Privacy Policy
Last updated: 13 April 2026
Verdict Beauty analyses your skin 100% on your device. No raw face photo and no biometric data ever leaves your iPhone. This page mirrors the policy available inside the app.
The French version is the legally binding reference; this English text is provided for convenience.
1. Data controller
Guillaume Vele — Nuance Paris
Email: contact@verdictbeauty.app
2. Data collected
2.1 Account data (optional)
- Apple Sign In identifier (anonymised by Apple)
- First name (if provided via Apple Sign In)
- Email (if provided via Apple Sign In)
Legal basis: Consent (GDPR Article 6.1.a)
2.2 Product scan data
- Photos of cosmetic products (barcodes, labels)
- History of scanned products
- Personal notes and verdicts
Legal basis: Performance of contract (GDPR Article 6.1.b)
Retention: stored locally on your device only.
2.3 Health / skin-analysis data (special category)
- Face photos for skin analysis
- Skin metrics: radiance (L* luminance proxy), texture, redness, evenness, pigmentation
- Skin profile: skin type, concerns, sensitivities
- Analysis history
Legal basis: Explicit consent (GDPR Article 9.2.a)
Retention: face photos and detailed metrics are stored locally on your device. No raw face photo is ever sent to a server.
Processing: face photo analysis runs on your device via Apple Vision, Core ML and our proprietary pipeline (BiSeNet face parsing + CIELAB colorimetry + Tsumura decomposition). Servers may receive score and synchronisation metadata, never the raw face photos.
2.4 Usage data
- Language and appearance preferences
- Beauty routine (morning/evening products)
- Product library
Legal basis: Performance of contract (GDPR Article 6.1.b)
2.5 Subscription data
Verdict Pro subscription status. Managed exclusively by Apple via StoreKit. We have no access to your payment data.
2.6 Data sent to our servers
For transparency, here is the only data that may transit through our secure servers (HTTPS, hosted in the EU):
- Vera assistant: most answers are generated locally on your device (embedded FAQ base, then Apple Foundation Models on iOS 26 and later). For complex questions or older devices, your text messages may be sent to a secure server to generate the answer.
- Product catalogue: your searches (name, brand, barcode) are sent to query our product database.
- Cosmetic product photos: sent only to identify the product or extract the INCI list (never the face).
- INCI analysis: a product's ingredient list is sent to generate a verdict.
- Weather: your city is sent to the public Open-Meteo API to tailor advice.
No raw face photo and no biometric data is transmitted. On-device Vera answers stay local; cloud Vera answers transit only as text within the scope described above.
Legal basis: Performance of contract (GDPR Article 6.1.b)
2.7 Technical performance data (local only)
To analyse app slowdowns, Verdict keeps locally on your device — for a maximum of 14 days — the performance reports provided by iOS via the MetricKit framework:
- App launch time
- Peak memory usage
- Scroll smoothness (scrollHitchTimeRatio)
- Hang and crash reports
These MetricKit reports are stored in the system cache (/Caches, excluded from iCloud backups) and contain no photos, no INCI lists and no scan payloads. Any crash events transmitted are masked and exclude skin data.
Collection only starts after your explicit consent (GDPR banner). You can delete this data at any time by uninstalling the app.
Legal basis: Legitimate interest (GDPR Article 6.1.f) — service quality improvement
3. Purposes of processing
- Cosmetic ingredient (INCI) analysis
- Skin analysis and wellness recommendations
- Personalised product recommendations
- AI skincare coach (Vera)
- Beauty routine tracking
4. Data sharing
We do not sell or rent any personal data to third parties for commercial purposes.
Processors (GDPR Article 28)
- Apple Inc. — StoreKit (Verdict Pro payments), Sign in with Apple (authentication). Framework: Apple App Store Connect contractual terms.
- Verdict API (verdictbeauty.app) — product catalogue, INCI OCR, INCI analyses, Vera (cloud mode). Hosted in the European Union, HTTPS only, deletion on request via contact@verdictbeauty.app.
- Open-Meteo (open-meteo.com) — anonymous per-city weather requests, with no user identifier.
No transfer to advertising third parties, data brokers or social networks.
5. Transfers outside the EU
Backend processing controlled by Verdict is hosted in the European Union when Verdict controls the processing chain.
Certain platform services required for the app to function, such as Apple StoreKit / Sign in with Apple or masked technical reporting, follow their providers' contractual frameworks. No advertising or data-broker transfer is performed.
6. Retention period
In line with the minimisation principle (GDPR Article 5.1.e), each data category has a dedicated retention period:
- Skin data (photos, metrics): local only, kept while the app is installed. Deleted by uninstalling the app or via Settings > Delete account.
- Product history / routine: local, until uninstall or manual deletion.
- MetricKit reports: local, 14 days maximum, then automatic rotation.
- Apple Sign In account: kept until you delete your account via Settings > Delete account.
- Server logs (catalogue, OCR, Vera): 30 days for quality analysis, then automatic purge.
You can exercise your right to erasure (GDPR Article 17) at any time from Settings > Delete account, or by uninstalling the app.
7. Your rights (GDPR Articles 15 to 22 and 77)
You have the following rights:
- Right of access to your data (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / right to be forgotten (Art. 17) — available in one tap from Settings > Delete account
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20) — JSON export on request to contact@verdictbeauty.app
- Right to object (Art. 21)
- Right to withdraw your consent at any time (Art. 7.3)
To exercise these rights: contact@verdictbeauty.app. We respond within 30 days (GDPR Art. 12.3).
Right to lodge a complaint (Art. 77): Commission Nationale de l'Informatique et des Libertés (CNIL) — 3 Place de Fontenoy, 75334 Paris Cedex 07, France — www.cnil.fr.
8. Security
Local data is stored on your device and protected by Apple's hardware encryption mechanisms.
Skin analysis uses on-device algorithms (Core ML / Apple Vision) — no image is transmitted over the internet.
9. Cookies and trackers
The app uses no cookies, trackers or third-party analytics tools.
10. Minors
No data specific to minors is collected.
11. Continuous improvement (opt-in)
With your explicit consent (disabled by default), Verdict Beauty may send, once a week and over Wi-Fi only, an aggregated, anonymous usage statistic to improve product scores, Vera question coverage and INCI list recognition.
- No personal identifier, no photo and no plain-text query leaves your device.
- Each send is capped at 5 KB, aggregated over several days, with a k-anonymity threshold of 5.
- No product identifier, brand or barcode is transmitted — only generic categories (cleanser, serum, sunscreen, etc.) and score bands.
- Retention: raw server data 30 days, aggregates 2 years.
You can enable or withdraw this consent at any time in Profile > Settings > "Help us improve Verdict". Withdrawal immediately erases data not yet sent.
Legal basis: GDPR Article 6.1.a — explicit consent.
12. Changes
We reserve the right to amend this policy. You will be informed via the app in the event of a substantial change.