YY skin

Privacy policy

Last updated: May 25, 2026

We built YY skin to help you understand your own skin, not to hoard data. Here's exactly what we collect, why we collect it, and who else gets to see it.

What we collect

  • Your email and display name — used to sign you in and contact you when needed.
  • An optional skin profile — skin type, concerns, allergies, current products, notes. Most features work without it.
  • Photos you upload — handed to our AI model for a one-shot analysis, then discarded. We never retain them or use them for training.
  • AI conversation history — stored in our Postgres database so you can pick up where you left off.
  • Stripe customer ID and last 4 of your card — held by Stripe itself; we never see or store your full card number.
  • Your IP address — used only for rate-limiting to keep bots out.

What we don't do

  • No advertising trackers.
  • No third-party fingerprinting.
  • We do not sell or trade your data.

Third-party processors

To make the product work we share data with a small set of providers. Each one only gets the minimum it needs.

  • Anthropic (Claude API) — powers our AI analysis, chat, and routine generation. Photos you upload are sent here for one-shot analysis.
  • Resend — email delivery for login links and feedback replies.
  • AWS (RDS Postgres + Amplify Hosting) — primary database and app hosting. Data residency: us-east-1.
  • Upstash Redis — community storage and rate-limit counters. Region: ap-southeast-1.
  • Stripe — payments and subscriptions. Full card numbers live with Stripe, not with us.

Data retention

  • Account data is kept as long as your account is active.
  • AI chat history is kept for 1 year.
  • When you delete your account, data is anonymized immediately and fully purged after 30 days.

Your rights

  • Access — sign in any time to see your data.
  • Correction — update your name and skin profile from the Account page.
  • Deletion — there's a Delete account button at the bottom of /account.
  • Export — the Account page has a "Download my data" button that hands you the full JSON in one click.
  • Withdraw consent — deleting your account withdraws consent for all processing.

Cookies

  • Auth session cookie — essential; without it we can't tell who you are.
  • Locale preference cookie — remembers your zh/en choice.
  • No analytics cookies right now. If we add any later, we'll tell you first.

Amazon affiliate links

Some product links on our Find Products and Routine pages point to Amazon.com and carry our Amazon Associates tracking tag (ai4skincare-20). If you click one and buy something, Amazon may pay us a small commission — at no extra cost to you.

Amazon sets its own cookies once you land on amazon.com — those are governed by Amazon's privacy policy, not ours. We don't see what you searched for or bought on Amazon's side; we only see that you clicked an outbound link (logged for our own analytics, never shared).

You can opt out of any attribution by visiting amazon.com directly instead of using our links.

Contact

Privacy questions? Reach us via the contact page , or use the in-app feedback widget in the bottom-right corner.