Legal & Trust
Privacy Policy
Last updated: June 24, 2026
1. Information We Collect
We process data to help you identify potential allergens in cosmetics and personal care products. This includes:
- Allergen Profiles: The specific contact allergens (such as fragrances, preservatives, or botanical extracts) you save in your profile.
- Account Credentials: If you sign up, we securely process your email and login credentials.
- Product Searches: When you search or scan ingredient labels, the scanned text is processed on our secure servers to verify ingredients.
- Payment Information: Payment information including card details is processed by Stripe. Patch does not store card numbers directly.
2. How We Use Your Data
Your data is used solely to provide and improve the Patch experience:
- To cross-reference personal care products with your customized list of skin allergens.
- To securely authenticate and preserve your allergen checklist across multiple devices.
- We do not sell, rent, or trade your allergen profiles, scans, or personal data to third parties, marketers, or advertisers.
3. Third Party Data Processors
We rely on trusted third-party services to operate Patch:
- Stripe: Processes payment data and subscription billing.
- Supabase: Stores user accounts, allergen profiles, and product data.
- Lovable Cloud: Provides hosting infrastructure and secure deployment.
4. Shared Responsibility & Platforms
Patch is hosted on Lovable Cloud. Our platform infrastructure, authentication services, and database layers utilize secure hosting environments with robust access controls.
While Patch provides tools and analysis to help you screen product ingredients, you are responsible for maintaining the confidentiality of your credentials. Additionally, formulations frequently change: always re-verify physical product labels before use.
5. Security Measures
We implement industry-standard security protocols to protect your personal information against unauthorized access, modification, or disclosure. All communication between your device and our systems is encrypted using transport layer security (TLS).
6. GDPR Rights
If you are located in the UK or EU, you have the right to access, correct, export, and delete your personal data. To exercise these rights, contact us at support@patchskin.app. If you have complaints about how we handle your data, you may also contact the Information Commissioner's Office (ICO).
7. Children's Privacy
Patch is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.
8. Data Retention & Deletion
We store your account and profile data for as long as your account remains active. You can request deletion of your account and associated allergen data at any time by contacting us directly at support@patchskin.app.
9. Cookies and Analytics
We use minimal, privacy-centric cookies to maintain your login session and understand basic, anonymous app performance.
10. Contact Us
If you have questions about this policy, or would like to submit a data request, contact us at: support@patchskin.app.