, or build profiles for any other purpose.
6. Data Sharing & International Transfers
We do not sell or rent your personal data. We only share with:
Service Providers under strict confidentiality:
Gemini AI (Google) for image scoring. Google Privacy
Amazon Web Services for encrypted storage. AWS Privacy
Legal Authorities: to comply with valid subpoenas or court orders.
Safety & Fraud Prevention: to protect users and our rights.
International Transfers: Where EU personal data is transferred outside the EEA (to AWS U.S. servers), we rely on Standard Contractual Clauses approved by the European Commission.
8. Your RightsUnder GDPR (EU) and CCPA (California), you may exercise the following rights:
Access: Confirm whether we process your data and request a copy.
Rectification: Correct inaccurate or incomplete data.
Erasure (“Right to be Forgotten”): Delete your personal data.
Restriction: Temporarily halt processing of your data.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: At any time for processing dependent on consent.
Lodge a Complaint: With your local supervisory authority (e.g., an EU Data Protection Authority).
To exercise these rights, contact us at help@mondayloop.com. We will respond within one month (extendable by two months for complex requests).
9. Security Measures
We implement industry-standard safeguards including:
Encryption: TLS in transit, AES-256 at rest.
Access Controls: Role-based access for authorized personnel only.
Audits & Testing: Regular vulnerability assessments and penetration tests.
10. Children’s Privacy
The Application is not intended for children under 4. We do not knowingly collect data from minors. If you believe a child under 4 has provided personal data, please contact us for immediate deletion.
11. Changes to This Policy
We may update this policy at any time. The “Last updated” date at the top reflects the current version. Material changes will be communicated via in-app notice or email.
12. Contact
General Questions / Data Requests: help@mondayloop.com
We’re committed to resolving any privacy concerns you may have, thank you for trusting ClearSkin AI.