Privacy Policy
Last updated: June 19, 2026
SkinCheck ("the App") is owned and operated by Tech Efficient LLC ("we," "us," or "our"). SkinCheck is a personal skin-change photo log: you photograph moles and skin spots over time and compare them before dermatology appointments. SkinCheck is not a medical device and does not provide diagnosis. This Privacy Policy explains exactly what we collect, why, and who we share it with when you use the SkinCheck mobile application, the website at anychanges.skin, and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described below.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Email address (required) and a password (stored only as a one-way bcrypt hash).
- Profile information: Display name and optional profile photo.
- Your photos: The skin photos you choose to bring into the App, along with the labels and notes you attach to them.
- Support communications: Any message or feedback you send us.
1.2 Information from Third-Party Sign-In
If you sign in with Apple or Google, we receive your name, email address, and a unique identifier from that provider. We never receive or store your password for those services.
1.3 Information Collected Automatically
- Device info for push notifications: When you opt in to notifications, we store the push token issued by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver reminders and account notifications. The token is rotated by the operating system and is not used for advertising.
- Crash & error logs (Sentry): If the app crashes or throws an unhandled error, we send a stack trace, the app version, the OS version, the device model, and a randomly generated installation ID to Sentry so we can fix bugs. We do not include your name, email, or photo content in crash reports.
- Product analytics (PostHog): We record which screens you visit and which actions you take so we can understand which features are useful and which are confusing. Events are tied to a randomly generated installation ID, not to your email or phone. PostHog stores data in the US. See PostHog's privacy policy.
- Server log data: Standard web-server logs — IP address, user-agent, request path, and timestamp — are kept for up to 30 days for security and abuse detection.
1.4 Information We Do Not Collect
- We do not use your device's advertising ID. SkinCheck has no ads.
- We do not access your device's address book.
- We do not read your location in the background, and SkinCheck does not use your location.
- We do not sell your personal information to anyone.
- We do not use your data to train AI models.
1.5 Your Photos Are Private to You
SkinCheck is a personal record-keeping tool. The photos you take and the labels and notes you attach to them are private to your account. There is no public feed, no following, and no sharing with other users built into the App.
2. How We Use Your Information
We use the information above only to:
- Create and authenticate your account.
- Store and organize the photos, labels, and notes in your account.
- Deliver transactional notifications by push or email (for example, security and account messages).
- Diagnose crashes and improve the product (Sentry, PostHog).
- Detect and prevent abuse, spam, fraud, or security threats.
- Comply with legal obligations.
3. How We Share Your Information
We do not sell your personal information. We share it only in these specific cases:
- With service providers we rely on to operate the App (each acts as a data processor on our behalf):
- Our hosting provider — application and database hosting (United States).
- Apple Push Notification service / Firebase Cloud Messaging (Google) — delivery of push notifications.
- Sentry — crash and error reporting.
- PostHog — product analytics.
- SMTP provider on our hosting account — outbound transactional email.
- Legal requirements: We may disclose information if we are legally required to (subpoena, court order, lawful government request).
- Safety: We may disclose information when we believe it is necessary to protect the safety, rights, or property of our users or the public.
- Business transfers: If Tech Efficient LLC is acquired or merged, your information may be transferred as part of that transaction. We would notify you and update this policy before any change of control.
4. Data Retention
We retain your account information for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 30 days. Crash logs and analytics events are retained for up to 12 months. Server logs are retained for up to 30 days. We may retain limited records longer where required for legal, tax, or fraud-prevention purposes.
5. Data Security
We protect your information using industry-standard practices: passwords stored as bcrypt hashes (never plain text), short-lived JWT access tokens with rotating refresh tokens, HTTPS/TLS for all transport, and access controls on the server side. No system is 100% secure, and we cannot guarantee absolute security, but we work to minimize risk.
6. Your Rights and Choices
You may at any time:
- Access and update your profile from Profile → Edit in the App.
- Delete your account from Profile → Settings → Delete Account in the App. This is self-service and removes your account and personal data within 30 days. You can also request deletion by emailing support@techefficientllc.com.
- Opt out of push notifications from your device settings.
- Request a copy of the personal data we hold about you by emailing the address above.
If you are a resident of California, the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection laws (including the CCPA and GDPR), you may have additional rights — including rights of access, correction, deletion, portability, and to lodge a complaint with your local supervisory authority. We honor those rights without charge. Contact us to exercise them.
7. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it. If you believe a child under 13 has used the Service, contact us at the email below.
8. International Users
SkinCheck is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.
9. Third-Party Links and Services
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Review their policies before providing information to them.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "Last updated" date and, for material changes, give you reasonable notice in the App or by email before they take effect. Your continued use of the Service after the effective date means you accept the updated policy.
11. Contact Us
For any question about this Privacy Policy or our data practices:
Tech Efficient LLC
Email: support@techefficientllc.com