Disclaimer & Privacy
In this document
1. Scope & global applicability2. Medical disclaimer3. Photo privacy and biometric data4. Data we collect and how we use it5. International data transfers6. How our AI works (and its limits)7. Affiliate disclosure8. Your rights — by region9. Children & minors10. Data retention & deletion11. Security & breach notification12. Limitation of liability13. Governing law & dispute resolution14. Changes to this document15. Contact1. Scope & global applicability
This disclaimer and privacy policy applies to all users of evenskin.ai, worldwide. Where local laws provide additional or different rights — for example, the EU General Data Protection Regulation (GDPR), UK GDPR, Canada's PIPEDA and Quebec's Law 25, California's CCPA/CPRA and other U.S. state privacy laws (including Illinois BIPA and Texas CUBI for biometric data), Australia's Privacy Act, Brazil's LGPD, Japan's APPI, South Korea's PIPA, Singapore's PDPA, India's DPDP Act 2023, Switzerland's FADP, and the UAE PDPL — those laws take precedence over any conflicting provision of this document. Where this document affords you greater protection than local law, this document controls.
Service availability: evenskin.ai is intended for users in jurisdictions where its operation is lawful. We do not currently make the service available in mainland China (due to PIPL data-localization requirements that a service of our current scale cannot meet) or in any jurisdiction subject to comprehensive economic sanctions. If you access the service from such a jurisdiction, you do so at your own risk and we disclaim all liability for consequences arising therefrom.
By using evenskin.ai, you confirm that you are accessing it from a jurisdiction where its use is lawful and that you are of legal age to consent to the processing of your data under local law.
2. Medical disclaimer
evenskin.ai is not a medical service, medical device, or health service. The recommendations generated by our AI are for general cosmetic and informational purposes only. They are not a substitute for, and should not be construed as, medical advice, diagnosis, or treatment from a licensed dermatologist, allergist, general practitioner, or any other qualified healthcare provider, regardless of the jurisdiction in which you reside.
You should consult a licensed medical professional before acting on any recommendation if you:
- Have or suspect you have any skin condition, including but not limited to eczema, psoriasis, rosacea, seborrheic dermatitis, acne, melasma, vitiligo, or any unusual skin change, mole, lesion, or growth
- Have any history of allergic reactions to topical products, fragrances, preservatives, essential oils, or any cosmetic ingredient
- Are pregnant, breastfeeding, or trying to become pregnant
- Are currently using any prescription topical or oral medication, including but not limited to tretinoin, isotretinoin (Accutane/Roaccutane), hydroquinone, topical or oral antibiotics, hormonal treatments, corticosteroids, or immunosuppressants
- Have had recent in-office dermatological procedures such as chemical peels, laser treatment, microneedling, radiofrequency, or injectable treatments
- Are under the age of 18 (or the applicable age of majority in your jurisdiction)
- Have any concern that may be medical rather than cosmetic in nature
evenskin.ai cannot screen for, identify, or rule out skin cancer of any type, including melanoma, basal cell carcinoma, or squamous cell carcinoma. This applies to both AI-generated text recommendations and AI photo analysis. If you have a concerning skin feature — including but not limited to asymmetric moles, moles that have changed in size, shape, or color, persistent or non-healing lesions, sores that bleed or do not heal, new growths, or anything else that concerns you — please consult a dermatologist for in-person evaluation. Do not rely on AI-generated photo analysis or general skincare recommendations as a screening tool for cancer or any other medical condition.
Patch testing: Before using any new product, we strongly recommend applying a small amount to the inner forearm once daily for 3–5 days and observing for any reaction. If you experience redness, itching, burning, stinging, swelling, hives, difficulty breathing, or any other adverse reaction, discontinue use immediately and seek medical attention. In case of a severe allergic reaction or other medical emergency, contact your local emergency services.
evenskin.ai, its operators, affiliates, contractors, and employees make no claim that any recommended product will treat, cure, mitigate, or prevent any medical condition. No regulatory body in any jurisdiction — including but not limited to the U.S. Food and Drug Administration, the European Medicines Agency, the UK MHRA, Health Canada, Australia's TGA, or Japan's PMDA — has evaluated statements made by this service regarding cosmetic or over-the-counter products.
