Shine AI Privacy Policy
This privacy notice for Pflugpeil Ventures UG (haftungsbeschränkt) ("Company," "we," "us," or "our") explains how and why we may collect, store, use, and/or share ("process") your information when you use our services ("Services"). For example, this includes when you download and use our mobile application (Shine AI) or any other application that references this privacy notice, as well as when you engage with us through sales, marketing, or events.
Questions or concerns? By reading this privacy notice, you will gain a better understanding of your privacy rights and the choices available to you. If you disagree with our policies and practices, please do not use our Services. If you still have any questions or concerns, feel free to contact us at david@pflugpeil.de.
Information We Process
We may collect and process the following personal information about you when you use the System:
- - First name
- - Age
- - Email address
- - Any content you upload or manage using the Service
- - Any other information you may provide to us (e.g., via the app’s feedback form)
Mobile device data, including:
- - Operating system and version
- - App usage data
- - Crash reports and diagnostics data for debugging and improvement
How We Use Your Information
We will use the information that we collect about you for the following purposes:
- - Marketing/promoting the Service to the users of our app
- - Provide the Service
- - Technical and administrative support
The legal basis for this processing is Article 6(1)(f) GDPR, based on our legitimate interest to provide the Service to our customers and their users. If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent, and then only for the purpose(s) for which you have granted consent (unless we are required to do otherwise by law).
Use of Captured Images and Analyzed Data
How and Why Do We Collect Face Data?
We collect face data directly from photos that users provide within the app, and only with their explicit consent. Each time a photo is required, the app will notify users and request their approval. No images are captured without the user’s active participation, whether through the in-app camera feature or by uploading a photo. Face data is used to deliver personalized skincare insights and track improvements over time. Specifically:
Personalized Skincare Suggestions:
Face data helps us offer tailored skincare products and routine recommendations based on the unique attributes of the user’s skin. These recommendations are intended to help users explore suitable options for their individual skin types and concerns. They are informational only and not substitutes for medical advice.
Skin Analysis and Scores:
We analyze facial data to generate skin scores that reflect various skin conditions, such as hydration levels, texture, and overall health. These scores are meant as a tool to help users understand and monitor their skin condition over time. They do not constitute medical diagnoses or professional treatment plans.
Face Data Storage and Retention
Retention Policy: Face data is stored securely while the user’s account remains active. Face data is processed and stored temporarily on our encrypted servers to provide the service. Captured images and analyzed data may also be retained for a limited time after the initial analysis to enable features like progress tracking and comparison.
Retention Duration: Face data is stored only for as long as necessary to provide the intended services outlined in this Privacy Policy or to comply with applicable legal requirements. Once the data is no longer needed for these purposes, it is securely and permanently deleted. If a user chooses to deactivate their account or requests deletion of their data, all associated data, including images and analysis results, will be permanently erased within seven days.
No Indefinite Storage: We do not store face data indefinitely. Retention is limited strictly to the time required to deliver the app’s services.
Automatic Account Deletion: To ensure the security and privacy of our users, we will automatically and permanently delete inactive accounts. If an account remains inactive for a continuous period of one year, it will be permanently deleted, along with all associated data, including captured images and analysis results. Before deletion, users will receive a notification via their registered email address or phone number to allow the opportunity to reactivate their account if desired.
Third-Party Sharing
We do not share users’ face data or images with any external third parties. All analysis and processing of face data are conducted entirely within our proprietary systems hosted on secure servers. We use self-hosted machine learning models to ensure that personal data, including facial data, is not shared with any third parties. By ensuring all data remains under our control, we safeguard user privacy and maintain compliance with data protection regulations.
User Control
Users may request deletion of their personal data, including images and analyzed data, at any time through the app settings or by contacting us. Deleted data will be removed from our systems within seven days to ensure full control over data.
Security of Face Data
Face data is encrypted during processing and storage to ensure the highest level of security. Our systems and procedures are designed to prevent unauthorized access and use of data. Face data is used only for the intended purposes of the app and is not repurposed or accessed beyond those necessary for providing the service.
Retention Of Your Information
The data that your internet browser automatically transmits to us are retained in log files for up to 7 days and then automatically deleted or anonymized. We will retain your other personal information with us for up to 2 years after your account for the Service is terminated, provided we still need it to fulfill the purposes for which it was collected as detailed in this Privacy Policy. We may need to retain certain information for longer periods such as record-keeping / reporting in accordance with applicable law or for other legitimate reasons like enforcement of legal rights, fraud prevention, etc. Residual anonymous information and aggregate information, neither of which identifies you (directly or indirectly), may be stored indefinitely.
Your Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (Art. 21 GDPR).
Your Other Rights
You have the right to request confirmation from us as to whether personal data relating to you are being processed; if this is the case, you have a right to information about these personal data and the information listed in detail in Art. 15 GDPR. You have the right to demand that we correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data without delay (Art. 16 GDPR). You have the right to demand that we delete personal data relating to you without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued (right to erasure). You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies. You have the right to receive from us the data concerning you that you have provided to us in a structured, common and machine-readable format. You may transfer these data or have them transferred to other entities (right to data portability). Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). You may assert this right before a supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement. You also have the right to complain to the responsible regulatory authorities, which can be found here (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).
Cookies and Analytics
Our app uses basic device analytics to improve functionality and user experience. Collected data is anonymized and only used to improve app performance and resolve bugs.