Privacy Policy

Effective Date: April 13, 2026

Welcome to GradFlowLab. This Privacy Policy describes how GradFlowLab ("we," "us," or "our") collects, uses, and shares information about you when you use our mobile applications (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

To provide and improve our Service, we collect the following information:

a) Information You Provide Directly

  • Account Information: When you create an account, we collect your email address. This information is processed and stored by our backend provider, Supabase, for authentication purposes.
  • User Content (Your Images): We collect the images you upload to the Service for the sole purpose of applying our AI-powered features.

b) Information Collected Automatically

  • Transaction Information: When you purchase a subscription, our third-party subscription management service, RevenueCat, processes the transaction. RevenueCat provides us with anonymous subscription status information (e.g., whether you have an active "pro" entitlement) linked to an anonymous user ID. We do not collect or store your payment card details.
  • Technical and Usage Data: We may collect anonymous data about your device and how you interact with our Service. This can include your device type, IP address, operating system, and usage statistics. This data is aggregated and used to improve the performance and user experience of our apps.

2. How We Use Your Information

  • To Provide and Maintain the Service: To create and manage your account, process your images, and deliver results to you.
  • To Process Transactions: To manage subscriptions and unlock premium features based on your purchase status via RevenueCat.
  • To Improve the Service: To analyze usage patterns, identify bugs, and develop new features and improvements.
  • To Communicate With You: To respond to your support requests or inquiries. We will only use your email for direct communication related to your account or support needs.

3. How We Process and Store Your Images

Your privacy regarding your images is our highest priority.

  • Image Processing: Your uploaded image is sent to our third-party AI service provider (e.g., Anthropic, OpenAI, Google AI) to apply the selected processing. The image is processed by the AI model to generate the result.
  • Image Storage: The original image you upload is not stored on our servers after AI processing is complete. Generated images are stored in your private, secure user account on our backend service (Supabase Storage) so that you can access them later. You have full control to delete these images from your history at any time.
  • No Training on Your Data: We have instructed our AI service providers not to use your images to train their AI models.

3a. SkinLens — AI Skin Analysis

SkinLens uses Anthropic's Claude API to generate skin condition triage results. Because health-adjacent data is sensitive, we apply additional safeguards:

  • What is sent: The photo you capture and a fixed triage prompt. We do not send your name, email, account ID, device identifiers, or any other personal identifiers alongside the image.
  • Who it is sent to: Anthropic, PBC (operator of the Claude API). Anthropic processes the request solely to generate the analysis we return to you.
  • How it is used and retained: The photo and prompt are used only to generate the response for your scan. They are not stored on GradFlowLab's servers after processing, and Anthropic does not use your inputs or outputs to train its models. Anthropic provides contractual protections for this data that are equivalent in substance to the protections described in this Privacy Policy.
  • Explicit consent before transmission: Before any photo leaves your device, SkinLens displays a blocking consent screen disclosing (a) what is sent, (b) who it is sent to, (c) how it is used and retained, and (d) a link to this Privacy Policy. You must tap "Agree & Continue" before the photo is transmitted. Declining cancels the scan and no data is sent.
  • No medical diagnosis: SkinLens output is an informational triage aid, not a medical diagnosis, and does not replace professional medical advice.

4. Your Data Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

  • Right to Access: You can request a copy of the personal information we hold about you.
  • Right to Deletion: You can delete your account and associated data, including your image history, from within the app's settings.
  • Right to Correction: You can update your account information through the app.

To exercise these rights, please contact us at contact@gradflowlab.com.

5. Data Security

We use industry-standard technical and administrative security measures to protect your information. Our backend (Supabase) provides robust security features. However, please remember that no method of transmission over the Internet or electronic storage is 100% secure.

6. Children's Privacy

Our Service is not intended for use by children under the age of 13 (or a higher age if required by applicable law). We do not knowingly collect personally identifiable information from children. If we become aware that we have collected such information, we will take steps to delete it.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us at: contact@gradflowlab.com.