Privacy Policy

Last updated: February 24, 2026

1. Introduction

Radiant ("we," "us," or "our") is a United States-based company that operates the skincare tracking platform at radiantskin.app and the Radiant iOS app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using Radiant, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

Our servers are hosted in Nuremberg, Germany by Hetzner Online GmbH. We comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the Washington My Health My Data Act, and the EU General Data Protection Regulation (GDPR).

2. Information We Collect

2a. Information you provide directly

  • Account information: email address, username, display name, and password (securely hashed — we never store or see your actual password)
  • Profile information: bio, profile picture, and timezone preference
  • Skin and health information: skin type, skin concerns, ingredient sensitivities, and skincare preferences (see Section 6 for how we treat this data)
  • Skincare data: routines, product shelf, check-in logs, skin status ratings, and completion rates
  • Photos: progress photos and post images you upload
  • User-generated content: posts, comments, product reviews, and ratings
  • Communications: messages you send to us for support

2b. Information collected automatically

  • Analytics: anonymous, aggregated page view data collected via a self-hosted, privacy-focused analytics tool that does not use cookies, does not track individual users, and does not collect personal information
  • Authentication tokens: stored in cookies to keep you signed in, containing only your user ID and expiration time — no personal information
  • IP address: temporarily processed for security and abuse prevention, not stored long-term or associated with your profile
  • Photo metadata: EXIF data (including GPS coordinates and camera information) is automatically stripped on upload — we do not store location data from your photos

2c. Information we do NOT collect

  • We do not use third-party advertising trackers or analytics SDKs
  • We do not access your contacts, address book, or calendar
  • We do not collect precise geolocation or GPS data
  • We do not store biometric identifiers — passkey authentication uses your device's local biometric system, not our servers

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and secure your account
  • Personalize your experience (routine recommendations, product matching by skin type)
  • Provide sensitivity and ingredient warnings based on your profile preferences
  • Display your public content to other users (posts, reviews, public routines)
  • Send transactional emails (account verification, password reset, two-factor authentication codes)
  • Enforce usage limits and manage subscriptions
  • Detect abuse, enforce rate limits, and maintain platform security
  • Improve the Service based on aggregated, anonymized usage patterns

We do not sell your personal information to anyone. We do not use your data for targeted advertising. We do not share your skincare data, routines, or photos with third parties for their own purposes.

4. How We Share Your Information

We share your information only in the following limited circumstances:

Service providers

We use a small number of third-party service providers to operate the Service. These providers receive only the minimum data necessary to perform their function:

  • Hetzner Online GmbH (Germany) — server hosting and database infrastructure
  • Cloudflare, Inc. (USA) — content delivery network (CDN), DNS, and image storage
  • Resend — transactional email delivery (verification, password reset, security codes only)
  • Google & Apple Sign-In — optional third-party authentication, only if you choose to use it
  • OpenAI (USA) — automated content moderation only. Text and images you post are sent to OpenAI's Moderation API to detect policy-violating content (hate speech, violence, etc.). OpenAI processes this data solely to return a moderation decision and does not use it to train models. No other personal data (username, email, skin profile) is sent. See OpenAI's Privacy Policy for details on their data handling practices.

Public information

Certain information you choose to make public is visible to other users and may be indexed by search engines: your username, display name, public profile, public posts, and public routines. You control your profile visibility in Settings.

Legal requirements

We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Radiant is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

5. Cookies and Tracking Technologies

Radiant uses only essential cookies for authentication (keeping you signed in). We do not use tracking cookies, advertising cookies, or third-party cookies.

Our analytics tool is self-hosted and cookie-free. It collects only aggregate page view counts and does not track individual users or create user profiles.

Do Not Track: Because we do not use any third-party tracking technologies, we effectively honor Do Not Track browser signals by default. There is no tracking to disable.

6. Consumer Health Data

Certain information you provide — including your skin type, skin concerns, ingredient sensitivities, check-in logs, and progress photos — may be considered consumer health data under applicable state laws, including the Washington My Health My Data Act and Nevada SB 370.

