ClearTrace — Skin Health Tracking App
ClearTrace is a wellness app that helps you track your skin health. Your photos, lifestyle data, and skin analysis results are processed solely to provide you with our service. We never sell your data to third parties. You can export or delete your data at any time.
This application is developed and operated by individual software developer Onurcan Oğul ("Developer").
The Developer acts as the data controller under the Turkish Personal Data Protection Law (KVKK) and the EU General Data Protection Regulation (GDPR).
Contact: [email protected]
| Data Category | Details | Purpose |
|---|---|---|
| Account Information | Email address, password (hashed), display name | Account creation and authentication |
| Profile Information | Skin type, skin conditions, time zone, notification preferences | Personalized experience |
| Skin Photos | Daily skin photos and thumbnails | AI-powered skin analysis and timeline |
| Health & Lifestyle Data Sensitive | Sleep duration and quality, stress level, water intake, exercise, menstrual cycle (optional), medication use (optional) | Correlation analysis to identify trigger factors |
| Nutrition Data | Food categories (dairy, sugar, gluten, etc.), meal type | Diet-skin relationship analysis |
| Skincare Products | Product name, brand, category, usage routine | Product effectiveness tracking |
| Data | Details | Purpose |
|---|---|---|
| Location Data | Latitude/longitude (weather integration only) | Environmental factor correlation (temp, humidity, UV) |
| Weather | Temperature, humidity, UV index | Environment-skin relationship analysis |
| Device Information | Notification token, app version | Push notifications and error tracking |
| AI Analysis Results | Skin score (0-100), acne, redness, texture, hydration, spots sub-metrics | Skin health assessment |
| Purpose | Legal Basis (KVKK / GDPR) |
|---|---|
| Providing the service and account management | Performance of contract (KVKK Art.5/2-c / GDPR Art.6(1)(b)) |
| AI analysis of skin photos | Explicit consent (KVKK Art.6/2 / GDPR Art.9(2)(a)) |
| Correlation analysis of health and lifestyle data | Explicit consent (KVKK Art.6/2 / GDPR Art.9(2)(a)) |
| Sending notifications (reminders, weekly digest) | Legitimate interest (KVKK Art.5/2-f / GDPR Art.6(1)(f)) |
| App performance monitoring and bug fixing | Legitimate interest (KVKK Art.5/2-f / GDPR Art.6(1)(f)) |
| Usage analytics and product development | Legitimate interest (KVKK Art.5/2-f / GDPR Art.6(1)(f)) |
| Subscription and payment management | Performance of contract (KVKK Art.5/2-c / GDPR Art.6(1)(b)) |
Important note: ClearTrace is a wellness app; it does not provide medical diagnosis or treatment. AI analysis results are for informational purposes only and do not replace professional medical advice.
Your data is shared with the following sub-processors only to the extent necessary to provide our service:
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Google Firebase | Authentication, database, notifications | Account info, app data | EU/US |
| Amazon Web Services (S3) | Photo storage | Skin photos | EU (eu-central-1) |
| Google Cloud Vision | Image analysis | Skin photos | EU/US |
| OpenAI | AI-powered skin analysis | Skin photos | US |
| RevenueCat | Subscription management | User ID, subscription status | US |
| Mixpanel | Usage analytics | Anonymous usage events | US |
| Sentry | Error tracking | Error reports, device info | US |
| OpenWeatherMap | Weather data | Location coordinates | EU |
We never sell your data. Only the minimum data required for service delivery is shared with third-party providers.
Some of our service infrastructure is located outside the European Union (US). The following safeguards are in place for these transfers:
Transfers are carried out under EU Commission adequacy decisions, Standard Contractual Clauses (SCCs), and relevant service providers' data protection compliance frameworks (e.g., EU-US Data Privacy Framework).
Under KVKK, international data transfers are conducted in accordance with Data Protection Board decisions and your explicit consent.
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Skin photos and analysis results | Until account deletion (user can delete individually) |
| Health and lifestyle data | Until account deletion |
| Correlation results | Until account deletion |
| Analytics data (Mixpanel) | Anonymous, 24 months |
| Error reports (Sentry) | 90 days |
When you delete your account, all your personal data is permanently removed from our servers and backups within 30 days.
We implement the following technical and organizational measures to protect your data:
TLS 1.2+ encryption in transit; AES-256 encryption at rest. Photos are accessed only via short-lived presigned URLs. Firebase security rules enforce user-level data isolation — each user can only access their own data. API requests are protected by rate limiting. Passwords are hashed with bcrypt/scrypt and never stored in plain text.
Under KVKK (Art.11) and GDPR (Art.15-22), you have the following rights:
To exercise your rights, email [email protected] or use the in-app Profile > Data Request section. We will respond within 30 days.
In-app controls: From your profile settings, you can delete individual photos, export your data in JSON format, or delete your entire account.
ClearTrace is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we learn that a child has used our services, we will promptly delete the relevant data.
ClearTrace is a mobile app and does not use browser cookies. Anonymous event data is collected via the Mixpanel SDK for usage analytics. You can disable this data collection from the app settings.
This privacy policy may be updated from time to time. When significant changes are made, you will be notified in advance via in-app notification and/or email. The current version will always be published on this page.
Data Controller: Onurcan Oğul
Email: [email protected]
Supervisory Authority (Turkey): Personal Data Protection Authority — kvkk.gov.tr
Supervisory Authority (EU): Your local Data Protection Authority