1. Who We Are
Seoul Skin Atelier ("we," "us," "our") operates seoulskinatelier.com, a personalized K-beauty skincare curation and guidance service. For privacy inquiries, contact us at [email protected].
2. Information We Collect
Information you provide directly:
- Email address (required to deliver your report)
- Skin analysis responses (skin type, concerns, current products, lifestyle, budget, makeup habits)
- Purchase and billing information (processed by Paddle — we do not store payment card details)
Information collected automatically:
- Browser type and device information
- IP address and approximate location (country/region level)
- Pages visited and time spent on our site (via analytics)
- Email open rates and click activity on our emails
3. How We Use Your Information
- To generate and deliver your personalized skincare report
- To send your D3, D14, and D28 curator check-in emails
- To manage your subscription and billing
- To improve our skin analysis algorithm and curation quality (aggregated, anonymized data only)
- To send service-related communications (never unsolicited marketing without consent)
- To comply with legal obligations
4. Third-Party Services
We share data with the following trusted third parties to operate our service:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Paddle | Payment processing & tax | Email, billing info | paddle.com/legal/privacy |
| Resend | Email delivery | Email address | resend.com/privacy |
| Supabase | Database & user storage | Email, analysis responses, scores | supabase.com/privacy |
| Amazon Associates | Affiliate product links | Anonymized click data | amazon.com/associates |
| Skin Curation Engine | Skin analysis & report generation | Analysis responses (anonymized) | Internal proprietary system — no external data sharing |
We do not sell your personal data to any third party.
5. Data Retention
- Active user data is retained while your account or subscription is active
- After account deletion, data is removed within 30 days
- Anonymized, aggregated data may be retained indefinitely for product improvement
- Payment records are retained as required by law (typically 7 years)
6. Your Rights (GDPR — EU/EEA Users)
If you are located in the EU or EEA, you have the right to:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Request restriction of processing in certain circumstances
To exercise these rights, email [email protected]. We will respond within 30 days.
7. Your Rights (CCPA — California Residents)
California residents have the right to:
- Know what personal information we collect, use, and disclose
- Delete personal information we have collected
- Opt out of the sale of personal information (we do not sell personal data)
- Non-discrimination for exercising your privacy rights
To submit a request, email [email protected] with "CCPA Request" in the subject line.
8. Cookies
We use essential cookies for site functionality and analytics cookies to understand how users interact with our site. You can disable non-essential cookies in your browser settings. We do not use advertising or tracking cookies.
9. Children's Privacy
Our Service is intended for individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18.
If you are under 18, please do not use our Service or provide any personal information. If you believe a minor has provided us with personal data, please contact us immediately at hi@seoulskinatelier.com and we will delete that information promptly.
Note for parents: If you are a parent or guardian and believe your child has used our Service, please contact us. We take children's privacy seriously and will take immediate steps to remove any data collected.
10. Data Security
We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), secure database storage via Supabase, and restricted access controls. However, no method of transmission over the Internet is 100% secure.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Continued use of t