3. Photo privacy and biometric data
If you choose to provide progress photos, the following provisions apply:
What we collect
- Photo images you upload or capture via the camera interface
- Timestamp and optional notes you associate with each photo
- Technical metadata including image dimensions; we automatically strip GPS/EXIF location data from uploaded images
How photos are stored and protected
- Encryption at rest: Photos are stored using industry-standard AES-256 encryption on servers operated by our hosting provider.
- Encryption in transit: All uploads and retrievals occur over TLS 1.3.
- Access: Only you, when logged into your account, can view your photos. Employees and contractors of evenskin.ai do not routinely access individual user photos. Access occurs only in rare technical support scenarios and only with your specific per-instance consent.
What we do not do with your photos
- We do not train AI models on your photos. Neither ours nor any third party's. When photos are processed by our AI provider for comparison analysis, the provider is contractually obligated not to retain or train on the submitted content.
- We do not sell, share, or disclose your photos to any third party other than the limited, per-request processing necessary to operate the AI comparison feature through our AI provider.
- We do not perform facial recognition, identity matching, or biometric identification. Our AI analyzes visible skin qualities (tone, texture, redness) as observational cues; it does not extract, store, or match biometric identifiers.
- We do not use your photos for marketing, testimonials, advertising, or any public-facing purpose, and will not do so without separate, specific, written consent for that distinct purpose.
Biometric-specific provisions (Illinois BIPA, Texas CUBI, and similar)
Where our processing of your photos might be characterized as the collection of biometric information under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), or analogous laws in other U.S. states or foreign jurisdictions: your consent, provided through our explicit consent flow, is informed, specific, and revocable. We retain photos only as long as you maintain an active account, and destroy them within 30 days of account deletion or the earlier of (a) the purpose for collection having been satisfied, or (b) three years from your last interaction with the service.
4. Data we collect and how we use it
Beyond photos, we collect and process the following categories of data:
- Intake answers: Responses you provide to the skincare quiz. Used solely to generate your recommendation and track context for future recommendations.
- Account data: Email address and a cryptographically hashed password (we never store passwords in plaintext).
- Usage data: Anonymous, aggregated information about feature use and affiliate click-through. Used to improve the service.
- Affiliate referral data: When you click a product link and make a purchase, the merchant confirms the transaction to us for commission payout. We receive order identifiers and commission amounts but do not receive your payment details, credit card numbers, billing address, or shipping address.
- Communications: Email correspondence you initiate with us, retained for customer service continuity.
We do not: sell personal data (as defined under the CCPA or any other applicable law), run behavioral advertising, use tracking cookies for cross-site tracking, or share data with data brokers. Our analytics are cookie-less and privacy-first.
Legal basis for processing (GDPR/UK GDPR/LGPD): We rely on (i) your consent for optional data such as progress photos and marketing emails; (ii) the necessity of performing our contract with you for account data and recommendation generation; and (iii) our legitimate interests (balanced against your rights) for usage analytics and security monitoring.
5. International data transfers
We are a global service. Depending on where you access evenskin.ai, your data may be processed in the United States, the European Union, the United Kingdom, or wherever our hosting and AI-processing providers operate. When we transfer personal data from a jurisdiction with data-export restrictions (including the EU/EEA, UK, Switzerland, and others), we rely on the following lawful transfer mechanisms as applicable:
- European Commission adequacy decisions, where applicable
- EU-U.S. Data Privacy Framework and the UK extension, where applicable
- Standard Contractual Clauses (SCCs) adopted by the European Commission
- UK International Data Transfer Agreement or Addendum
- Additional safeguards where a Transfer Impact Assessment indicates they are needed
A list of our subprocessors and their locations is available on request. We never transfer your data to any jurisdiction subject to comprehensive economic sanctions or to any country whose government we have reason to believe would compromise the confidentiality of your data.
