The ComplexionVault

Privacy Policy

Last updated: February 2026

The short version

  • We analyse your selfie to estimate your skin tone and recommend matching products
  • Your photo is processed to generate colour measurements, then discarded — we don't keep your photo
  • We don't store your photo — ever
  • We store limited analysis results and technical info (like device type and browser user agent) to improve accuracy and protect the service
  • You can optionally save your results by providing your name and email
  • You can request deletion of your data at any time
1

Who we are

This tool is operated by The Complexion Vault. We build the skin tone analysis technology and provide it directly to you as part of our beauty service.

If you need to get in touch about your data, drop us a line at thecomplexionvault@gmail.com.

2

What we collect (and what we don't)

Here's a simple breakdown:

DataWhyStored?
Your selfieTo read your skin toneNo — processed, then discarded
Name & email addressOnly if you choose to save your resultsYes — only if you opt in
Skin tone values (LAB colour data)To match you with productsYes
Your preferencesCoverage, finish, budget, skin type etc.Yes
Product recommendationsSo you can revisit your matchesYes
Analysis output & diagnosticsHelps us debug issues and improve accuracy (for example: AI output text, photo quality flags, lighting notes)Yes — no photo included
Device info (device type & browser user agent)Helps compensate for camera differences and troubleshoot analysis issuesYes — stored with your analysis output
Session ID (random identifier)Links analysis records together for debugging and reliabilityYes
Photo metadata (EXIF, if present)May help improve colour correction and analysis qualityYes — limited metadata only (not the image)

Your photo is never stored. Everything else is kept securely so we can give you a better experience — and you can ask us to delete it at any time.

We may also process IP addresses for security and rate limiting. These are used to protect the service and may be stored briefly (for example in an in-memory store) but are not stored in our main database tables.

3

How your photo is processed

When you tap "analyse", here's exactly what happens:

1

Your photo travels from your browser to our server over an encrypted connection (HTTPS)

2

Our server sends it to a secure AI service for analysis

3

The AI reads your skin tone and sends back colour measurements — not your identity

4

Your photo is immediately discarded — not saved on our servers or by the AI provider

5

The skin tone results are sent back to your browser so we can find your matches

The AI provider does not use your photo for training or store it beyond the duration of the request. For more details about the third-party services we use, contact us at thecomplexionvault@gmail.com.

4

A note on sensitive data

We know skin tone data is personal. Under UK data protection law, it could be considered "special category data" because it might relate to ethnic origin. We take this seriously:

  • We ask for your explicit consent before analysing your photo
  • We never try to guess your ethnicity, race, or nationality
  • The AI is specifically told to exclude any reference to ethnicity
  • We only care about one thing: finding you the right foundation shade
5

The legal bit

We collect your consent in two stages:

  • Stage 1 — Photo analysis: You tick a checkbox before uploading your selfie, consenting to AI processing of your photo (UK GDPR Article 6(1)(a) and Article 9(2)(a)).
  • Stage 2 — Saving your results: After seeing your recommendations, you can optionally provide your name and email to save your results. This is a separate, voluntary step.
  • Marketing emails: If you'd like personalised product recommendations by email, there's a separate opt-in checkbox. This is entirely optional and you can unsubscribe at any time.

You can withdraw consent at any time by emailing us at thecomplexionvault@gmail.com. We keep user-identifiable analysis data for up to 90 days, after which it is automatically deleted. This includes your analysis records, stored results/outputs, saved recommendations, email captures (if you provided an email), session events and diagnostics. We also generate aggregated daily usage metrics (which do not identify you) and keep those for longer to help us understand how the service performs. You can also request deletion at any time.

6

Who sees your data

Your information is accessible by the following parties:

The Complexion Vault

Operates the skin tone analysis technology and matching algorithm. When you consent to photo analysis, we store your analysis data (for example: skin tone values, preferences, recommendations and technical metadata) so we can run the service and help you revisit results. Your name and email are only stored if you choose to save your results. We may send personalised product recommendations by email only if you opt in separately.

Our database & hosting providers

We use trusted infrastructure providers to host the service and store the data listed above (for example: analysis results, preferences, recommendations and session events). These providers process data on our instructions and do not use it for their own purposes.

A secure AI service

Processes your photo to extract skin tone data. The AI service receives your image and limited technical metadata needed for analysis (for example: photo metadata/EXIF when present and your browser user agent). It does not receive your name, email address, or any saved results. It does not store your image or use it for training.

Our email provider (if you opt in)

If you ask us to email your results, we use an email delivery provider to send the message to your email address. They process your email address and email content to deliver the message, and do not use it for advertising.

That's it. We don't sell, rent, or share your data with anyone beyond these parties. No advertisers, no data brokers. For details about the specific services we use, email thecomplexionvault@gmail.com.

7

Your rights

Under UK GDPR you've got rights. Here's how they work with our service:

Withdraw consent — email us and we'll stop processing your data
Access your data — email us and we'll send you everything we hold about you
Delete your data — email us and we'll remove everything within 30 days
Complain — you can contact the ICO if you're unhappy with how we handle data
8

Cookies

We don't use cookies for tracking or advertising. No cookie banner needed — because there are no cookies to consent to.

9

Children

This service isn't designed for anyone under 16. We don't knowingly process data from children.

10

Changes to this policy

We may update this policy from time to time. Any changes will be reflected on this page with an updated date at the top. We recommend checking back occasionally.

Got questions?

We're happy to chat about anything data-related.

Email us