SkinBuddy Privacy Policy

Effective Date: February 23, 2026

1. Introduction

SkinBuddy is a project of D-Labs FZCO, a company based in Dubai, United Arab Emirates. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our app and related websites. Where required by applicable law (including the GDPR and similar laws), we process personal data only on a valid legal basis (such as your consent, performance of a contract, compliance with legal obligations, or our legitimate interests).

2. Information We Collect

We collect the following information to provide and improve our services:

• User Profile Data: Including selected skin concerns to offer personalized skincare recommendations.
• Email Address: To identify and manage user accounts.
• IP Addresses: For security purposes to prevent unauthorized access and service abuse.
• Device and Usage Data (as applicable): Information about how you use the app and your device/browser (for example, app events like feature usage, approximate location derived from IP address, device identifiers, and advertising identifiers where available), particularly when you consent to marketing or analytics technologies.

We do not store security tokens that are issued during the magic sign-in process. Payment card details are processed by third-party payment processors and are not stored by us.

3. Purpose of Data Collection

We use the information collected to:

• Provide personalized skincare and makeup product recommendations.
• Enhance security and prevent unauthorized access or abuse of our services.
• Manage user accounts, including subscription management and support.
• Measure and improve marketing performance (for example, attribution and conversion measurement) and deliver marketing/advertising, where permitted by law and based on your choices and consent where required.

4. Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. Despite these measures, no security system is impenetrable, and we cannot guarantee absolute security.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience and support our marketing efforts. These include:

• Essential Cookies: Necessary for basic site functionality and user security. These cannot be disabled.

• Marketing/Analytics Cookies: Used for attribution, advertising, and analytics. We currently use:

  • Meta Pixel (Facebook/Instagram)
  • TikTok Pixel

These tools help us measure the effectiveness of campaigns, understand usage, and improve our services. Where required by applicable law (including the GDPR and ePrivacy rules), these marketing/analytics cookies are only activated if you give explicit consent via the cookie banner when visiting our websites.

You may choose to accept or decline non-essential cookies at any time. Your preferences can be changed through the cookie settings available at the bottom of the page or via the banner.

| For more details, please see our Cookie Policy.

6. Third-Party Service Providers and Data Disclosure

We may use third-party service providers to help us operate, secure, and market the app. When we use service providers, we share personal data only as necessary for the purposes described in this Privacy Policy and subject to appropriate safeguards.

• Payment processing: We use third-party payment processors (such as Stripe) to process subscription payments. We do not store full payment card details on our servers.
• Marketing and attribution: We may use the TikTok and Meta (Facebook/Instagram) SDKs and related technologies to measure ad performance (for example, conversions and attribution) and to improve our marketing. Where required by law, this processing is based on your consent and you can withdraw consent at any time.
• Legal and compliance: We may disclose information if required to do so by law, regulation, legal process, or valid request by public authorities, or to protect the rights, property, and safety of SkinBuddy, our users, or others.

We do not sell your personal information in exchange for money. However, some privacy laws (such as certain U.S. state laws including the CCPA/CPRA) may define “sale” or “sharing” broadly to include certain marketing or advertising disclosures. Where applicable, you may have the right to opt out of such “sale” or “sharing” as described in the User Rights section below.

7. User Rights

Depending on where you live, you may have certain data protection rights under laws such as the GDPR (EEA/UK) and the CCPA/CPRA (California). These may include:

• Right to Access / Know: Request information about and a copy of your personal data.
• Right to Rectification: Request correction of inaccurate or incomplete data (where applicable).
• Right to Deletion: Request deletion of your personal data. You may also delete your account directly from within the app by going to the Settings page and selecting Delete Account. This action is permanent and will remove all associated data from our servers, subject to limited legal retention needs.
• Right to Restrict Processing: Request that we limit the processing of your personal data (where applicable).
• Right to Data Portability: Request to receive your data in a portable format and/or transfer it to another provider (where applicable).
• Right to Object: Object to certain processing (including, in some cases, processing based on legitimate interests).
• Right to Withdraw Consent: Where we rely on consent (for example, for marketing/analytics cookies or SDK-based tracking), you can withdraw consent at any time. Withdrawing consent will not affect the lawfulness of processing before withdrawal.
• Right to Opt Out of Sale/Sharing: Where applicable under certain U.S. state laws, you may have the right to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. On the web, you can do this by declining or disabling marketing/analytics cookies via the cookie banner/settings. On mobile, you can do this through your device and platform privacy controls (for example, tracking permissions where available and advertising identifier settings).
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

To exercise these rights, please contact us at [email protected]. We may need to verify your request before completing it. If you are in the EEA/UK, you may also have the right to lodge a complaint with your local supervisory authority.

8. Data Retention

We retain your personal data as long as your account is active or as needed to provide you with our services. If you close your account, we will delete your personal data unless we need to retain it to comply with legal obligations or resolve disputes.

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be effective upon posting on the app, and users will be notified of significant changes via email or in-app notifications. Continued use of the app following any changes constitutes acceptance of the new policy.

10. Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates, without regard to conflict of law principles.

11. Contact Information

For any questions or concerns regarding this Privacy Policy or to exercise your data rights, please contact us at [email protected].