Privacy Policy

Xsension ("we," "us," or "our") operates the Xsension mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our App.

By using Xsension, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account Information

• Email address
• Display name
• Password (stored only as a secure hash — we never store or see your actual password)
• Apple Sign-In identifier (if you sign in with Apple)
• Account creation and last-updated timestamps
• Your selected goal preference (if provided)

Photos

• You may optionally provide photos (face, body, skin, and style) for analysis
• Photos are stored only on your device and are sent securely to our server for processing during analysis
• Photos are forwarded to our AI analysis provider (OpenAI) to generate your results and are not stored on our servers

Questionnaire Responses

When you complete an analysis, we collect the following self-reported information:

• Age, gender, height, and weight
• Skin type and hair type
• Fitness level and exercise frequency
• Sleep hours and water intake
• Diet type and stress level
• Sun exposure, smoking status, and alcohol consumption
• Skincare routine details

Analysis Results

• Overall score and category scores (Facial Presentation, Skin & Grooming, Physique & Posture, Style Potential, Lifestyle & Habits)
• Written analysis summary, detailed feedback, strengths, and areas for improvement
• Personalized recommendations with category, priority, and timeframe

Progress Data

• Historical scores from each analysis to track your progress over time
• Task completion status for personalized recommendations

Subscription Information

• Subscription status, product identifier, purchase and expiration dates, and trial period status
• We do not collect or store your payment card details — all payments are processed by Apple through in-app purchases

Device Information

• Push notification device token (only if you opt in to notifications)
• We do not collect device identifiers, IP addresses for tracking, or any other device metadata

2. How We Use Your Information

• Provide the Service: Your account information is used to authenticate you and maintain your account
• Generate Analyses: Your photos and questionnaire responses are sent to our AI provider to produce your personalized analysis and recommendations
• Track Progress: Your analysis history is stored so you can view your improvement over time
• Manage Subscriptions: Subscription data is used to determine your access level
• Send Notifications: If you opt in, your device token is used to deliver push notifications and reminders

3. Third-Party Services

We share your data with the following third-party services only as necessary to provide the App's functionality:

• OpenAI: Your photos and questionnaire responses are sent to OpenAI's Vision API to generate your analysis. OpenAI processes this data according to their privacy policy. We use OpenAI's API, which does not use submitted data for training their models.
• Amazon Web Services (AWS): Your account data is stored in AWS RDS (managed database), hosted in the United States. Photos are transmitted through our server for processing but are not permanently stored.
• Apple: Subscription purchases and payment processing are handled entirely by Apple through StoreKit. We receive subscription status information but never your payment details.

We do not sell, rent, or share your personal information with advertisers, data brokers, or any other third parties not listed above.

4. Data Storage and Security

• All data transmitted between the App and our servers is encrypted using HTTPS/TLS
• Passwords are hashed using bcrypt and are never stored in plain text
• Photos are transmitted securely for processing and are not stored on our servers
• Our database is hosted on AWS RDS with encryption at rest
• Authentication uses JSON Web Tokens (JWT) with secure expiration

5. Data Stored on Your Device

The App stores a small amount of data locally on your device for performance and offline access:

• Authentication token stored in the iOS Keychain (Apple's hardware-backed secure storage) to keep you signed in
• Daily task completion status (also synced to our servers for multi-device support)
• Notification preferences
• Push notification device token

This local data is not accessible to other apps and is removed when you delete the App or sign out.

6. Data Retention

• Your account data, analysis results, and progress history are retained for as long as your account is active
• Photos are stored only on your device and are not retained on our servers after analysis processing is complete
• If you delete your account, all associated data (including analysis results and personal information) will be permanently deleted from our servers

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your account and all associated data

To exercise any of these rights, please contact us at founder.xsension@gmail.com. We will respond to your request within 30 days.

8. Children's Privacy

Xsension is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at founder.xsension@gmail.com.

9. Analytics and Tracking

Xsension does not use any third-party analytics SDKs, advertising frameworks, or user tracking tools. We do not track your activity across other apps or websites. We do not serve advertisements.

10. Push Notifications

Push notifications are entirely opt-in. If you enable notifications, we store a device token to deliver reminders and updates. You can disable notifications at any time through the App's settings or your device's system settings. When you sign out, your device token is removed from our servers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

founder.xsension@gmail.com