Privacy Policy
Effective: March 22, 2026
Oh My Skin (the "Service") values your privacy and is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.
1. Information We Collect
We collect the following information: • Account information: Display name, profile image (via Kakao or Google login) • Facial photos (biometric data): 3-angle selfies captured for AI skin analysis • Survey responses: Answers about your skin condition and lifestyle habits • Analysis results: AI-generated skin condition scores, grades, and findings • Payment information: Payment identifiers for premium services (payment processing is handled by Polar or Toss Payments; we do not directly collect card details)
2. How We Use Your Information
• To provide AI skin analysis services • To recommend skincare products based on analysis results • To provide analysis history features • For service improvement and anonymous statistical analysis
3. Data Retention
• Original facial photos: Deleted immediately after analysis (not stored on servers) • Preprocessed images: Retained for viewing analysis results; deleted upon account deletion • Social account profile information: Deleted upon account deletion • Analysis results: Deleted upon account deletion • Survey responses: Deleted upon account deletion • Payment records: Retained for 5 years as required by law
4. Third-Party Sharing
We do not sell your personal information. We share data with third parties only in the following cases: • With your prior consent • As required by law We engage the following service providers to process data on our behalf: • Supabase, Inc. (US): Data storage and user authentication • Polar (US): Payment processing • Toss Payments (South Korea): Payment processing
5. International Data Transfers
We transfer data internationally as follows: [1] AI Skin Analysis • Recipient: OpenAI, Inc. • Country: United States • Data transferred: Facial photos (preprocessed images) • Purpose: AI-powered skin analysis • Method: Encrypted API transmission • Retention: Deleted immediately after processing (OpenAI does not use API inputs for training) [2] Data Storage & Authentication • Recipient: Supabase, Inc. • Country: United States • Data transferred: Account information, analysis results, preprocessed images • Purpose: Service database and user authentication • Method: Encrypted transmission (TLS) • Retention: Deleted upon account deletion [3] Payment Processing • Recipient: Polar • Country: United States • Data transferred: Payment identifiers • Purpose: Premium service payment processing • Method: Encrypted transmission (TLS) • Retention: Per Polar's retention policy after payment completion
6. Data Deletion
We delete personal information promptly when its purpose has been fulfilled. • Procedure: Deleted per internal policy after purpose is achieved • Method: Electronic files are deleted using irreversible methods
7. Biometric Data
We collect facial photos, which constitute biometric data. • Purpose: AI-based skin condition analysis (not for medical diagnosis) • Processing: Original images are deleted immediately after analysis • Legal basis: Explicit consent obtained before camera capture
8. Your Rights
You may exercise the following rights at any time: • Request access to your personal information • Request correction or deletion of your data • Request to stop processing your data • Delete your account To exercise these rights, contact us at the email below.
9. Contact
Service: Oh My Skin Email: support@ohmy.skin For inquiries regarding personal data processing, please contact us at the email above.
10. Children's Privacy
We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it immediately.