Back to Home

Privacy Policy

Learn about our commitment to protecting your privacy and providing transparent terms of service.

SkinSync Privacy Policy

Effective date: December 1, 2024

This Privacy Policy explains how SkinSync ("SkinSync", "we", "us", or "our") collects, uses, discloses, and protects personal data when you use our mobile application and related services (the "Services"). This Policy is designed to comply with the Personal Data Protection Act B.E. 2562 (2019) of Thailand ("PDPA").

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Data Controller and Contact

If you have any questions or would like to exercise your rights, contact the DPO using the details above or through the in-app path: Profile → Terms & Privacy.

2. What Personal Data We Collect

We collect the following categories of personal data, depending on your use of features:

  • Account and Identity Data: email address, display name/username, birth year, gender, authentication identifiers (e.g., via Google OAuth), profile photo.
  • Profile and Social Data: biography, social media links (e.g., TikTok, Instagram, Facebook, X, Lemon8), language preferences.
  • User-Generated Content (UGC): routines, posts, comments, reviews, ratings, uploaded images and media, likes, follows, reports.
  • Camera and Media Data: photos you capture or select (e.g., product packaging, ingredient lists). We access the camera or photo library only with your permission.
  • Scan and Analysis Data: extracted text/ingredients from images and related analysis results.
  • Search and Personalization Data: search queries, filters, survey answers (e.g., skin type, concerns, ingredients to avoid, price range), and derived recommendation signals.
  • Device and Technical Data: device model, OS version, app version, language, timezone, country/region, IP address, device identifiers, crash/performance diagnostics, and push notification tokens.
  • Usage Data: interactions with screens and features, taps, session length, in-app navigation, referrers, timestamps, and logs.
  • Location Data: approximate location derived from IP or device settings if enabled (we do not collect precise GPS unless explicitly granted and required for a feature).
  • Communications Data: support requests, feedback, survey responses, and notification preferences.
  • Sensitive Data (only with your explicit consent): health-related inferences you choose to provide (e.g., skin concerns). You can withdraw consent at any time.

We do not intentionally collect payment card numbers in the app. If you purchase from third-party retailers via external links, their privacy policies apply.

3. How We Collect Data

  • Directly from you: when you register, complete the onboarding survey, edit your profile, create routines, post in the forum, comment, like, or upload content.
  • Automatically: through cookies-equivalent technologies and SDKs in the app for analytics, performance, and security.
  • From third parties: authentication providers (e.g., Google), analytics/crash reporting, search providers, and cloud services used to operate the Services.

4. Purposes and Lawful Bases (PDPA)

We process personal data for the following purposes under these lawful bases:

  • Provide and operate the Services (contract): account creation, authentication, content hosting, forum, routines, search, and scanning features.
  • Personalize recommendations and search (legitimate interests and/or consent): apply your survey answers, filters, and behavior to tailor products and content.
  • Community features (contract/legitimate interests): enable posting, commenting, liking, and moderation for safety.
  • Communications (contract/legitimate interests/consent): send service notifications; send marketing communications only with consent.
  • Push notifications (consent): deliver alerts about activity, updates, or recommendations.
  • Analytics, performance, and improvement (legitimate interests): measure usage, fix bugs, enhance features.
  • Security and fraud prevention (legitimate interests/legal obligations): detect, prevent, and respond to abuse or violations of our Terms.
  • Legal compliance (legal obligations): comply with applicable laws, respond to lawful requests, and enforce our rights.
  • Research and statistics (legitimate interests/public interest where applicable): aggregate and de-identify data to improve the Services.

Where we rely on consent, you can withdraw it at any time via device settings, in-app controls, or by contacting us.

5. Sharing and Disclosure

We share personal data only as necessary and subject to appropriate safeguards:

  • Service Providers (Processors): hosting, databases, authentication, search, analytics, crash/performance monitoring, content delivery, and notifications (e.g., cloud infrastructure, analytics SDKs, push providers). These providers process data on our instructions.
  • Other Users: content you post (e.g., routines, posts, comments, images, ratings) is visible to other users as part of the community features.
  • Affiliates and Business Partners: for operations consistent with this Policy.
  • Legal and Compliance: to comply with laws, lawful requests, or to protect rights, safety, and security.
  • Business Transfers: in connection with mergers, acquisitions, or asset sales (your data may be transferred as part of the transaction).
  • External Retailers and Links: if you leave the app to buy products, those third parties’ privacy policies govern.

We do not sell your personal data.

6. International Data Transfers

We may transfer, store, or process your personal data outside Thailand. Where we do, we implement appropriate safeguards consistent with PDPA, such as contractual protections and risk assessments, to ensure your data receives an adequate level of protection.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described above or as required by law. Typical retention periods:

  • Account and profile data: for the life of the account and a reasonable period after deletion for backup, dispute, or legal purposes.
  • UGC (posts, routines, comments): retained while published; may persist in backups/logs for a limited period after deletion.
  • Diagnostics and analytics: retained for limited periods to improve performance and security. When data is no longer needed, we will delete or de-identify it.

8. Your Rights under PDPA

Subject to PDPA and exceptions, you have the right to:

  • Access and obtain a copy of your personal data.
  • Request rectification of inaccurate data.
  • Request deletion or anonymization in certain cases.
  • Restrict or object to certain processing.
  • Data portability (receive or request transfer of your data).
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the Personal Data Protection Committee (PDPC).

You can exercise these rights via in-app settings or by contacting the DPO. We may require verification to protect your account.

9. Security Measures

We use administrative, organizational, and technical measures designed to protect personal data, including access controls, encryption in transit, monitoring, and secure development practices. No system is 100% secure; we encourage you to keep your account credentials confidential and enable device security features.

10. Children

The Services are intended for individuals who have reached the legal age of majority under applicable law. We do not knowingly collect personal data from minors without appropriate consent. If you believe a minor provided data without consent, contact us to request deletion.

11. Cookies and Tracking Technologies

The mobile app uses SDKs and similar technologies for essential functions, performance, analytics, and notifications. You can manage certain permissions (e.g., camera, notifications) via your device settings and in-app controls, which may impact functionality.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via in-app notice or other appropriate means. Your continued use of the Services after the effective date of changes constitutes acceptance.

13. How to Contact Us

If you cannot find the DPO contact, use the in-app path: Profile → Terms & Privacy.

14. Important Medical and Content Disclaimer

The information provided has been compiled from publicly available sources. We disclaim any liability for adverse effects that may result from the use of this information. For personalized advice or if you have specific skin concerns, please consult a qualified dermatologist.

Need Help?

Contact us if you have any questions about our policies.

Privacy PolicyTerms of Service