6. How our AI works (and its limits)
Recommendations are generated by a large language model (Claude, built by Anthropic) configured with a custom system prompt that (a) restricts recommendations to our curated product catalog, (b) enforces safety rules (e.g. no retinoids in pregnancy, barrier-repair only on irritated skin), (c) requires inclusion of non-affiliate products, and (d) instructs refusal when the presented profile falls outside the appropriate use of cosmetic products.
The AI can:
- Match your answers to products whose ingredient profiles fit your stated concerns
- Explain its reasoning at the ingredient level
- Compare two of your progress photos and describe visible differences in skin appearance
- Refuse to recommend when safety signals are present
The AI cannot:
- Diagnose any medical condition
- Know your full medical history, family history, or current medications unless you tell it
- Predict allergic reactions, individual skin sensitivities, or rare adverse events
- Replace a clinical examination by a qualified medical professional
- Guarantee any outcome — individual skin responses vary significantly
In addition to the capability limits above, you should understand how AI-generated content can fail:
AI output is generated, not retrieved
Recommendations and explanations on evenskin.ai are produced by a generative AI system that constructs text based on patterns in its training data. The system can produce factually incorrect statements about products, ingredients, mechanisms of action, or skincare science, even when those statements are presented with apparent confidence. Industry terms for this include "hallucinations" and "confabulation." We make reasonable efforts to constrain the AI's output to our curated catalog and verified information, but we do not and cannot guarantee the accuracy of any individual statement, claim, or recommendation. Treat AI output as a starting point for your own judgment, not as a substitute for product packaging, ingredient databases, or qualified professionals.
AI output is probabilistic, not deterministic
The same input can produce different outputs across different sessions, and two users with similar profiles may receive different recommendations. This is a property of how the underlying technology works.
AI training data has a cutoff date
The AI does not have real-time knowledge of product reformulations, recalls, ingredient changes, regulatory actions, or new safety information published after its training data was assembled. You should verify product details against current manufacturer packaging and labeling.
Photo analysis is observational, not diagnostic
When you submit a photo for analysis or progress comparison, the AI describes visible features in the image — apparent color, texture, and changes between images — based on the pixels it receives. It does not, and is not capable of:
- Detecting, screening for, or ruling out skin cancer, melanoma, basal cell carcinoma, squamous cell carcinoma, or any other malignancy
- Identifying skin infections, inflammation indicators of medical significance, or signs of systemic conditions
- Performing dermoscopic analysis or any clinical assessment
- Replacing in-person examination by a qualified medical professional
The AI's silence on a feature does not mean the feature is benign. The AI describes cosmetic appearance only and does not perform medical screening of any kind, regardless of how detailed or confident its description sounds. If anything in a photo you upload concerns you medically — including but not limited to asymmetric moles, moles that change over time, persistent or non-healing lesions, or unusual pigmentation — consult a dermatologist or other qualified healthcare provider regardless of what the AI says about the image.
Automated decision-making: Under GDPR Article 22, LGPD Article 20, and similar provisions of other laws, you have the right to request human review of any automated decision that significantly affects you. Email safety@evenskin.ai to request human review of any AI-generated recommendation.
7. Affiliate disclosure
evenskin.ai earns commissions when you purchase certain products through our links. We disclose the commission rate on every product we recommend. Commission rates typically range from 3% to 12% and do not affect the price you pay.
At least one in every five products we recommend is non-affiliate, meaning we earn zero commission. This is to preserve the integrity of our recommendations.
No brand has ever paid evenskin.ai for placement, featured position, or preferential recommendation. Our product catalog and AI system prompt are independent of commission structure.
