The short version: your skin logs, notes and health data stay on your device. We have no servers storing your diary and we never sell or share your data. The only time information leaves your device is to power specific features you choose to use — like the weather card and the AI trigger report — and even then we send the minimum needed and keep nothing tied to your identity.
Skintrics is designed to keep your health data private. Here is exactly what we collect and don't collect:
All the data you enter into Skintrics — your skin logs, exposures, food logs, notes, severity ratings and the data used to build a GP export — is stored on your iPhone using Apple's SwiftData framework. We do not operate a database that holds your diary, and we cannot read your logs.
If you enable iCloud backup on your device, Apple may back up this data as part of your standard iCloud app backup. This is governed by Apple's privacy policy, not ours.
The exceptions — where small amounts of data are sent off your device to deliver a specific feature — are listed in sections 4 and 5. These transmissions are used only to return a result to you; we do not build a profile of you from them.
If you delete your account from within the app, or delete the app from your iPhone, all locally stored data is permanently removed from your device. This cannot be undone and your data cannot be recovered. We recommend exporting your logs (Profile → Export my data) regularly to keep a backup.
Skintrics Premium can generate an AI-written report about a suspected trigger. When you tap a trigger to open its report, the app sends a request to our own secure service (hosted on Cloudflare), which in turn uses a third-party AI provider (OpenAI) to generate the text.
The request contains only a small, de-identified summary needed to write the report:
It does not send your name, email, individual diary entries, notes, photos, location or any identifier. The report is generated on demand and shown only to you. Our service does not keep a database of your reports and does not build any profile of you from them. Like most web services, our infrastructure provider (Cloudflare) may process standard short-lived operational logs to keep the service running. OpenAI processes API requests to return a result and, under its API terms, does not use this data to train its models.
Skintrics uses the following third-party services:
Skintrics is operated from the United Kingdom and is subject to UK GDPR. Because your diary data is stored on your own device and not collected by us, we act as a data processor only for the limited feature requests described above, which we process on the basis of your consent and to perform the service you have requested.
You have the right to access, correct, export and delete your data. Because your data is held locally, you can exercise these directly in the app at any time (export and delete are built in). The AI report feature sends data to providers outside the UK; by using that feature you consent to this transfer, which is carried out under the providers' own safeguards.
Skintrics is not directed at children under the age of 13. We do not knowingly collect any information from children.
If we make material changes to this privacy policy, we will update the date at the top of this page. Continued use of the app after any changes constitutes acceptance of the updated policy.
If you have any questions about this privacy policy, please contact us at hello@skintrics.app.