Privacy Policy

Last updated: April 18, 2026

Lua ("we", "us", "our") is a skincare routine tracker app built by LUA. Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights.

What Data We Collect

• Skin profile data: Your skin type, concerns, goals, age range, and analysis scores. Stored locally on your device.
• Routine data: Products and routines you set up. Stored locally on your device.

Face Data Collection and Use

Lua collects face data (photos of your face) to provide skin health analysis. Below is a detailed explanation of how face data is handled:

• What face data is collected: Lua captures front-facing photos of your face using your device's camera. These photos are used solely for AI-powered skin condition assessment (evaluating hydration, complexion, texture, fine lines, and dark circles). No biometric identifiers, facial geometry maps, or facial recognition data is extracted or created.
• Skin analysis photos: When you perform a skin scan (during onboarding or a quick scan), your photos are held temporarily in your device's memory, sent to our AI provider (Anthropic) for analysis, and immediately discarded from memory once the analysis is complete. These photos are never saved to your device's storage and are never stored on any server.
• Diary and progress photos: When you choose to take diary entries ("skin stamps") or progress selfies, these photos are saved locally on your device only. They are stored for as long as you keep the app installed or until you manually delete them. These photos are never uploaded to any server or shared with any third party.
• Why face data is collected: Face photos are collected exclusively to analyze your skin condition and provide personalized skincare insights. There is no other purpose for collecting face data.
• Retention period: Skin analysis photos are not retained; they exist in device memory only during the analysis process (typically a few seconds) and are discarded immediately after. Diary and progress photos are stored on your device until you delete them or uninstall the app. We do not store face data indefinitely on any server.

Third-Party Face Data Sharing

Skin analysis photos are shared with one third party:

• Anthropic: We send skin analysis photos to Anthropic's Claude API for AI-powered skin assessment. Photos are transmitted securely via HTTPS, processed by Anthropic's AI model to generate skin health scores, and are not retained by Anthropic after processing is complete. Anthropic does not store, sell, or use your photos for any purpose beyond the immediate analysis request. Per Anthropic's API data policy, data sent through the API is not used for model training and is not retained after processing. See Anthropic's Privacy Policy.

Diary and progress photos are never shared with any third party. They remain on your device at all times.

Data Storage

All personal data is stored locally on your device using SQLite. We do not operate user accounts, do not collect email addresses, and do not maintain a central database of user information. No face data is stored on any external server.

Other Third-Party Services

• RevenueCat: We use RevenueCat to manage subscriptions. RevenueCat processes purchase data through Apple's App Store. No face data or photos are shared with RevenueCat. See RevenueCat's Privacy Policy.
• SerpApi: We use SerpApi to fetch product images when you search for skincare products. Only product search queries are sent; no personal data or photos are shared.

What We Do Not Collect

• We do not collect email addresses or require user accounts.
• We do not track your location.
• We do not sell or share personal data with advertisers.
• We do not use analytics or tracking SDKs.
• We do not use face data for facial recognition, identity verification, or advertising.
• We do not create biometric identifiers from your photos.

Your Rights (GDPR / CCPA)

Because your data is stored locally on your device, you have full control over it at all times. You can:

• Access your data: All your data is visible within the app.
• Delete your data: Uninstalling the app removes all locally stored data. You can also clear data from the app's settings.
• Opt out: You can choose not to take photos or use AI analysis features.

If you are a resident of the EU/EEA or California, you have additional rights under GDPR or CCPA respectively. Since we do not maintain server-side personal data, most data subject requests are fulfilled by the local-only nature of our storage.

Children's Privacy

Lua is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. Changes will be reflected in the app and on this page with an updated date.

Contact Us

If you have questions about this privacy policy, contact us at support@lua-skincare.app.