Legal & Trust

Privacy Policy

Last updated: June 24, 2026

Note on Maintenance: This page is maintained by Patch to answer common security, compliance, and privacy questions about the Patch application. This description outlines how we safeguard health-adjacent and personal data.

1. Information We Collect

We process data to help you identify potential allergens in cosmetics and personal care products. This includes:

  • Allergen Profiles: The specific contact allergens (such as fragrances, preservatives, or botanical extracts) you save in your profile.
  • Account Credentials: If you sign up, we securely process your email and login credentials.
  • Product Searches: When you search or scan ingredient labels, the scanned text is processed on our secure servers to verify ingredients.
  • Payment Information: Payment information including card details is processed by Stripe. Patch does not store card numbers directly.

2. How We Use Your Data

Your data is used solely to provide and improve the Patch experience:

  • To cross-reference personal care products with your customized list of skin allergens.
  • To securely authenticate and preserve your allergen checklist across multiple devices.
  • We do not sell, rent, or trade your allergen profiles, scans, or personal data to third parties, marketers, or advertisers.

3. Third Party Data Processors

We rely on trusted third-party services to operate Patch:

  • Stripe: Processes payment data and subscription billing.
  • Supabase: Stores user accounts, allergen profiles, and product data.
  • Lovable Cloud: Provides hosting infrastructure and secure deployment.

4. Shared Responsibility & Platforms

Patch is hosted on Lovable Cloud. Our platform infrastructure, authentication services, and database layers utilize secure hosting environments with robust access controls.

While Patch provides tools and analysis to help you screen product ingredients, you are responsible for maintaining the confidentiality of your credentials. Additionally, formulations frequently change: always re-verify physical product labels before use.

5. Security Measures

We implement industry-standard security protocols to protect your personal information against unauthorized access, modification, or disclosure. All communication between your device and our systems is encrypted using transport layer security (TLS).

6. GDPR Rights

If you are located in the UK or EU, you have the right to access, correct, export, and delete your personal data. To exercise these rights, contact us at support@patchskin.app. If you have complaints about how we handle your data, you may also contact the Information Commissioner's Office (ICO).

7. Children's Privacy

Patch is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

8. Data Retention & Deletion

We store your account and profile data for as long as your account remains active. You can request deletion of your account and associated allergen data at any time by contacting us directly at support@patchskin.app.

9. Cookies and Analytics

We use minimal, privacy-centric cookies to maintain your login session and understand basic, anonymous app performance.

10. Contact Us

If you have questions about this policy, or would like to submit a data request, contact us at: support@patchskin.app.