DermAI
Back to DermAI

Sensitive health data, handled carefully

Privacy Policy

How DermAI collects, uses, stores, shares, and protects personal data, skin images, health-related context, and AI scan information.

Effective May 15, 2026

Product-ready draft language for DermAI. Final production launch should be reviewed by qualified legal counsel.

privacy@dermai.skin

Applies to

DermAI apps, website, scan flows, reports, and support channels

Primary contact

privacy@dermai.skin

Default posture

Consent-led, data-minimized, U.S.-only launch

Health content

Skin photos and scan context are treated as sensitive information

Quick read

We collect only what is needed to run DermAI, improve safety, support accounts, and process payments.
Skin photos, body-area context, symptoms, scan results, and reports are treated as sensitive health-related data.
Raw images may be deleted after analysis unless you choose account history, report storage, support review, or another saved feature.
You can request access, correction, deletion, consent withdrawal, and grievance support through privacy@dermai.skin.

1. Scope and role

This Privacy Policy explains how DermAI collects and processes personal data when you use our website, mobile or web app, AI skin scan flow, account features, Pro subscription, support, referrals, and related services.

DermAI is designed for consumer skin-health guidance. It provides general wellness information, AI-assisted probability estimates, urgency guidance, and appointment preparation tools. It is not a hospital, clinic, emergency service, or replacement for a qualified dermatologist.

For users in the United States, our privacy posture is designed around consent, transparency, data minimization, and applicable federal and state privacy and consumer expectations. DermAI is a wellness information service and is not a substitute for clinician care or emergency services.

2. Personal data we collect

The data we collect depends on how you use DermAI. We collect data you provide, data created during scan processing, payment and subscription data, support communications, and limited technical data needed to keep the service secure and reliable.

  • Account data: name, email address, phone number where provided, login method, profile settings, family profile names or labels, and consent records.
  • Skin scan data: uploaded or camera-captured skin images, body area, duration, symptoms, visible characteristics, user notes, prior scan comparisons, and scan quality signals such as blur or lighting.
  • AI output data: condition probabilities, confidence levels, urgency category, explanation text, next-step guidance, PDF reports, and scan history where enabled.
  • Payment data: subscription plan, billing cycle, payment status, transaction IDs, invoice metadata, refund status, and limited payment-provider references. Full card, wallet, bank, or app-store details are handled by payment processors such as Stripe, app stores, or other checkout providers.
  • Support data: messages, attachments, device context, diagnostic logs, refund requests, deletion requests, and grievance communications.
  • Technical data: IP address, approximate location derived from IP, device type, browser, operating system, app version, session identifiers, security events, and cookie or similar technology data.

3. Skin photos and health-related context

Skin images can reveal sensitive information about your body, health, surroundings, and identity. We treat uploaded skin photos, symptom notes, scan results, and dermatologist-preparation reports as sensitive health-related information even where a specific law may not use that exact label.

DermAI may strip image metadata such as EXIF, device, and location metadata before analysis when technically feasible. The visible contents of the image itself may still reveal personal information, so you should avoid including faces, private body areas, documents, other people, or background details unless necessary for the scan.

If you choose analyze-and-delete mode, we aim to delete the raw image after the scan workflow completes, subject to security logs, temporary processing queues, backup windows, abuse prevention, and legal obligations. If you enable scan history, PDF reports, family profiles, clinician referral, or support review, we may store the relevant image or report data so those features work.

Medical caution

Do not use DermAI for emergencies, rapidly spreading symptoms, severe pain, fever, breathing difficulty, eye involvement, burns, deep wounds, or any concern that may require urgent care.

4. How we use personal data

We use personal data to provide the service, generate AI-assisted scan outputs, maintain user accounts, process subscriptions, respond to support requests, improve quality and safety, prevent misuse, meet legal obligations, and communicate important service changes.

  • Provide scan analysis, urgency guidance, reports, scan history, family profiles, and account features.
  • Check image quality, detect unsupported use, reduce false confidence, and route high-risk or low-confidence cases toward professional care.
  • Operate subscriptions, invoices, failed-payment recovery, refunds, and payment reconciliation.
  • Maintain security, prevent fraud, detect abuse, debug errors, and protect the service.
  • Improve DermAI models, workflows, and safety systems only where we have an appropriate legal basis and, where required, consent or de-identified data.
  • Send transactional messages such as account verification, subscription changes, scan-history notices, policy updates, support replies, and security alerts.

