Privacy Policy
Effective Date: January 1, 2025 | Last Updated: January 1, 2025
1. Introduction and Data Controller Information
This Privacy Policy describes how Beeva Technologies Ltd. (“Beeva.ai,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use our AI-powered skin analysis services (the “Services”).
Data Controller Details:
- Company Name: Beeva Technologies Ltd.
- Data Protection Officer: [email protected]
By using our Services, you explicitly consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Services.
2. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR and other applicable data protection laws:
- Consent: For processing Face Data and health-related information
- Contract: To provide our Services to you
- Legitimate Interests: For improving our Services, fraud prevention, and security
- Legal Obligations: To comply with applicable laws and regulations
3. Information We Collect
3.1 Face Data Collection and Use
We collect photographs of your face (“Face Data”) to analyze your skin conditions using our proprietary AI algorithms. This analysis may identify:
- Acne and blemishes
- Wrinkles and fine lines
- Pigmentation and dark spots
- Skin texture irregularities
- Other visible skin conditions
Important Face Data Protections:
- Face Data is processed using automated systems only during analysis
- We employ privacy-preserving techniques including data minimization
- Face Data is encrypted using AES-256 encryption during transmission and processing
- We do not use facial recognition for identification purposes
- We do not create biometric templates for identification
3.2 Personal Information We Collect
Information You Provide:
- Account Information: Full name, email address, date of birth
- Health Information: Skin type, allergies, medical conditions relevant to skin health
- Lifestyle Information: Skincare routine, diet preferences, environmental factors
- Communication Data: Messages, feedback, and support requests
Automatically Collected Information:
- Device Information: Device ID, operating system, app version
- Usage Data: Features used, analysis frequency, interaction patterns
- Technical Data: IP address, browser type, time zone settings
- Location Data: General location (country/city level) for regulatory compliance
3.3 Special Categories of Personal Data
We process special categories of personal data (health data) related to your skin condition. This processing is based on your explicit consent, which you can withdraw at any time.
4. How We Use Your Information
4.1 Primary Uses
- Providing personalized skin analysis and recommendations
- Maintaining your skin analysis history for tracking progress
- Communicating service updates and analysis results
- Ensuring Service security and preventing fraud
4.2 Secondary Uses (with consent)
- Improving our AI algorithms and analysis accuracy
- Conducting aggregated research on skin health trends
- Developing new features and services
5. Face Data Storage and Deletion
5.1 Default Storage Policy
- During Analysis: Face Data is temporarily stored on our secure servers for processing (typically 5-10 minutes)
- Post-Analysis: Face Data is automatically deleted from our servers immediately after analysis completion
- On Your Device: Processed results and thumbnails may be stored locally based on your device settings
5.2 Extended Storage for Service Improvement
If you provide explicit consent:
- We may retain Face Data for up to 3 years for algorithm improvement
- Data is anonymized and aggregated where possible
- You can withdraw consent and request deletion at any time
- We maintain an audit log of all Face Data retention decisions
6. Data Sharing and Disclosure
6.2 Limited Sharing Circumstances
We may share your data only with:
Service Providers (under strict data processing agreements):
- AWS (Cloud Infrastructure) - SOC 2 Type II certified
- SendGrid (Email Services) - GDPR compliant
Legal Requirements:
- Law enforcement (with valid legal process)
- Regulatory authorities (for compliance)
- Legal proceedings (to protect our rights)
7. Your Rights and How to Exercise Them
7.1 Your Rights Include:
Access Right: Obtain confirmation and copies of your personal data
Rectification Right: Correct inaccurate or incomplete data
Erasure Right: Request deletion of your data (“right to be forgotten”)
Restriction Right: Limit processing in certain circumstances
Portability Right: Receive your data in a structured, machine-readable format
Objection Right: Object to processing based on legitimate interests
Automated Decision-Making: Request human review of automated decisions
Consent Withdrawal: Withdraw consent at any time
8. Data Security Measures
8.1 Technical Safeguards:
- AES-256 encryption for data at rest
- TLS 1.3 for data in transit
- Multi-factor authentication for administrative access
- Regular security audits and penetration testing
8.2 Organizational Safeguards:
- Limited access on need-to-know basis
- Regular security training for all employees
- Incident response procedures
- Data Protection Impact Assessments (DPIAs) for new processing
9. Data Retention Periods
| Data Type | Retention Period | Justification |
|---|
| Account Data | Duration of account + 30 days | Service provision |
| Face Data (Analysis) | Deleted immediately after processing | Privacy by design |
| Face Data (Improvement) | 3 years from consent | Research purposes |
| Analysis History | Account duration + 1 year | User benefit & legal |
10. Children's Privacy
- Our Services are not intended for users under 16 years old
- We do not knowingly collect data from children under 16
- Parents/guardians can contact us to request deletion of minor’s data
11. Privacy Policy Updates
We may update this Privacy Policy to reflect changes in our practices, new legal requirements, or new features and services.
Material changes will be notified via:
- Email notification
- In-app notification
- Website banner
Continued use after changes constitutes acceptance.
This Privacy Policy is effective as of the date listed above and will remain in effect except with respect to any changes in its provisions in the future.