We collect this information solely to provide you with personalized skincare tracking features, including:

  • Matching routines and products to your skin type and concerns
  • Providing ingredient sensitivity warnings
  • Tracking your skincare progress over time
  • Enabling product comparisons based on ingredient overlap

We do not sell, share, or disclose your health data to third parties for their own purposes. Your health data is shared only with our hosting and storage providers (Hetzner and Cloudflare) as necessary to operate the Service. Text and images in posts are processed by OpenAI for content moderation only (see Section 4).

You may withdraw your consent to the collection of health data at any time by deleting this information from your profile in Settings, or by deleting your account entirely.

7. Data Storage and Security

Your data is stored on servers located in Nuremberg, Germany, operated by Hetzner Online GmbH. Images are stored on Cloudflare R2.

We implement reasonable technical and organizational security measures to protect your data, including encryption of data in transit, secure password hashing, rate limiting, and access controls. We also offer optional passkey and two-factor authentication for additional account security.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

  • Account data: retained while your account is active. Deleted when you delete your account.
  • Deleted posts: soft-deleted immediately, permanently purged after 30 days.
  • Photos: deleted when you remove them or when you delete your account.
  • Check-in and routine data: retained while your account is active. Deleted when you delete your account.
  • Database backups: daily automated backups retained for 2 days, then permanently deleted.
  • Analytics: aggregated only, no personal data retained.

When you delete your account, all personal data is removed, including posts, check-ins, routines, photos, and profile information. This process is irreversible.

9. Your Rights

All users

Regardless of where you live, you have the right to:

  • Access your personal data (available via Settings > Download My Data)
  • Correct inaccurate information via your profile settings
  • Delete your account and all associated data from Settings
  • Export your data in a portable format (GDPR data export)
  • Withdraw consent to health data collection by removing it from your profile

California residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of sale: We do not sell your personal information. No opt-out is necessary.
  • Right to limit use of sensitive personal information: We use sensitive personal information (skin type, health data) only to provide the Service, not for profiling or advertising.
  • Right to non-discrimination: We will not deny you the Service or charge different prices for exercising your rights.

Categories of personal information collected in the past 12 months:

  • Identifiers (email, username, display name)
  • Internet or electronic network activity (page views via aggregated analytics)
  • Sensory data (photos you upload)
  • Health information (skin type, skin concerns, sensitivities, check-in data)

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

Washington, Nevada, and Connecticut residents

If you reside in Washington, Nevada, or Connecticut, you have additional rights regarding consumer health data, including the right to access, delete, and withdraw consent for the collection of health data (skin type, skin concerns, sensitivities, progress photos, and check-in data). We do not sell consumer health data. See Section 6 for details.

EU/EEA residents (GDPR)

If you are located in the EU or EEA, you have the right to access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with your local data protection supervisory authority. Our lawful bases for processing are contract performance (providing the Service you signed up for) and legitimate interest (security and abuse prevention).

How to exercise your rights

Most rights can be exercised directly through the in-app Settings. For formal requests, email us at the address below. We will respond within 45 days (CCPA) or 30 days (GDPR). We may need to verify your identity before processing a request.

10. International Data Transfers

Radiant is operated from the United States, but our primary data storage is located in Germany (EU). If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and Germany.

For EU/EEA users, your database is stored within the EU. We maintain appropriate data processing agreements with our service providers to ensure adequate protection of your data during any international transfers.

11. Children's Privacy

Radiant is not directed at and is not intended for children under 16. We do not knowingly collect personal information from anyone under 16 years of age. If we learn that we have collected personal information from a child under 16, we will delete that account and associated data promptly. If you believe a child under 16 has provided us with personal information, please contact us at the email below.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email and in-app notice in accordance with applicable law, including the FTC Health Breach Notification Rule (within 60 days), GDPR (within 72 hours to the relevant supervisory authority), and applicable state breach notification laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting the updated policy with a new "Last updated" date. We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, contact us at:

[email protected]

See also: Terms of Service

Back to Radiant