myskincarediary
Sign inGet started

Privacy Policy

Last updated: May 11, 2025

myskincarediary ("we", "us", or "our") is a personal skincare tracking app. This policy explains what data we collect when you use the service, how we use it, and what we will never do with it. The short version: your data is used only to run the app, and it is never sold.

1. Data we collect

When you create an account and use myskincarediary, we collect:

  • Account information — username, email address, and password (stored as a secure hash, never in plain text).
  • Profile details — optional fields you fill in: skin type, a short bio, and a profile photo.
  • Diary entries — dates, AM/PM routine, skin ratings (redness, breakouts, dryness, oiliness, overall), and any notes you write.
  • Photos — skin photos you upload with diary entries, stored securely in Amazon S3.
  • Product catalog — product names, brands, categories, and notes you add to your personal product list.
  • Usage analytics — page views and basic session data collected by Umami Analytics. Umami does not use cookies and does not collect any personally identifiable information.

2. How we use your data

Your data is used exclusively to provide and improve the myskincarediary service:

  • To display your diary entries, photos, and products to you when you log in.
  • To send a password reset email if you request one.
  • To understand which features are used (via anonymous analytics) so we can improve the app.

We do not use your data for advertising, profiling, or any purpose outside of operating the app.

3. We do not sell your data

We will never sell, rent, trade, or share your personal data with third parties for commercial purposes. Your skincare photos, diary entries, and personal details belong to you — full stop.

4. Data storage and security

  • Your account data is stored in a PostgreSQL database hosted on a private server.
  • Photos are stored in Amazon S3 with private access controls — only you can view your photos through the app.
  • All connections to the app are encrypted via HTTPS (TLS).
  • Passwords are hashed using Django's PBKDF2 algorithm and are never stored in plain text.

5. Third-party services

We use a small number of third-party services to operate the app:

  • Amazon Web Services (AWS S3) — stores your uploaded photos. AWS is bound by their own privacy and security policies.
  • Umami Analytics — privacy-first, cookie-free analytics. No personal information is collected or shared. Data is aggregated and anonymous.

6. Your rights and control

  • You can edit or delete any diary entry, product, or profile information at any time from within the app.
  • To permanently delete your account and all associated data, contact us at the email below and we will remove everything within 7 days.

7. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date at the top of this page. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

8. Contact

Questions about this policy or your data? Email us at mkmorgan1994@gmail.com.