Privacy Policy

1. Introduction

MyShade ("we", "us", or "our") operates the MyShade mobile application and website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

We are the data controller responsible for your personal information. Our contact details are provided in Section 17 below.

2. Information We Collect

We collect the following categories of personal information:

• Identifiers: Email address and display name (when you create an account)
• Beauty profile data: Skin type, skin tone, undertone, and beauty preferences
• Visual data: Photos captured via camera or selected from your gallery for shade matching (processed in real-time, not stored)
• User-generated content: Chat messages and queries sent to our AI beauty assistant
• Technical data: Device type, operating system version, and app usage patterns for performance improvement

We do not collect biometric data. While photos are used for shade analysis, no biometric identifiers or templates are extracted or stored.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data under the following legal bases:

• Contract performance: To provide our shade matching, AI assistant, and account services that you have requested
• Consent: For optional features such as personalised responses based on your beauty profile (you can withdraw consent at any time in Settings)
• Legitimate interests: To improve our Service, ensure security, and prevent fraud, balanced against your rights and freedoms

4. How We Use Your Information

We use your personal information to:

• Provide foundation shade matching and personalised beauty recommendations
• Power our AI beauty assistant with relevant context about your preferences
• Create and manage your account
• Improve and optimise the Service's features and performance
• Communicate important updates about the Service or your account
• Ensure the security and integrity of our services

5. Photo Data

When you use our shade matching feature, photos are processed to analyse your skin tone. We do not store or retain your photos after processing is complete. Photos are used solely for the purpose of providing you with accurate shade recommendations and are discarded immediately after analysis. No biometric templates or facial recognition data is created or stored.

The App requests access to your device camera and photo library exclusively for shade matching purposes. You can revoke these permissions at any time through your device settings without affecting other App features.

Third-Party Photo Processing: Your photos are sent to our Shade Match API for real-time processing. The API extracts only the dominant skin tone (a hex color value) from your cheek area. The original photo is immediately discarded and never stored on our servers. For complete details on how the Shade Match API handles your photo data, please visit the API Privacy Policy.

6. AI Chat Data & Third-Party Sharing

When you use our AI Beauty Assistant chatbot feature, your messages and optional beauty profile information are sent to OpenAI (a third-party AI service provider located in the United States) to generate responses.

Data Sent to OpenAI:

• Your chat messages and conversation history
• Your beauty profile data (skin type, tone, undertone, preferences) — only if you have enabled "Personalized Responses" in Settings
• Your user ID (for conversation continuity)

OpenAI's Use of Your Data:

• OpenAI processes this data solely to generate responses to your queries
• OpenAI does NOT use your data to train their AI models
• Your conversations are subject to OpenAI's Privacy Policy (available at openai.com/privacy)

Your Control & Consent:

• You must grant permission before sending data to OpenAI — a consent modal is shown when you first attempt to use the AI chat
• You can disable "Personalized Responses" in Settings to prevent your beauty profile from being shared
• You can delete individual chat messages or entire conversations at any time
• You can opt out of the AI chat feature entirely

Data Retention:

• Chat messages: Retained in our systems until you manually delete them or delete your account
• Beauty profile (if shared): Only transmitted to OpenAI when needed for personalized responses; not separately stored with OpenAI

Third-Party Data Protection:

OpenAI is contractually obligated under a Data Processing Agreement to protect your data with the same or equal level of security we maintain. OpenAI commits to safeguarding your information in accordance with applicable privacy laws.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data (email, name, beauty profile): Retained until you delete your account
• Chat history: Retained until you manually delete it or delete your account
• Photos: Not retained — discarded immediately after shade analysis

When you delete your account or request data deletion, we will immediately erase your personal data from our systems, except where we are required by law to retain certain records.

8. Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We do not share your personal information for cross-context behavioural advertising. This applies to all users, including California residents under the CCPA/CPRA.

9. Data Storage and International Transfers

Your personal information is stored securely using industry-standard encryption (TLS in transit, AES-256 at rest). We use Supabase, a trusted cloud platform, to manage authentication and data storage.

Your data may be transferred to and processed in countries outside your country of residence, including the United States. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards as required by applicable law, to ensure your data receives adequate protection.

10. Third-Party Services

We use the following third-party services that may process your data:

• Supabase (US) — Authentication and database services
• OpenAI (US) — AI language model for our beauty assistant chatbot
• Shade Match API — Shade analysis processing

These providers process data on our behalf under data processing agreements and are contractually obligated to protect your data and only use it as instructed by us.

11. Automated Decision-Making

Our shade matching feature uses automated processing to suggest foundation shades based on photo analysis. This is not used to make decisions that produce legal or similarly significant effects on you. The results are recommendations only, and you are free to disregard them. You can request human review of any automated result by contacting us.

12. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Data portability: Receive your data in a structured, machine-readable format (available via the export feature in Account Settings)
• Restrict processing: Request that we limit how we use your data
• Object to processing: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time for consent-based processing (e.g. toggle off personalised responses in Settings)
• Non-discrimination: Exercising your privacy rights will not result in denial of service or a different quality of experience (CCPA)

You can exercise most of these rights directly in the App (Settings → Manage account). For any request, contact us at support@my-shade.com. We will respond within 30 days (or 45 days for CCPA requests if an extension is needed).

13. Rights for Australian Residents

Under the Australian Privacy Act, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au if you believe we have breached the Australian Privacy Principles.

14. Rights for EU/EEA Residents (GDPR)

If you are in the EU/EEA, you have the right to lodge a complaint with your local Data Protection Authority (DPA). You also have the right to not be subject to decisions based solely on automated processing that produce legal or significant effects.

15. Children's Privacy

The Service is intended for users aged 13 and above (16 and above in jurisdictions where GDPR sets the age of digital consent at 16). We do not knowingly collect personal information from children under the applicable minimum age. If we become aware that we have collected information from a child below the applicable age, we will delete it promptly. Parents or guardians who believe their child has provided us with personal data may contact us to request deletion.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 14 days in advance through the App or via email. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy. If required by GDPR, we will seek fresh consent for material changes to how we process your data.

17. Contact Us

MyShade is the data controller responsible for your personal information. If you have questions, concerns, or wish to exercise your privacy rights, please contact us at:

For GDPR-related enquiries, you may also contact your local Data Protection Authority. For Australian privacy concerns, you may contact the OAIC at www.oaic.gov.au.