This disclosure is made in compliance with applicable consumer-protection and advertising-standards frameworks globally, including but not limited to: the U.S. Federal Trade Commission (FTC) Endorsement Guides; the UK Competition and Markets Authority (CMA) and Advertising Standards Authority (ASA); the EU Unfair Commercial Practices Directive; Australia's ACCC guidance on testimonials and endorsements; and analogous frameworks in Canada, Brazil, Japan, South Korea, and elsewhere.
evenskin.ai is a participant in the Amazon Services LLC Associates Program (US Store ID: evenskin03-20), an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate, we earn from qualifying purchases. International visitors clicking Amazon links may be automatically redirected to their local Amazon marketplace (such as amazon.ca, amazon.co.uk, amazon.de, amazon.fr, amazon.it, amazon.es, amazon.nl, amazon.pl, or amazon.se) via Amazon's OneLink technology, with attribution to our US Store ID. As we expand to additional affiliate networks, this disclosure will be updated to name them.
8. Your rights — by region
All users, regardless of location, have the right to:
- Access the data we hold about them
- Correct inaccurate data
- Delete individual items or their entire account
- Export their data in a portable format
- Revoke consent for any processing that relies on consent
- Object to any processing based on our legitimate interests
- Request human review of any automated decision
European Economic Area, United Kingdom, Switzerland (GDPR / UK GDPR / FADP)
You additionally have the right to: restrict processing; data portability in a machine-readable format; lodge a complaint with your national supervisory authority (in the UK, the ICO; in the EU, your national Data Protection Authority; in Switzerland, the FDPIC). We respond to verified requests within 30 days. Our EU representative can be contacted at safety@evenskin.ai.
United States (CCPA/CPRA, VCDPA, CPA, UCPA, CTDPA, and others)
California residents have the right to know what personal information we collect, use, disclose, and sell; the right to delete personal information; the right to correct inaccurate information; the right to opt out of sale or sharing for cross-context behavioral advertising (we do not sell or share such information); and the right to non-discrimination for exercising these rights. Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have analogous rights. Contact safety@evenskin.ai to exercise any of these rights.
Canada (PIPEDA, Quebec Law 25)
You have rights of access, correction, and withdrawal of consent under PIPEDA. Quebec residents have additional rights under Law 25 including the right to data portability and protection against automated decision-making. Complaints may be filed with the Office of the Privacy Commissioner of Canada or, for Quebec residents, with the Commission d'accès à l'information du Québec.
Australia (Privacy Act 1988 / APPs)
You have the right to access and correct your personal information under Australian Privacy Principles 12 and 13. Complaints may be filed with the Office of the Australian Information Commissioner (OAIC).
Brazil (LGPD)
You have rights to confirmation of processing, access, correction, anonymization, blocking or deletion of unnecessary data, portability, deletion, information about sharing, information about the consequences of denying consent, and revocation of consent. Complaints may be filed with the ANPD.
Other jurisdictions
Residents of Japan (APPI), South Korea (PIPA), Singapore (PDPA), India (DPDP Act 2023), the UAE (PDPL), Israel, New Zealand, and other jurisdictions with comprehensive privacy laws have rights consistent with those described above. Contact safety@evenskin.ai to exercise your rights; we will apply the law most protective of your rights.
9. Children & minors
evenskin.ai is not directed at or intended for use by children. We do not knowingly collect personal information from individuals under the age of 18, or under the applicable age of majority or age of digital consent in your jurisdiction (for example, 16 in most EU Member States, subject to national variation; 13 under U.S. COPPA for account-creation triggers; 14 in South Korea; 18 for full consent without parental authorization in many jurisdictions).
If we become aware that we have collected personal information from a child, we will delete it promptly. If you are a parent or guardian and believe your child has provided information to evenskin.ai, contact safety@evenskin.ai.
The UK Age Appropriate Design Code (Children's Code) principles are considered in our design; however, because our service is not aimed at children, the primary safeguard is non-use by minors.
