1. About us
Skinpal is provided by TSW Nordic AB (“we”, “our”, “us”), a company registered in Sweden. We are the data controller for the personal data processed through our app and website.
Contact information:
Company name: TSW Nordic AB
Org.nr: [fyll i ditt organisationsnummer]
Address: [fyll i adress]
Email: [din kontaktmail, t.ex. support@skinpal.app]
2. What data we collect
We may collect the following categories of personal data when you use Skinpal:
Account information: name, email address, login credentials.
Subscription and payment information: handled securely by our payment providers (Stripe, Apple, Google). We do not store full card details.
Health and wellness data (special category data): symptom logs, sleep, stress levels, lifestyle notes, triggers, journal entries, photos.
Technical data: device information, app usage, IP address, cookies on the website.
3. Why we process your data
We process your personal data for the following purposes:
To provide and improve the Skinpal app and services.
To analyze symptom patterns and deliver AI-generated insights.
To manage subscriptions, payments, and customer accounts.
To send service-related information (updates, security notices).
To comply with legal obligations (accounting, consumer rights).
With consent, to process sensitive health-related data in order to provide you with insights.
4. Legal bases under GDPR
Contract (Art. 6.1(b)): to deliver the service you subscribe to.
Legal obligation (Art. 6.1(c)): for accounting and consumer protection.
Consent (Art. 6.1(a) + 9.2(a)): for processing health and sensitive data that you log in the app.
Legitimate interest (Art. 6.1(f)): to improve and secure our services.
5. Sharing of data
We only share data with trusted service providers who process data on our behalf:
Supabase (hosting and database)
OpenAI (AI analysis of your logs)
Stripe, Apple, Google (payments and subscriptions)
Analytics and error monitoring providers
All providers are bound by data processing agreements and GDPR safeguards.
6. International transfers
Some of our partners (e.g. OpenAI, Supabase) may process data outside the EU/EEA. In these cases, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Retention
Account and subscription data is stored as long as you are a user and for up to 7 years thereafter for legal/accounting reasons.
Health logs are stored until you delete them or your account is deleted.
If you delete your account, all health data is erased within 30 days.
8. Your rights under GDPR
As a user, you have the following rights:
Right to access your data.
Right to rectification of incorrect data.
Right to erasure (“right to be forgotten”).
Right to restrict processing.
Right to data portability.
Right to object to certain processing.
Right to withdraw your consent at any time (without affecting previous lawful processing).
Right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).
9. Security
We use industry-standard security measures (encryption, access control, secure hosting) to protect your data. Still, no system can be 100 % secure, and we cannot guarantee absolute security.
10. Children
Skinpal is not intended for children under 16 years. We do not knowingly collect data from children without parental consent.
11. Updates
We may update this Privacy Policy from time to time. The latest version will always be available at skinpal.app/legal/privacy.