Privacy Policy

Last updated: March 16, 2026

Luni ("we", "our", or "us") operates the Luni mobile application. This page informs you of our policies regarding the collection, use, and disclosure of personal information when you use our app.

Information We Collect

Account Information

• Email address (when signing up with email)
• Apple ID identifier (when using Sign in with Apple)
• Display name (optional)

Skincare Profile Data

• Skin type, skin tone, sensitivity level, and skincare goals
• Skin concerns and conditions you disclose
• Product inventory you add to the app
• Product photos captured via the scan feature
• Routine preferences and completion history
• Tretinoin usage tracking (if applicable)

Subscription Data

• Subscription tier and status (managed through Apple). We do not collect or store your payment information — all billing is handled by Apple.

Usage Data

• App interaction data for improving user experience
• Crash reports and performance metrics

How We Use Your Information

• To generate personalized skincare routines based on your profile and product shelf
• To track your routine progress and streaks
• To manage your subscription and enforce tier-based features
• To improve the quality and relevance of our services
• To respond to support requests

Legal Basis for Processing

We process your personal information based on:

• Contract performance: To provide the services you signed up for (routine generation, product tracking, subscription management)
• Consent: For collecting sensitive skincare profile data (skin type, skin tone, skin concerns). You provide this information voluntarily during the onboarding quiz and can delete it at any time.
• Legitimate interest: For crash reporting, performance monitoring, and service improvements

Data Storage and Retention

Your data is stored securely using Supabase (hosted on AWS in the United States). We use industry-standard encryption for data in transit and at rest.

We retain your personal data for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems. We do not retain backups of deleted accounts beyond our standard 7-day backup rotation.

Data Sharing

We do not sell, rent, or trade your personal information. We share data with the following service providers solely to operate Luni:

• Supabase: Cloud database and authentication provider (data storage and account management)
• OpenAI: Skincare profile data (skin type, concerns, goals, and product information) is sent to generate personalized routines. No personal identifiers (name, email) are included. OpenAI does not use API data to train its models.
• Apple: Subscription and purchase management via the App Store

Your Rights

You can:

• Access your data through the app
• Delete your account and all associated data (Settings → Delete Account)
• Export your data upon request by contacting us
• Withdraw consent for data collection at any time by deleting your account

California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to: know what personal information we collect and how it is used; request deletion of personal information; and not be discriminated against for exercising these rights. We do not sell personal information. To exercise your rights, contact us at the email below.

Children's Privacy

Luni is not intended for children under 13. We do not knowingly collect data from children. If we learn that we have collected data from a child under 13, we will promptly delete it.

Contact Us

For privacy questions or data requests: hello@luniskin.com

Changes

We may update this policy. Changes will be posted here with an updated date. If we make material changes, we will notify you through the app or by email.