Last updated: June 1, 2026
Face Images & Facial Data: When you take a scan, the app captures a selfie photo and, on your device, detects facial landmark points (the geometry of eyes, nose, and mouth) using on-device ML Kit. This facial data is used only to compute cosmetic glow/skin scores and generate your personalized skincare plan — it is never used for biometric identification, face recognition, or to identify you. The selfie is sent to OpenAI for cosmetic analysis with your in-app consent (see section 3), and stored in a private, access-controlled Supabase storage bucket so future scans can compare your progress. It is retained until you delete your Auraly account, at which point the image and associated scan data are removed.
Analysis Results: Your glow scores, precision diagnostics, chosen locale, age range, skin type, skincare goals, current routine, scan history, and personalized plans.
Subscription & Account: Subscription status and billing info via RevenueCat, account creation date, preferences.
Analytics: Anonymized usage events via PostHog (feature clicks, time spent, conversion funnels). Not tied to your name or email.
Error Reports: Crash reports and error logs via Sentry (anonymized, no personal data).
Generate Your Scores: The app uses on-device ML Kit landmarks and sends your scan data to our Supabase Edge Function for scoring.
Personalized Plans: We use OpenAI to generate your 7-day skincare plan based on your scan results, goals, and routine preferences.
Improve the App: Anonymized analytics help us understand feature usage, performance, and bug patterns.
Customer Support: If you contact us, we use your email and message to respond to your inquiry.
OpenAI (third-party AI service): With your in-app consent, your scan selfie and analysis context are sent to OpenAI solely to generate your cosmetic glow scores and personalized 7-day skincare plan — never for identity recognition or biometric identification. OpenAI processes this data under the OpenAI API data usage policy, does not use it to train its models, and is contractually required to provide the same or equivalent level of data protection described in this policy. The image is not retained by OpenAI for these API requests.
Supabase: Hosts your encrypted database records (scores, preferences, subscription status).
RevenueCat: Processes subscription transactions and manages renewal logic.
PostHog: Stores anonymized event analytics (no user names, emails, or face images).
Sentry: Stores anonymized crash reports (no personal data).
We do not sell, rent, or share your personal data with third parties for marketing.
Data Export: You can export all your personal data anytime via Profile → Settings → Export.
Account Deletion: Delete your Auraly account anytime from the app. This removes your Auraly profile, scans, plans, check-ins, and scan images.
Image Retention: Face images are stored for future scan comparison until you delete your Auraly account.
Regulatory Compliance: We comply with GDPR (EU), PIPA (Korea), APPI (Japan), and PDPA (Taiwan).
Auraly is not a medical product. Our scores are for wellness and entertainment. Consult a qualified professional for medical concerns.
Auraly is not directed at users under 13 years old. We do not intentionally collect data from children.
Questions about your privacy? Email us at hello@auralyapp.com
Note for legal review: This policy should be reviewed by legal counsel before launch. Adjust jurisdiction clauses and AI vendor details as your product evolves.