Privacy Policy

Last updated: May 4, 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address and a hashed version of your password. If you sign in with Google, we receive your name and email from Google.

Usage Data

We collect information about how you use the Service, including items you track, watchlist activity, and alert preferences. This data is used to provide and improve the Service.

Telegram Chat ID

If you connect Telegram for price alerts, we store your Telegram chat ID to deliver notifications. We do not access your Telegram messages or contacts.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To send price alerts and notifications you requested
  • To process subscription payments
  • To send important account-related emails (e.g., password resets, security notices)
  • To generate AI-powered suggestions based on your tracked items

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Polar.sh / Stripe — for payment processing (email and subscription details)
  • Telegram Bot API — to deliver price alerts (chat ID and alert content only)
  • Anthropic (Claude API) — to generate AI suggestions (item price data only, no personal information)

4. Data Storage and Security

Your data is stored on secure servers hosted by Railway. Passwords are hashed using bcrypt. Authentication uses HTTP-only JWT cookies. We use HTTPS for all data transmission.

5. Cookies

We use a single essential cookie (auth_token) to keep you signed in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your watchlist and alert data
  • Disconnect Telegram integration at any time
  • Cancel your subscription at any time

To exercise these rights, visit your account settings or contact us at the email below.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. Aggregated, anonymized usage statistics may be retained indefinitely.

8. Children

The Service is not intended for users under 13 years of age. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

10. Contact

For privacy-related questions, contact us at support@skinmetrics.io.