Privacy Policy

Last updated: April 10, 2026

This Privacy Policy explains what data piel ("piel," "we," "us") collects when you use the piel mobile app and website (the "Service"), how we use it, who we share it with, and the rights you have over it.

We've tried to write this in plain English. The short version: your skin data is yours. We don't sell it, we don't train AI models on it, and you can delete it at any time from inside the app.

1. What we collect

Account data

When you create an account, we collect:

Email address
Display name (optional)
Profile photo (optional)
Date of birth (used for age-appropriate features)
Authentication tokens managed by our auth provider, Supabase

Skin profile

During onboarding and from your settings, you can provide:

Skin type (oily, dry, combination, normal, sensitive)
Skin conditions (e.g., acne, rosacea, eczema)
Medications you're taking that may affect your skin (e.g., isotretinoin, tretinoin)
Skin goals and concerns

Selfies and skin analysis

When you take a selfie inside piel, the photo is uploaded to our private encrypted storage (provided by Supabase Storage) and sent to our AI vision provider (OpenAI) for analysis. The analysis returns numeric scores for nine clinical dimensions of your skin (hydration, acne, redness, texture, dark circles, pigmentation, pore visibility, fine lines, firmness), a written summary, and recommendations.

Selfies are stored only in your account. We do not use your selfies to train any AI model. OpenAI processes the image under their API data usage policy, which prohibits training on customer data submitted via the API.

Daily lifestyle log

If you choose to log your day, we collect what you enter, which may include:

Sleep hours and self-rated sleep quality
Stress level
Water intake
Diet quality
Exercise minutes
Caffeine, alcohol, and sugar intake
Sun exposure
Whether you wore makeup
Menstrual cycle phase (if you choose to log it)
Free-text notes

Wearable data (optional)

If you connect Apple Health, piel reads sleep, heart rate variability (HRV), and exercise data from HealthKit. This data stays on your device and is sent to our servers only to compute your personalized correlations. You can disconnect at any time from Settings → Wearables. piel never writes any data to Apple Health.

Routines and products

You can save your skincare routines and the products you use. Product photos and labels you scan are sent to our AI vision provider to extract ingredients and check compatibility with your skin profile.

Subscription and payment data

Subscriptions are processed by Apple via the App Store. piel itself never sees your card details. We use RevenueCat to manage subscription state, which means RevenueCat receives an anonymous ID linked to your piel account and your subscription status from Apple. See RevenueCat's Privacy Policy.

Analytics

We use PostHog to understand how people use piel — which features get tapped, where users drop off in onboarding, how often they come back. PostHog receives anonymous events tied to your account ID. We don't send your selfies, journal entries, or any sensitive content to PostHog. See PostHog's Privacy Policy.

Device and technical data

We log basic technical information needed to operate the Service: app version, OS version, device type, anonymized crash reports, and request timestamps.

2. How we use your data

To analyze your selfies and compute your skin scores
To find personal correlations between your lifestyle and your skin
To generate recommendations and reminders
To operate your subscription
To improve the Service (using aggregated, non-identifying analytics)
To respond to support requests
To comply with legal obligations

3. What we DON'T do

We don't sell your data. Ever. To anyone.
We don't train AI models on your selfies or journal data.
We don't share your data with advertisers.
We don't use your photos for marketing without your explicit opt-in consent.

4. Service providers

We share data with service providers strictly to operate piel:

Supabase — authentication, database, file storage
OpenAI — AI vision analysis of selfies and product images (via API, no training on data)
RevenueCat — subscription state management
PostHog — product analytics
Google Cloud Platform — backend hosting (Cloud Run)
Apple — App Store, push notifications, HealthKit (only if you opt in)

5. Your rights

You have the right to access, correct, export, or delete your data. Most of these you can do directly from inside the app:

Access & export: Email support@joinpiel.com and we'll send your data within 30 days.
Correct: Edit your profile in Settings → Profile.
Delete: Settings → Account → Delete Account. This permanently removes your account, selfies, journal entries, routines, and all derived data.

If you're in the EU/UK (GDPR) or California (CCPA), you have additional rights including the right to object to processing and the right to non-discrimination for exercising your privacy rights. To exercise any of these, contact support@joinpiel.com.

6. Data retention

We keep your data while your account is active. When you delete your account, we delete your data within 30 days, except where retention is required by law (e.g., billing records).

7. Children

piel is not intended for users under the age of 13. We do not knowingly collect data from children under 13. If you believe we have, please contact us and we'll delete it.

8. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Authentication uses signed tokens. We restrict employee access to user data on a need-to-know basis. No system is perfectly secure, but we treat your skin data with the seriousness it deserves.

9. International transfers

piel is operated from the United States. If you use piel from outside the US, your data will be transferred to and processed in the US.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you in the app or by email. The "Last updated" date at the top of this page reflects the latest revision.

11. Contact

Questions? Email support@joinpiel.com. We answer.