Privacy Policy

Last updated: February 25, 2026

Who We Are

This privacy policy applies to the MamaSkin website and mobile app (the "Service"), operated by Simone Parenti, trading as MamaSkin (the "Service Provider").

The Service helps users review cosmetic ingredients and product safety information during pregnancy and breastfeeding. It is informational only and not medical advice.

Personal Data We Process

Account data: email address, authentication identifiers, sign-in provider metadata.
Usage and technical data: IP address, app version, device type, operating system, in-app events, diagnostics, and crash data.
Subscription and purchase data: entitlement and transaction status from app store billing processors (we do not receive your full payment card details).
Support data: messages you submit, optional contact email, optional product identifiers, and support metadata.
AI-related data: details are set out below under "AI Processing".

We do not collect precise GPS location data.

How We Use Personal Data and Lawful Bases

Purpose	Typical Data	Lawful Basis (UK GDPR)
Provide core app features (accounts, product lookup, favourites, scans, safety results)	Account, usage, scan inputs, technical data	Contract (Art. 6(1)(b))
Provide optional AI Helper chat feature	Prompt text, ingredient/product context, AI response metadata	Consent (Art. 6(1)(a)) and Contract (Art. 6(1)(b))
Provide AI-assisted scan identification and related scan outputs	Scan image data, OCR text, product context, technical metadata	Contract (Art. 6(1)(b)) and Legitimate interests (Art. 6(1)(f))
Analytics, reliability monitoring, product improvement	Usage events, device/app data, crash diagnostics	Legitimate interests (Art. 6(1)(f))
Billing, entitlement checks, accounting and compliance	Subscription status, store transaction identifiers	Contract (Art. 6(1)(b)) and Legal obligation (Art. 6(1)(c))
Support handling, abuse prevention, legal claims management	Support messages, account identifiers, technical logs	Contract (Art. 6(1)(b)), Legitimate interests (Art. 6(1)(f)), and where applicable Legal obligation (Art. 6(1)(c))

AI Processing

AI Helper (Mia) - optional feature

AI Helper can be enabled or disabled in Account -> Privacy & Legal -> AI data sharing.
When enabled and used, we send your AI prompt text plus relevant ingredient/product context to our AI processor to generate a response.

AI-assisted scan processing - part of scan functionality

When you use scan features that require AI identification, we may send scan image data, extracted scan text (OCR text), and limited technical metadata to deliver scan results.
This scan-related AI processing is separate from the optional AI Helper chat toggle.

AI processor

Google Gemini (Google Privacy Policy).

AI retention

We do not intentionally store full AI Helper prompts and responses in our application database as part of normal feature use. Operational logs may include limited request metadata (for example timing, status, and error diagnostics). Processing by Google Gemini is subject to Google's own terms and privacy policies.

Third-Party Processors and Recipients

We use trusted third parties to operate the Service, including hosting, authentication, analytics, crash monitoring, subscriptions, and AI features.

Supabase (backend, auth, storage)
Expo (app platform services)
Sentry (error and crash monitoring)
Amplitude (product analytics)
RevenueCat (subscription management)
Google Gemini (AI processing)
Apple App Store and Google Play (billing and transaction records)

International Transfers

Some of our processors operate internationally, including outside the UK. Where required, we use recognised transfer safeguards such as adequacy regulations and contractual transfer mechanisms (for example UK IDTA or the UK Addendum to SCCs), plus appropriate supplementary security measures.

You can request further information about relevant transfer safeguards by contacting us at hello@mamaskin.app.

Retention

Account data: retained while your account is active, then deleted or anonymised within a reasonable period unless needed for legal, security, or dispute handling.
Support records: retained while handling your request and for a limited follow-up period to manage support quality and legal risk.
Analytics and crash data: retained according to configured retention settings in our analytics and monitoring providers.
Billing records: retained as required by app stores and applicable tax/accounting laws.
AI consent status: stored locally on your device until changed, app data is cleared, or the app is removed.

Your Rights

Under UK GDPR, you may have rights to:

access your personal data;
correct inaccurate data;
request erasure in certain cases;
restrict or object to certain processing, including processing based on legitimate interests;
data portability where applicable;
withdraw consent at any time where processing relies on consent (this does not affect prior lawful processing).

To exercise your rights, contact hello@mamaskin.app. We may need to verify your identity before completing a request.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact hello@mamaskin.app and we will investigate and take appropriate action.

Security

We use technical and organisational safeguards designed to protect personal data, including access controls, provider security measures, and operational monitoring. No system is perfectly secure, but we work to reduce risk and respond to incidents appropriately.

Automated Decision-Making

We do not use solely automated decision-making that produces legal effects or similarly significant effects about you.

Changes to This Policy

We may update this policy from time to time. The latest version will always be posted on this page with the updated date.

Contact

Email: hello@mamaskin.app

Service Provider: Simone Parenti (sole trader, trading as MamaSkin)

This privacy policy is effective as of 2026-02-25