The ComplexionVault

Privacy Policy

Last updated: February 2026

The short version

  • We analyse your selfie to estimate your skin tone and recommend matching products
  • Your photo is processed to generate colour measurements, then discarded — we don't keep your photo
  • We don't store your photo — ever
  • We store limited analysis results and technical info (like device type and browser user agent) to improve accuracy and protect the service
  • You can optionally save your results by providing your name and email
  • You can request deletion of your data at any time
  • If you don't create an account, we delete your saved analysis records and recommendations after up to 90 days
  • If you create an account, we keep account-linked analysis data until 1 year after your last activity (or sooner if you request deletion)
  • We may keep anonymous diagnostics/events longer to improve the service — after 90 days we remove identifiers and technical metadata and round timestamps to the day
1

Who we are

This tool is operated by The Complexion Vault. We build the skin tone analysis technology and provide it directly to you as part of our beauty service.

If you need to get in touch about your data, drop us a line at thecomplexionvault@gmail.com.

2

What we collect (and what we don't)

Here's a simple breakdown:

DataWhyStored?
Your selfieTo read your skin toneNo — processed, then discarded
Name & email addressOnly if you choose to save your resultsYes — only if you opt in
Skin tone values (LAB colour data — numbers that describe your skin colour)To match you with productsYes
Your preferencesCoverage, finish, budget, skin type etc.Yes
Product recommendationsSo you can revisit your matchesYes
Retailer click-throughs (when you tap a "Where to buy" link)To understand which recommendations are helpful, improve the service, and measure retailer interest (for example: which product/shade links are clicked)Yes — anonymised after 90 days
Analysis output & diagnostics (technical notes that help us improve the results)Helps us fix issues and improve accuracy (for example: AI output text, photo quality flags, lighting notes)Yes — no photo included
Device info (device type & browser user agent — your phone model, iOS/Android version, and browser type)Helps compensate for camera differences and fix analysis issuesYes — stored with your analysis output
Session ID (a random ID for your visit — not your name)Links analysis records together for debugging and reliabilityYes — removed from retained analytics after 90 days
Photo metadata (EXIF — camera details like device model and settings, if present)May help improve colour correction and analysis qualityYes — limited metadata only (not the image)

Your photo is never stored. Everything else is kept securely so we can give you a better experience — and you can ask us to delete it at any time.

We may also process IP addresses for security and to prevent misuse (for example, too many requests in a short time). These may be stored briefly (typically minutes to 24 hours) in short-term server memory or an abuse-prevention system, but are not stored in our main database tables.

3

How your photo is processed

When you tap "analyse", here's exactly what happens:

1

Your photo travels from your browser to our server over an encrypted connection (HTTPS)

2

Our server sends it to a secure AI service for analysis

3

The AI reads your skin tone and sends back colour measurements — not your identity

4

Your photo is immediately discarded — not saved on our servers or by the AI provider

5

The skin tone results are sent back to your browser so we can find your matches

The AI provider does not use your photo for training or store it beyond the duration of the request. For more details about the third-party services we use, contact us at thecomplexionvault@gmail.com.

4

A note on sensitive data

We know skin tone data is personal. Under UK data protection law, it could be considered "special category data" because it might relate to ethnic origin. We take this seriously:

  • We ask for your explicit consent before analysing your photo
  • We never try to guess your ethnicity, race, or nationality
  • The AI is specifically told to exclude any reference to ethnicity
  • We only care about one thing: finding you the right foundation shade
5

The legal bit

We collect your consent in two stages:

  • Stage 1 — Photo analysis: You tick a checkbox before uploading your selfie, consenting to AI processing of your photo (UK GDPR Article 6(1)(a) and Article 9(2)(a)).
  • Stage 2 — Saving your results: After seeing your recommendations, you can optionally provide your name and email to save your results. This is a separate, voluntary step.
  • Marketing emails: If you'd like personalised product recommendations by email, there's a separate opt-in checkbox. This is entirely optional and you can unsubscribe at any time.

You can withdraw consent at any time by emailing us at thecomplexionvault@gmail.com. We keep analysis data for as long as needed to provide the service. If you don't have an account (anonymous use), we automatically delete your analysis records and recommendations after up to 90 days. If you create an account, we keep your account-linked analysis data until 1 year after your last activity (or sooner if you ask us to delete it). If you provide your name and email to save results, those email capture records are deleted after up to 90 days. For reliability and service improvement we may keep diagnostic and funnel/event records (including retailer click-through logs) for longer, but after 90 days we remove identifiers (such as session IDs and analysis IDs), delete technical metadata, and round timestamps to the day so the retained data can no longer be linked back to you. We also generate anonymous daily totals that don't identify you (for example, how many analyses were run each day and how long they took on average). These totals do not include your email address, photo, IP address, or any individual analysis record, and are kept indefinitely to help us understand how the service performs. You can also request deletion at any time.

6

Who sees your data

Your information is accessible by the following parties:

The Complexion Vault

Operates the skin tone analysis technology and matching algorithm. When you consent to photo analysis, we store your analysis data (for example: skin tone values, preferences, recommendations and technical metadata (your device type, browser type, and basic photo details)) so we can run the service and help you revisit results. Your name and email are only stored if you choose to save your results. We may send personalised product recommendations by email only if you opt in separately.

Our database & hosting providers

We use trusted infrastructure providers to host the service and store the data listed above (for example: analysis results, preferences, recommendations and session events). These providers process data on our instructions and do not use it for their own purposes.

A secure AI service

Processes your photo to extract skin tone data. For reliability, we may use more than one AI provider (for example a primary provider and a backup provider) — but we apply the same rules to each. The AI service receives your image and limited technical metadata needed for analysis (for example: photo metadata/EXIF (camera details like device model and settings) when present and your browser user agent (your phone model, iOS/Android version, and browser type)). It does not receive your name, email address, or any saved results. It does not store your image or use it for training.

Our email provider (if you opt in)

If you ask us to email your results, we use an email delivery provider to send the message to your email address. They process your email address and email content to deliver the message, and do not use it for advertising.

That's it. We don't sell, rent, or share your data with anyone beyond these parties. No advertisers, no data brokers. For details about the specific services we use, email thecomplexionvault@gmail.com.

If you click a retailer link, you'll be sent to that retailer's website. Their own privacy policy and cookie practices apply while you're on their site.

7

Your rights

Under UK GDPR you've got rights. Here's how they work with our service:

Withdraw consent — email us and we'll stop processing your data
Access your data — email us and we'll send you everything we hold about you
Delete your data — email us and we'll remove everything within 30 days
Complain — you can contact the ICO if you're unhappy with how we handle data
8

Cookies

We don't use cookies for tracking or advertising. No cookie banner needed — because there are no cookies to consent to.

9

Children

This service isn't designed for anyone under 16. We don't knowingly process data from children.

10

Changes to this policy

We may update this policy from time to time. Any changes will be reflected on this page with an updated date at the top. We recommend checking back occasionally.

Got questions?

We're happy to chat about anything data-related.

Email us