Privacy Policy
Eve ("the app") and the website askeve.co (together, "the Services") are operated by Machitis Pty Ltd ("we", "us", "our"), based in Australia. This policy explains, in plain English, what personal information we collect, why we collect it, where it goes, and the choices you have. We've tried to keep it readable — if anything is unclear, email us at askevesupport@gmail.com and we'll explain.
The short version: we collect the information needed to give you personalised safety and match results for cosmetic products — your account details, the skin/hair profile you fill in, and the product photos you scan. We don't sell your data, we don't show ads, and we don't use advertising or tracking SDKs.
1. What we collect and why
| What | How we get it | Why we collect it |
|---|---|---|
| Account details — email address and password | You provide them at sign-up | To create and secure your account. Passwords are hashed by our authentication provider (Supabase); we never see or store your plain-text password. |
| Your profile — age range, skin type and characteristics (including skin tone classification, sensitivity, dryness/oiliness, pigmentation, firmness), scalp type and sensitivity, hair type, texture and condition, your skin/hair concerns (e.g. dandruff, hair thinning), declared ingredient sensitivities and allergies, and pregnancy status | You provide it during onboarding (you can update it later) | This is the core of the Services: your Safety Scores and Match verdicts are personalised to this profile. Pregnancy status is used solely to flag ingredients commonly avoided during pregnancy. These questions personalise your results — providing them is your choice, though results are less personalised without them. |
| Product scan photos — photos you take of cosmetic products and their ingredient labels | You take them in the app (camera or photo library, with your permission) | To identify the product and read its ingredient list so we can score it. See section 2 — this is the only place photos go. We do not collect photos of faces and do not use any face recognition or biometric technology. |
| Your activity in the app — scan history, favourites, routines, and the results we compute for you | Created as you use the app | To show your history, favourites and routines, and to avoid recomputing results. When we compute a personalised verdict, we also keep an internal record of the result and the profile information used to compute it, so results stay consistent and we can investigate errors. Free-tier scan limits are calculated from your scan history; no separate usage tracker is kept. |
| Basic technical data | Generated automatically | Our infrastructure providers (Supabase, Fly.io) keep standard, transient server logs (such as IP addresses and request data) to operate and secure the Services. Our own code does not build profiles from logs. We use no analytics, advertising, or tracking SDKs. |
| Subscription status | From Apple when you purchase | If you buy a subscription, payment is handled entirely by Apple — we never receive your card details. We receive only your subscription status (active/expired) to unlock paid features. |
2. Product scan photos — exactly what happens
Because photos are the most tangible thing you give us, here is their complete journey:
- You photograph a product or its ingredient label. The photo is uploaded to a private storage bucket (Supabase Storage) that only your account and our server can access. Photos are never made public.
- Our server sends the photo to OpenAI, our AI image-processing provider, to identify the product and extract the ingredient text. The request contains only the image and our instructions — no name, email address, or account identifier is sent with it. OpenAI processes it under its API terms, which do not permit the use of API data to train its models by default.
- The results (product identification / ingredient text) are stored with your scan history.
Your photos are photos of products, not people. Don't include faces or other people's personal information in your scan photos.
Retention: scan photos are retained in private storage while your account is active, and are deleted when your account is deleted (section 5). You can also ask us to delete specific photos at any time by emailing us.
3. Who we share data with
We share personal data only with the service providers that make the app work, and only for the purposes described here:
- Supabase — hosts our database and private photo storage (authentication, your profile, activity, photos). Privacy policy
- Fly.io — runs the server that computes your scores and verdicts. It processes your data transiently and keeps no separate store of it. Privacy policy
- OpenAI — processes your scan photos as described in section 2. API data usage
- Apple — distributes the app and processes all payments and subscriptions. Privacy policy
- RevenueCat — manages subscription status on our behalf when subscriptions are enabled (receives an app user ID and purchase receipt information, not your profile). Privacy policy
We do not sell your personal information. We do not share it with advertisers or data brokers. There are no ad networks in the app.
Some of these providers process data on servers located outside Australia (primarily the United States). Where that happens, the data remains protected by our agreements with those providers and their published policies.
4. How long we keep your data
We keep your personal data while your account is active. When your account is deleted, all of it — profile, scan history, favourites, routines, computed results (including the internal records described in section 1), and stored photos — is permanently deleted. We may retain information for longer only where the law requires it.
5. Deleting your account, and your other rights
You can delete your account in the app (Profile → Delete account) or by emailing askevesupport@gmail.com from your account email. Deletion is permanent and removes your data as described in section 4.
You also have the right to:
- Access the personal information we hold about you, and ask for a copy
- Correct information that's inaccurate or out of date (most profile information you can edit directly in the app)
- Delete your data (as above)
- Complain — we'd ask you to contact us first so we can put things right; you can also complain to the Office of the Australian Information Commissioner (OAIC, oaic.gov.au)
To exercise any of these, email askevesupport@gmail.com. We may ask you to verify your identity (usually by writing from your account email). We aim to respond within 30 days.
6. Security
Your data is protected by access controls at every layer: authentication is managed by Supabase with hashed passwords; database records are protected by row-level security so each account can only access its own data; photo storage is private with owner-only access; and our server-to-server connections are authenticated and encrypted. No system is perfectly secure — if a breach ever affects your personal information, we will act promptly and notify you and the regulator where required by law.
7. Children
The Services are for users aged 13 and over. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us at askevesupport@gmail.com and we will delete the account and its data.
8. Future features
If we add product shopping links, they will take you to independent retailers' websites, which are governed by those retailers' own privacy policies. If we add push notifications or other features that involve new data collection, we will update this policy before they take effect.
9. Changes to this policy
When we update this policy, we'll change the effective date above and keep previous versions available. If a change materially affects how we handle your personal information, we'll notify you in the app or by email before it takes effect.
10. Contact
Machitis Pty Ltd (Australia)
Email: askevesupport@gmail.com
This policy is written to align with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and with our App Store privacy disclosures.