Legal

Privacy Policy

Effective date: July 5, 2026
Operated by: ApotheKitty (“we,” “us,” “our”)

This policy explains what we collect, how we use it, who we share it with, and your choices. It applies to your use of ApotheKitty.ai (the “Service”) and is incorporated into our Terms of Service.

1. Information we collect

Information you provide:

  • Quiz responses — including your skin type, skin concerns, sensitivities, allergies, and budget.
  • Photos — facial images you choose to upload (optional; see Section 3).
  • Contact / account details — such as your email address, if you create an account or contact us.

Information collected automatically:

  • Usage and device data — pages viewed, actions taken, browser/device type, and similar analytics.

2. Skin concerns and other sensitive information

Some information you provide — your skin concerns and any conditions you describe — may be treated as health-related or sensitive personal information under laws such as the Washington My Health My Data Act, the EU/UK GDPR (special-category data), and certain U.S. state laws. We collect and use this information only with your consent, and only to generate and improve your recommendations.

3. Facial images and skin analysis (please read)

If you choose to upload a photo, here is exactly how we handle it:

  • Purpose. We use your photo solely to analyze visible skin characteristics (such as hydration, redness, and texture) in order to tailor your product recommendations.
  • Consent. We collect and process facial images only after you give explicit, opt-in consent at the point of upload. You are never required to upload a photo to use the Service.
  • How it's processed. Photos are analyzed by our third-party skin-analysis and AI providers to produce skin attributes. Analysis is automated; images are not routinely reviewed by humans except as needed to investigate errors or abuse.
  • No identification. We do not use facial images to identify you, do not use them for facial recognition, and do not sell, rent, or trade them.
  • Retention and deletion. Uploaded photos are processed to generate your recommendations and then permanently deleted within 24 hours. We do not retain the original image after your recommendations are generated.
  • Biometric-law compliance. To the extent any data derived from your photo is considered biometric information under laws such as the Illinois Biometric Information Privacy Act (BIPA) or the Texas Capture or Use of Biometric Identifier Act (CUBI), we obtain consent before collection, do not sell it, and destroy it according to the schedule above, consistent with our written retention-and-destruction policy.

4. How we use your information

  • To generate your personalized product recommendations.
  • To operate, maintain, and improve the Service.
  • To respond to you and send service communications (and marketing only where permitted, with opt-out).
  • To comply with legal obligations and enforce our Terms.

5. How we share information

We share information only as described here:

  • Service providers who help us run the Service — for example, our skin-analysis provider, AI/processing provider, hosting, and analytics providers — under contracts limiting their use of the data.
  • Affiliate networks and retailers — when you click a product link, affiliate networks may receive click and purchase data to attribute commissions.
  • Legal and safety — where required by law or to protect rights and safety.
  • Business transfers — in connection with a merger, acquisition, or sale of assets.

We do not sell your personal information for money.

6. Data retention

We keep personal information only as long as needed for the purposes above or as required by law. Photos follow the deletion practice in Section 3. Quiz responses and recommendation history are retained while your account is active and deleted within 90 days after account closure. Account records and logs are retained for up to 24 months for security and legal compliance.

7. Security

We use reasonable administrative, technical, and physical safeguards to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, or port your information; to object to or restrict processing; and to withdraw consent (including consent to photo processing) at any time. California residents have rights under the CCPA/CPRA, and EEA/UK residents have rights under the GDPR. To exercise any right, contact us at questions@apothekitty.ai. We verify requests using the email address associated with your account (and, where needed, additional identifying details) and will respond within 45 days. We will not discriminate against you for exercising these rights.

9. International users and data transfers

If you access the Service from outside the United States, your information may be processed in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

10. Children's privacy

The Service is intended for users 18 and older. We do not knowingly collect information from anyone under 18. If we learn we have, we will delete it.

11. Changes to this policy

We may update this policy and will post the revised version with a new effective date. Material changes affecting how we handle photos or sensitive data will be communicated more prominently and, where required, we will request fresh consent.

12. Contact

Questions or requests: questions@apothekitty.ai.