SkintraLog in

Privacy Policy

Last updated June 2026

Skintra (Skintra India) is built for Indian users, and we handle your data in line with India’s Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000. This policy explains, in plain language, what we collect and why.

1. What we collect

  • You give us: your mobile number (your account identity), your name and city, your quiz answers, and — if you use the AI scan — a selfie.
  • We compute:your skin profile and your scan scores (for example, “uneven tone: moderate”).
  • Payment: when you buy a plan, Razorpay handles the transaction. We receive the order id and payment status — we do not see or store your full card or bank details.
  • Automatically: basic device and log data (such as IP address and browser), and a push-notification subscription if you turn on reminders.

2. Your face scan and selfie

If you use the AI scan, your selfie is sent to our AI provider (Anthropic, maker of Claude) to analyse and produce your scores. We then store your selfie privately and securely with your plan, so we can show you the close-ups of each concern area on your dashboard. It is visible only to you, protected by row-level access controls, and never made public or used for advertising. You can delete it, or your whole account, at any time by emailing us.

3. How we use your data

  • To build your personalized routine and match products.
  • To take payment and deliver your plan.
  • To send the reminders you choose to turn on.
  • To provide support, prevent fraud or abuse, and meet our legal obligations.

We do not sell your personal data, and we do not share it for advertising.

4. Who we share it with

We use a small number of trusted processors to run the service:

  • Supabase — our database and login, hosted in India (Mumbai).
  • Anthropic (Claude) — analyses your quiz and scan to generate your plan.
  • 2Factor.in — sends your one-time login codes.
  • Razorpay — processes payments.
  • Resend and Vercel — email delivery and hosting.

We may also disclose data if required by law or a valid order from a competent authority.

5. Where your data is stored

Your account and plan data are stored in India (Supabase, Mumbai region). Some processors — such as AI analysis and hosting — may operate from outside India under appropriate safeguards.

6. How long we keep it

  • Your account and plan data: for as long as your account is active.
  • Payment and order records: as required by Indian tax law (up to 7 years) after a purchase.
  • Server logs: about 90 days.
  • Your selfie: until you delete it or your account.

7. Cookies

We use only the minimal cookies needed to keep you logged in and to let Razorpay process payments. We do not run advertising or cross-site tracking cookies.

8. Your rights

Under the DPDP Act you can ask us to access, correct, or erase your data, withdraw your consent, or nominate someone to act for you. Email skintraindia@gmail.com and we will respond within 30 days.

9. Security

Data is encrypted in transit (HTTPS/TLS), access is scoped so you only ever see your own data, and we never store full card details.

10. Children

Skintra is for adults aged 18 and over and is not directed at children. We do not knowingly collect data from minors.

11. Grievance Officer

For any data-protection concern, contact our Grievance Officer at skintraindia@gmail.com. We acknowledge such requests within 24 hours and aim to resolve them within 15 days.

12. Changes & contact

We may update this policy; the “last updated” date above will change and material updates may be notified to you. Questions? Email skintraindia@gmail.com.

A note on skin advice

Skintra provides educational guidance, not medical advice. For persistent or severe skin concerns, please consult a dermatologist.