Privacy Policy

Last Updated: 12/19/2024

1. Introduction

At AestheticRank, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1. Information you provide:

  • Email address and authentication information
  • Photos uploaded for analysis
  • Profile information (if provided)
  • Payment information (processed by LemonSqueezy)

2.2. Information automatically collected:

  • Device information (screen size, device type)
  • Browser type
  • Page views and interactions (via self-hosted Umami Analytics)
  • Referring website
  • Country (derived from anonymized IP)

Note: All analytics data is anonymized and collected using our self-hosted Umami Analytics instance, a privacy-focused platform that does not store personal information or use cookies. Analytics data never leaves our control and is stored on our own servers.

3. How We Use Your Information

  • To provide and maintain our Service
  • To process your physique analysis
  • To process your payments
  • To communicate with you about service updates
  • To provide customer support
  • To detect and prevent fraud

4. Photo Usage and Storage

4.1. Photo Processing:

  • Photos are used solely for generating your analysis
  • Photos are processed using secure AI systems
  • Photos are not used for AI training
  • Photos are stored using Cloudflare R2 cloud storage

4.2. Photo Retention:

  • Photos are retained while your analysis is active
  • Photos are deleted when you delete your analysis
  • Backup copies may be retained for up to 30 days

5. Data Sharing

We share your data with:

  • LemonSqueezy for payment processing
  • Google for authentication (if using Google sign-in)
  • Cloudflare for image storage and processing
  • OpenAI for physique analysis and AI processing

We do not sell or rent your personal information to third parties.

5.1. Third-Party Data Processing:

  • OpenAI: Your photos are processed by OpenAI's API to generate physique analysis. Photos are not stored by OpenAI and are only used for real-time analysis. OpenAI does not use your photos for AI model training.
  • LemonSqueezy: Handles payment processing and stores necessary transaction records.
  • Google: Provides authentication services if you choose to sign in with Google.
  • Cloudflare: Stores your photos and analysis data in secure cloud storage.

All third-party services we use are compliant with applicable data protection regulations. We have data processing agreements in place with these providers to ensure the security and privacy of your information.

6. Data Security

We implement appropriate security measures to protect your data:

  • Secure HTTPS encryption
  • Secure cloud storage
  • Regular security audits
  • Access controls and authentication

7. Your Rights

You have the right to:

  • Access your personal data
  • Delete your data
  • Request data portability
  • Opt-out of marketing communications
  • Make your analyses private or public

8. Cookies and Tracking

We use essential cookies and privacy-focused analytics:

8.1. Essential Cookies:

  • Authentication and session management
  • Security and fraud prevention
  • User preferences and settings

8.2. Analytics:

  • We use self-hosted Umami Analytics, a privacy-focused analytics platform
  • Our Umami instance is hosted on our own servers, ensuring data stays within our control
  • Umami does not use cookies
  • Umami does not collect any personal information
  • Umami does not track users across websites
  • All data is anonymized
  • IP addresses are not stored

We do not use any third-party tracking cookies or advertising cookies. We respect the "Do Not Track" browser setting.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect or maintain information from persons under 18.

10. Changes to Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

11. GDPR and KVKK Compliance

We comply with both the European Union's General Data Protection Regulation (GDPR) and Turkey's Personal Data Protection Law (KVKK).

  • Right to access your personal data
  • Right to rectify inaccurate personal data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision making

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you via email within 72 hours of becoming aware of the breach
  • Provide information about what data was affected
  • Explain the potential consequences of the breach
  • Inform you about the measures we are taking to address the breach
  • Provide recommendations about steps you should take

13. AI Processing

Our Service uses artificial intelligence to analyze physique photos. Here's how AI processing works:

  • Photos are processed using OpenAI's API
  • AI processing is automated and occurs in real-time
  • No human review of your photos takes place
  • Photos are not used to train AI models
  • AI analysis results are stored securely with your account
  • You can request deletion of AI-generated analysis at any time

While we strive for accuracy in our AI analysis, results should be considered as estimates and not definitive measurements.

14. Cache Policy

To improve performance and user experience, we implement caching:

  • Public analyses are cached for up to 30 minutes
  • When changing privacy settings (public/private), changes may take up to 30 minutes to reflect
  • Deleted analyses may remain visible in rankings for up to 30 minutes due to caching
  • Profile information updates may take up to 5 minutes to reflect

15. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

15.1. Your Rights:

  • Right to know what personal information we collect
  • Right to know whether your personal information is sold or disclosed
  • Right to say "no" to the sale of personal information
  • Right to access your personal information
  • Right to delete your personal information
  • Right to equal service and price, even if you exercise your privacy rights

15.2. Categories of Information We Collect:

  • Identifiers (email address)
  • Photos you upload
  • Payment information
  • Usage data and analytics
  • Device information

15.3. "Do Not Sell My Personal Information":

We do not sell your personal information. However, we do share data with certain third-party service providers to operate our Service:

  • OpenAI (for photo analysis)
  • Cloudflare R2 (for photo storage)
  • LemonSqueezy (for payment processing)
  • Google (for authentication, if you choose to use Google sign-in)

15.4. Exercising Your Rights:

  • You can request your data by emailing [email protected]
  • We will respond to verified requests within 45 days
  • You may need to verify your identity to process your request
  • You can make requests up to twice in a 12-month period

15.5. Non-Discrimination:

We will not discriminate against you for exercising your CCPA rights. We will not:

  • Deny you services
  • Charge you different prices
  • Provide you with a different level of service
  • Suggest you may receive different prices or service

To exercise your California privacy rights or if you have questions, please contact us at [email protected]

Note: Only verified California residents can make CCPA privacy requests.

Contact

For questions about this Privacy Policy, contact us at [email protected]