10. Data retention & deletion
We retain personal data only as long as necessary for the purposes for which it was collected:
- Account data: Retained for the life of your account, deleted within 30 days of account deletion
- Quiz answers and recommendations: Retained for the life of your account, or up to 3 years from your last interaction
- Progress photos: Retained only as long as you keep them; deleted immediately when you delete them; fully purged from backups within 30 days
- Usage analytics (aggregated / anonymized): Retained for up to 2 years for service improvement
- Communications: Retained for up to 3 years for customer service continuity and legal defense
- Tax and accounting records of affiliate commissions: Retained as required by applicable tax law (typically 7 years)
You may request deletion at any time. We will honor such requests within 30 days, or sooner as required by applicable law. Some data may be retained beyond your request where legally required (e.g. tax records).
11. Security & breach notification
We implement technical and organizational measures appropriate to the sensitivity of the data we hold, including: AES-256 encryption at rest, TLS 1.3 in transit, cryptographic hashing of passwords, principle of least privilege for employee access, regular security reviews, and dependency vulnerability scanning.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities within 72 hours (as required by GDPR Article 33 and analogous laws), and will notify affected users directly when the law requires or when direct notice is the most efficient means of informing you.
No system is perfectly secure. You should use a strong, unique password for your evenskin.ai account and enable any additional security features we offer.
12. Limitation of liability
To the maximum extent permitted by applicable law, evenskin.ai, its operators, employees, contractors, affiliates, and agents are not liable for any direct, indirect, incidental, consequential, special, or exemplary damages arising out of or in connection with your use of the service, including but not limited to:
- Adverse skin reactions, allergies, irritation, or any physical consequence arising from use of a recommended product
- Purchase decisions made in reliance on AI-generated recommendations
- Interactions between recommended cosmetic products and prescription medications
- Outcomes that differ from your expectations or from the AI's characterization of typical results
- Medical conditions misidentified as cosmetic concerns, or vice versa
- Third-party actions, including the conduct of brands or retailers to whom we refer you
You use evenskin.ai at your own risk. The service is provided "as is" and "as available" without warranties of any kind, express or implied, to the maximum extent permitted by applicable law.
Nothing in this section limits liability that cannot be excluded or limited under applicable law, including liability for fraud, fraudulent misrepresentation, death or personal injury caused by our negligence, breach of statutory consumer-protection rights that cannot be waived, or any other liability that cannot lawfully be excluded. Consumer protections under the laws of your country of residence may provide you with rights that this disclaimer cannot override.
13. Governing law & dispute resolution
Except where your local consumer-protection law provides mandatory alternative jurisdiction, any dispute arising out of or relating to your use of evenskin.ai will be governed by the laws of Ontario, Canada and subject to the exclusive jurisdiction of its courts. EU consumers retain the right to bring proceedings in their country of habitual residence under Regulation (EU) 1215/2012 (Brussels I Recast) where applicable. UK, Australian, Canadian, and other consumers similarly retain any non-waivable rights to pursue claims in their home courts.
Where applicable law does not prohibit it, we may require informal dispute resolution (30-day good-faith discussion) before formal proceedings. Nothing requires you to waive class-action rights where such waivers are unenforceable under your local law.
14. Changes to this document
We may update this disclaimer and privacy policy from time to time. When we make material changes, we will notify you by email (if you have an account) and prominently on the site at least 30 days before the change takes effect. Your continued use of the service after that notice period constitutes acceptance of the updated terms. If you do not accept the changes, you may delete your account and cease using the service before they take effect.
Non-material changes (clarifications, typo corrections, minor reorganizations) take effect immediately and are reflected in the "Last updated" date at the top of this document.
15. Contact
Privacy and data-rights requests: safety@evenskin.ai
General inquiries: hello@evenskin.ai
Press: press@evenskin.ai
Partnerships: partnerships@evenskin.ai
Product safety reports: safety@evenskin.ai
This document is written to a reasonable-faith global standard. It is intended as a robust starting point for your counsel to refine for the specific jurisdictions in which you operate. It does not constitute legal advice and should be reviewed by a qualified attorney before production launch.