6. Cookies, analytics, and similar technologies

We use necessary cookies and similar technologies for login, security, session continuity, payments, consent records, and core app functionality. We may use analytics cookies to understand performance, feature adoption, errors, and conversion flows, and marketing or affiliate cookies only where allowed and consented to when required.

For more detail, see our Cookie Policy. If a cookie consent banner is active in your region or product surface, your choices will be reflected there. You can also use browser settings to block or delete cookies, although some DermAI features may stop working.

7. Data sharing and processors

We do not sell your skin photos or scan history. We share data only with service providers, payment processors, hosting and security vendors, analytics tools, support tools, professional referral partners when you request that pathway, legal advisers, authorities where required, or parties involved in a business transaction subject to safeguards.

  • Cloud and infrastructure providers that host the app, databases, images, logs, and backups.
  • AI and image-processing providers that help generate scan outputs, quality checks, or safety signals.
  • Payment processors such as Stripe, app stores, or other checkout providers for subscriptions, invoices, payment attempts, refunds, and chargeback handling.
  • Email, messaging, support, and customer operations tools used to respond to you.
  • Analytics and error-monitoring providers used to measure service reliability and improve flows.
  • Dermatologist, pharmacy, or teleconsult partners only when you choose a referral, booking, or share-report workflow.

8. International transfers

DermAI may use cloud, security, AI, analytics, support, and payment providers that operate in the United States and other countries. This means personal data may be processed in the United States and in other countries where our providers operate.

Where cross-border transfer rules apply, we use reasonable safeguards such as contractual protections, access controls, vendor due diligence, data minimization, encryption in transit, and region choices where available.

9. Retention and deletion

We keep personal data only for as long as needed for the purpose collected, unless a longer period is required for legal, tax, accounting, security, fraud-prevention, dispute, or regulatory reasons.

Analyze-and-delete images are intended to be removed after processing, subject to short technical queues, backups, and security exceptions. Saved scan history, reports, and account data remain until you delete them, close your account, withdraw relevant consent, or until our retention schedule requires deletion.

Backup copies may persist for a limited period before they are overwritten. Deletion from active systems does not always mean immediate deletion from immutable backups, but we restrict use of backup data except for restoration, legal, security, and continuity needs.

10. Your privacy rights

Depending on where you live in the United States, you may have rights to access, correct, update, delete, export, restrict, object to, or withdraw consent for certain processing of your personal data. You may also contact us for consent withdrawal, privacy support, and correction or erasure assistance.

To exercise rights, email privacy@dermai.skin from the email linked to your account. We may need to verify your identity before acting on sensitive requests, especially deletion of scan history or health-related reports.

  • Access: ask what personal data we hold about you.
  • Correction: request correction of inaccurate account or profile information.
  • Deletion: request deletion of your account, saved scans, reports, and eligible personal data.
  • Consent withdrawal: withdraw optional consent for scan history, marketing, model improvement, or non-essential cookies where applicable.
  • Grievance support: raise a privacy complaint through privacy@dermai.skin, and we will route it to the appropriate internal owner.

11. Children and family profiles

DermAI is not intended for children to use independently. A parent or legal guardian must manage use for minors, provide required consent, review scan results, and decide whether to seek medical care.

Family profiles are convenience labels for organizing scans. They are not a substitute for a medical record, pediatric consultation, or emergency care. If we learn that a child used DermAI without appropriate parental or guardian involvement, we may delete the account or related data.

12. Security

We use reasonable technical and organizational controls to protect personal data, including encrypted transfer, access limits, logging, vendor review, secure development practices, and data minimization.

No online service can guarantee perfect security. You should use a strong password, protect your device, avoid uploading unnecessary identifying details, and contact privacy@dermai.skin if you believe your account or data may be at risk.

13. Changes and contact

We may update this Privacy Policy as DermAI evolves, laws change, or new features launch. Material changes will be communicated through the app, website, email, or another appropriate channel.

For privacy questions, rights requests, deletion requests, or grievances, email privacy@dermai.skin. For general support, email support@dermai.skin. For legal notices, email legal@dermai.skin.

Privacy questions should feel answerable.

If something about your data, consent, scan history, or deletion request is unclear, contact privacy@dermai.skin and we will help route it to the right owner.

Contact support