DermLabs

Legal

Privacy Policy

Last updated: 10 March 2026

1. Introduction

DermLabs (“we”, “us”, “our”) operates the website at dermlabs.co. This Privacy Policy explains how we collect, use, store, and protect information when you use our Service. We are committed to protecting your privacy and being transparent about our data practices.

2. Information We Collect

2.1 Information You Provide

  • Ingredient text: When you paste or type ingredient lists into the checker, this text is sent to our server for analysis. We may store anonymised analysis records (ingredient lists without personal identifiers) to improve the Service.
  • Uploaded images: When you upload label photos for OCR processing, the images are transmitted to our server, processed for text extraction, and then deleted. We do not retain uploaded images after processing is complete.

2.2 Information Collected Automatically

  • Log data: Our servers may automatically record information such as your IP address, browser type, operating system, referring URLs, pages visited, and the date and time of your visit.
  • Cookies: We may use essential cookies to ensure the Service functions correctly. We do not use advertising or tracking cookies. See Section 6 for more details.
  • Analytics: We may use privacy-focused analytics tools to understand how the Service is used. These tools collect aggregated, anonymised data and do not track individual users across websites.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the ingredient analysis Service.
  • Process uploaded images for OCR text extraction.
  • Improve the accuracy and coverage of our ingredient database.
  • Monitor and analyse usage patterns to improve the Service.
  • Detect, prevent, and address technical issues or abuse.
  • Comply with legal obligations.

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

  • Service providers: We may use third-party hosting, analytics, or infrastructure providers who process data on our behalf and are contractually obligated to protect it.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Safety: We may disclose information if we believe it is necessary to protect the rights, property, or safety of DermLabs, our users, or the public.

5. Data Retention

  • Uploaded images: Deleted immediately after OCR processing is complete.
  • Analysis records: Anonymised analysis results may be retained indefinitely to improve the Service.
  • Server logs: Retained for up to 90 days for security and debugging purposes, then deleted.

6. Cookies

DermLabs uses only essential cookies necessary for the Service to function. We do not use cookies for advertising, remarketing, or cross-site tracking.

You can configure your browser to refuse cookies, but this may affect the functionality of the Service.

7. Data Security

We implement reasonable technical and organisational measures to protect the information we process. This includes encryption of data in transit (HTTPS), secure server infrastructure, and access controls. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) and the UK GDPR, including:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate personal data.
  • Right to erasure: You may request deletion of your personal data, subject to legal obligations.
  • Right to restrict processing: You may request that we limit how we use your data.
  • Right to data portability: You may request a machine-readable copy of your data.
  • Right to object: You may object to certain types of data processing.

To exercise any of these rights, please contact us at contact@dermlabs.co. We will respond within 30 days.

Our legal basis for processing data is legitimate interest (providing and improving the Service) and, where applicable, your consent.

9. Your Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information. Note: we do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at contact@dermlabs.co.

10. Children’s Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us at contact@dermlabs.co and we will promptly delete it.

11. International Data Transfers

Our servers may be located outside your country of residence. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws. We ensure appropriate safeguards are in place for any international transfers of personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

DermLabs
Email: contact@dermlabs.co

See also: Terms of Service