Latest update: Feb 13 2022

Privacy Policy

This Privacy Policy explains how Digital Skincare Inc (further will be referred to as “we” or “us”) collects, stores, uses, and protects your Personal Data in connection with usage of our website pora.ai and our application Pora AI (together referred to as the “Services”). This policy also explains your personal data protection rights, and we are happy to help you exercise them. We value your privacy and do our best to ensure its security.

What data do we collect and why

When you use our services, we may collect the following data:

Data Category	Collection Means	Purpose of collection and processing	Legal basis for collection and processing (GDPR)
Device information (hardware model; device type; unique device identifiers; operating system information; IP address, platform, etc.)	Collected automatically	This includes enabling you to use the Services in a seamless manner and preventing or addressing Services errors or technical issues.	Art. 6.1 (f) - we have a legitimate interest
Your name and e-mail	You provide it to us	To manage your account and provide you with customer support.	Art. 6.1 (f) - we have a legitimate interest
Your e-mail (EU users)	You provide it to us	To send you information about our updates, special offers, and promotions.	Art. 6.1 (a) - you give your consent
Your e-mail (non-EU users)	You provide it to us	To send you information about our updates, special offers, and promotions.	Art. 6.1 (f) - we have a legitimate interest
Your age and gender	You provide it to us	To customize your experience by adjusting the content of the Services and providing content tailored to your personal preferences.	Art. 6.1 (f) - we have a legitimate interest
Skin goals, skin issues, habits, behaviors, physical characteristics, including photos of your face	You provide it to us	To customize your experience by adjusting the content of the Services and providing content tailored to your personal preferences.	Art. 6.1 (a) - you give your consent

Please note that photos of your face (further will be referenced as “Face Data”) made with the pora application are stored on your device. We delete them from all our systems upon completion of the visual analysis.

Face Data

2.1. Collection and Use of Face Data. We collect photos of your face to personalize your skincare programs based on the visual analysis of your facial skin conditions, such as pimples, wrinkles, pigmentation, and others. The collection is executed every time you’re using the in-app camera that helps you capture high-quality photos. The application always explicitly asks you to take photos with the in-app camera. We do not take any photos without you launching the in-app camera.

2.2. Disclosure and Sharing of Face Data. We do not disclose or share your Face Data with any third parties. Our automation only has access to your Face Data during the analysis. Once the analysis is complete, we can’t access your Face Data with any automation. It is technically impossible to access your Face Data for our developers at any moment.

2.3. Retention of Face Data. The Face Data is only stored on your device. The Face Data is deleted from your device upon uninstalling the pora application.

We only store your Face Data at the server-side during the analysis stage. Therefore, your data is no longer present on our servers after the analysis is complete.

How long we retain your Personal Data

We retain your Personal Data for no longer than is necessary for the purposes of its collection and processing but no longer than is necessary for the purposes of its collection, unless we are required to retain your Personal Data for a longer period due to applicable legislation requirements, any ongoing dispute resolution or in order to enforce our agreements.

What are your data protection rights?

We want to make sure that you are fully aware of all your data protection rights and the ways you can exercise them. You are entitled to the following:

3.1. The right to access. You can ask us for a confirmation that we process your Personal Data with the information related to its processing.

3.2. The right to data portability. You can request that we provide you with your Personal Data in a structured and portable format. Apart from that, you can ask us to transmit those data to another controller directly, where technically feasible.

3.3. The right to correction. You can ask us to correct your Personal Data if you believe that it might be inaccurate.

3.4. The right to erasure. You may ask us to erase your Personal Data upon your withdrawal of the consent to processing if you believe that such processing is unlawful. You may also ask us to erase your Personal Data in some other cases indicated in art. 17.1 of the GDPR. Please note that the erasure of your Personal Data may affect your use of our Services.

3.5. The right to restrict processing. You can request a restriction of your Personal Data processing if you contest the accuracy of your Personal Data

3.6. The right to object to processing. You can object to the processing of your Personal Data that is processed under certain legal bases — for example, the data that we process under the legitimate interest basis.

3.7. The right to lodge a complaint with your local data protection supervisor. You can do so in case you believe that our activities are not compliant with the applicable data protection regulations. However, if you have such concerns about our data protection activities, we would kindly ask you to first contact us at care@pora.ai and we will do our best to ensure proper handling of your Personal Data.

If you wish to exercise any of the rights 3.1 - 3.6 above, please contact us at care@pora.ai and describe your request in plain language. If you make a request, we have 30 calendar days to make respective actions in connection with your request. In case we need any more time to help you exercise any of your rights, we will let you know.

In case your request is vague or unclear, we may engage in a conversation with you in order to better understand your request. We may also refuse manifestly unfounded and excessive requests.

We might ask you to prove your identity while exercising your data protection rights. This is made to ensure that you are indeed entitled to receive certain information and that no rights of third parties are violated by your request.

Security Measures

We take the protection of your Personal Data very seriously and take all reasonable and appropriate measures to protect them from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.

Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the Services, or that your information won’t be intercepted while being transmitted to us. In case your Personal Data got compromised due to a security breach, we will act promptly to identify the cause and take all reasonable steps to remedy the breach. We will inform you of the incident, if necessary, in connection with the applicable legislation.

If you want to report a security incident related to our Services, please contact us at care@pora.ai.

Children’s privacy

We are committed to protecting the privacy of children. We do not knowingly collect Personal Data of any person under the age of 13 (or 16 years old for the residents of the European Union). If you are aware of anyone under 13 (or 16 years old for the residents of the European Union) using the Services, please contact us at care@pora.ai and we will take the required steps to delete such information and (or) delete the account.

We may use external service providers to process your Personal Data on our behalf. When we do so, we have appropriate agreements in place to protect such data. In the case of international transfers, we always make sure that additional safeguard mechanisms are in place (for example, by adding Standard Contractual Clauses).

Currently, we share your Personal Data with the following service providers:

Amazon Web Services (AWS) which is our primary cloud services provider, used to host personal data and enable our Services to operate and be distributed. AWS computing environments are continuously audited, with certifications from accreditation bodies across various geographies and verticals. Learn more about AWS security compliance on their website.
AppsFlyer is used for marketing, analytics, and attribution purposes. Here is its Privacy Policy.
Amplitude is the analytics platform used to analyze how visitors use the Services and to measure the effectiveness of our features. Here is its Privacy Policy.
Google Crashlytics is used to monitor the infrastructure and performance of the Services. Here are its Data Processing and Security Terms.
Google Firebase is a mobile development platform that provides us with various tools and options for developing the Services. Here are its Data Processing and Security Terms.
RevenueCat is a mobile subscriptions management service that enables paid features in the Services. Here is its Privacy Policy.
Braintree is a global commerce tools provider. We use Braintree integrations to process the payments. Here is their Privacy Statement.
SendGrid is an e-mail delivery service. Here is their Privacy Policy.
Meta for Business (formerly known as Facebook for Business) provides various services for choosing audiences that will see our ads on Meta’s products such as Facebook and Instagram. Here is its Data Policy.
Palta Brain provides a single way to integrate various payment providers and analytic services, thus minimizing the development effort needed to implement the Services. Country of registration: Cyprus.

Changes to our privacy policy

We review our policies regularly to reflect any changes in our collection, processing, sharing, or retention procedures as well as any regulatory changes. You can always find the up-to-date version of our Privacy Policy on our website with the indication of the last update date.

Contact Us

You can contact us using the following email: care@pora.ai

You can also contact our EU representative:

DPOEU LTD, Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus Email: info@dpoeu.eu