Transparency Center

Privacy Policy

We believe in transparency. This policy outlines exactly how we handle your sensitive data, our privacy architecture, and your rights.

Last Updated

December 15, 2025

On this page:1. Scope & Introduction

1. Scope & Introduction

Dermitri Labs Inc. ("Dermitri", "we," "our," or "us") provides innovative technology to allow our users to analyze skin health using artificial intelligence. This Privacy Policy is designed to help you understand how we collect, use, and share personal information and to help you understand and exercise your privacy rights.

This Privacy Policy applies to personal information processed by us, including on our website, mobile applications, and other online or offline offerings (collectively, "Services").

Controller vs. Processor: For personal information we collect from you directly (like account details), Dermitri acts as a Controller. For data processed on behalf of clinics or professional partners ("Customer Data"), we act as a Processor.

2. Personal Information We Collect

The categories of personal information we collect depend on how you interact with us and our Services.

Information You Provide Directly

  • Account Creation: Contact details such as email address, phone number, and password when you register.
  • Health & Skin Data: Information you voluntarily provide about your skin type, concerns (e.g., acne, dryness), current routine, and skin goals.
  • Communications: Content of messages when you contact support, apply for a job, or participate in surveys.

Information Collected Automatically

  • Device & Usage Data: Internet protocol (IP) address, browser type, operating system, device identifiers, and how you interact with our Services (pages visited, time spent).
  • Cookies & Tracking: We use cookies, pixel tags, and local storage to authenticate users, prevent fraud, and analyze site performance. See our Cookie Policy for details.

3. Biometric Data & AI Analysis

Intentional Minimization

We do not purposefully collect biometric data for identification (facial recognition). Our systems are designed to extract skin texture data while minimizing identity features.

To provide our core skin analysis service, the processing of facial imagery is necessary.

  • Incidental Biometrics: Accurate analysis requires mapping facial landmarks (e.g., undereye area, T-zone) to assess local conditions. These measurements may be classified as biometric data under certain laws.
  • Processing: Images may be processed locally on your device or transmitted to secure cloud instances for heavy AI inference.
  • Limited Retention: Unless you opt-in to "Progress Tracking," images processed for analysis are ephemeral—they are processed in memory and deleted from our inference servers immediately after results are generated.

4. How We Use Your Information

We use your information for business purposes, including to provide our Services, for administrative purposes, and to market our products.

  • Provide Services: To deliver skin analysis results, manage your account, and maintain your progress history.
  • Administrative: To detect security incidents, prevent fraud, debug technical errors, and enforce our terms.
  • R&D: To improve our AI models using de-identified and aggregated data (where personal identifiers are removed).
  • Marketing: To send you updates about new features or products, subject to your communication preferences.

5. How We Disclose Information

We do not sell your personal data. We disclose information to third parties only as described below:

Authentication

Clerk.com Inc. manages user authentication. They process email addresses and login credentials securely.

AI Inference

Google AI Gemini (USA) is our primary provider for Large Language Model (LLM) inference and computer vision. Images sent for analysis are processed in ephemeral containers and are not used to train Google's shared models.

Infrastructure & Hosting

  • Vercel Inc.: Hosting, Edge Functions, and CDN.
  • Cloudflare, Inc.: DNS, DDoS protection, and traffic security.

We may also disclose information to comply with legal obligations, protect our rights and safety, or in connection with a corporate merger, sale, or asset transfer.

6. Your Privacy Choices & Rights

  • Access & Portability: Request a copy of the personal data we hold about you.
  • Correction: Update inaccurate or incomplete information via your account settings.
  • Deletion: Request deletion of your account and associated data.
  • Marketing Opt-Out: Unsubscribe from emails using the link at the bottom of our messages.
  • Withdraw Consent: Where we rely on consent, you may withdraw it at any time.

To exercise these rights, please contact privacy@dermitri.com.

7. Security & Retention

We take reasonable administrative, technical, and physical safeguards to protect your personal information. This includes TLS 1.3 encryption for data in transit and AES-256 for data at rest. However, no system is 100% secure.

We retain personal information only for as long as necessary to provide our Services and for legitimate business purposes (such as legal compliance, dispute resolution, and security).

8. International Transfers

Your information may be transferred to, processed, and stored in the United States or other countries where our servers or service providers are located. These countries may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with this Privacy Policy and applicable laws.

9. Children's Information

Our Services are not intended for users under the age of 18. If we become aware that a person under 18 has provided us with personal information in violation of applicable law, we will delete such information.

Contact Us

If you have any questions about this privacy policy or our privacy practices:

Dermitri Labs Privacy Team
Metro Manila, Philippines
privacy@dermitri.com