1. Introduction

Welcome to BlackPill ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

2. Information We Collect

We collect information you provide directly to us, including:

• Face photos you upload for AI analysis (selfies or portraits you choose to provide)
• Facial feature analysis outputs (AI-generated scores, descriptions, tips for categories like symmetry, jawline, skin, eyes, hair)
• Account information (email address, username)
• Usage data (app interactions, device information, and preferences)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the analysis and coaching features
• Generate AI-based facial feature scores, descriptions, and self-improvement tips
• Let you track progress over time and compare historical analyses
• Send you technical notices, security alerts, and support messages
• Respond to your requests and provide customer support

4. Face Data Policy

We treat face photos and AI analysis outputs as sensitive data. We do not create biometric templates, facial recognition profiles, or facial landmark coordinates, and we do not use your photos to train facial recognition models.

Processing: Photos you provide are sent to OpenAI's Vision API (GPT-4o/4o-mini) for on-demand analysis. Analysis outputs (scores, text descriptions, tips) are stored in our database.

Storage: Photos are stored privately in Supabase object storage with time-limited signed URL access; analysis results are stored in Supabase PostgreSQL as JSON. Data is encrypted in transit and at rest. Row Level Security ensures only your account can access your data.

Retention: Photos are automatically deleted after 90 days from upload. Analysis results persist while your account remains active. You may delete photos or analyses at any time, and deleting your account permanently removes all associated photos and analyses.

Sharing: We share photos only with OpenAI for analysis. We do not sell or share face data with advertisers, data brokers, or social media platforms. OpenAI states API data is not used to train its models. We do not disclose face data to third parties except as required by law or with your explicit consent.

Permissions & Control: You can delete uploaded photos and analysis records from within the app. Account deletion removes all face data and analysis results. If you opt out of providing photos, you can still access non-photo features where available.

5. Data Security

We implement technical and organizational measures, including HTTPS/TLS in transit, encryption at rest, access controls, and least-privilege permissions. No method of transmission or storage is 100% secure; please use strong authentication and keep your device secure.

6. Children

The service is not directed to children under the age required by applicable law (including COPPA/child privacy thresholds). We do not knowingly collect face data from children. If you believe a child has provided face data, contact us to delete it.

7. International Transfers

Your data may be processed on servers outside your country. Where required, we use appropriate safeguards for cross-border transfers.

8. Your Rights

Depending on your region, you may have rights to access, correct, delete, or port your data, or to object to or restrict certain processing. Contact us to exercise these rights.

9. Contact Us

If you have questions about this Privacy Policy or our face data practices, contact us at support@black-pill.app.