Legal

Privacy Policy

Last updated: April 20, 2026

Nusomi helps you track your skin health through daily photos and AI-powered analysis. This policy explains what data we collect, how we use it, and your rights.

What we collect

Skin photos. Photos you take in the app are uploaded to our secure private S3 bucket and used solely for AI skin analysis. Photos are never shared, sold, or used to train external models.

Skin analysis results. Scores and observations generated by our AI are stored in your account and used to show you progress over time.

Account data. If you sign in with Apple, we receive an anonymous identifier from Apple — we never see your Apple ID email unless you explicitly share it.

Onboarding answers. Skin concern, skin type, and age range you provide during setup are stored to personalise your experience.

Usage data. We collect anonymised analytics (screen visits, feature usage) to improve the app. This data is not linked to your identity.

What we never do

  • We never sell your data or photos.
  • We never use your photos for advertising profiles.
  • We never share your skin data with third parties outside of infrastructure providers (AWS S3, RDS) necessary to operate the app.
  • We never use facial recognition beyond the in-app face alignment guide.

How we protect your data

All photos are stored in a private S3 bucket with no public access. All API traffic is encrypted via HTTPS (Cloudflare). Your JWT tokens are stored locally on your device and sent only to api.nusomi.com.

Photos are accessed only via short-lived pre-signed URLs — they are never directly publicly accessible.

Data retention

Your photos and analysis results are retained for as long as you have an active account. You can delete your account and all associated data by emailing privacy@nusomi.com.

Your rights

You can request access to, correction of, or deletion of your personal data at any time. If you are in the EU or UK, you have additional rights under GDPR and UK GDPR. Email privacy@nusomi.com and we will respond within 30 days.

Children

Nusomi is not directed at children under 13. We do not knowingly collect data from children under 13.

Changes to this policy

If we make material changes, we will update this page. The date at the top reflects the most recent version.

Contact

Privacy questions? Email privacy@nusomi.com.