Privacy Policy for SkinButler - How we collect, use, and protect your personal data
Privacy Policy
Last updated: September 10, 2025
Who We Are
This Privacy Policy explains how Advai Labs AB, doing business as SkinButler (“we”, “us”, or “our”), collects, uses, and protects your personal data when you use our website and services. Advai Labs AB is a company based in Sweden (Styrmansgatan 2, 114 54 Stockholm, Sweden) and is the data controller for the personal information processed through the SkinButler platform. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
If you have any questions about this Privacy Policy or how we handle your data, please contact our appointed privacy officer at info@skinbutler.com or by mail at the address above.
What Data We Collect
We only collect personal data that is necessary to provide and improve our services. The types of information we may collect include:
Account Information: When you create a SkinButler account or sign up for our services (including free and premium versions), we collect basic contact details such as your name, email address, and any login credentials. We may also collect your communication preferences (for example, whether you want to receive our product recommendations and updates).
Profile and Skin Information: To provide personalized skincare recommendations, you may provide information about your skin and beauty profile. This can include your skin type, skin concerns or conditions (e.g. dryness, acne, sensitivity), skincare goals, age range, and product preferences. You might enter this information through quizzes or forms on our site. Providing this data is voluntary, but it enables us to tailor our advice and product suggestions to you. (Note: We do not actively collect sensitive health information beyond your self-reported skin concerns. We ask that you not submit any highly sensitive personal data unless necessary, and any such information will be handled with appropriate care.)
Usage Data: Like most websites, we automatically collect certain data about how you use SkinButler. This includes technical information such as your IP address, browser type, device type, operating system, referring pages, and timestamps of visits. We also collect information about your interactions with our site or app (e.g. pages visited, features used, quiz responses) to understand and improve user experience. This data is typically collected via cookies and similar tracking technologies (see Cookies and Tracking Technologies below for more details).
Cookies and Similar Technologies: We use cookies, pixels, and local storage to collect and store information when you use our site. These technologies help us remember your preferences, keep you logged in, analyze site traffic, and market our services. They may also be used by third parties (such as analytics and advertising partners) on our site. You can find more about this in the Cookies and Tracking Technologies section.
Communication and Support: If you contact us with a question, feedback, or support request (for example, via email or customer support forms), we will collect your name, email, and the content of your correspondence. We use this information to respond to you and resolve any issues. We may keep records of our communications with you for training and quality assurance.
Payment and Transaction Data: If you purchase a premium subscription or buy any products through SkinButler, we (or our payment processor) will collect information needed to process the transaction. This may include billing name, billing address, and payment details (such as credit card information). Important: For security, we use trusted third-party payment processors to handle your payment data (e.g. credit card numbers). We do not store your full financial information on our systems. We only receive confirmation of payment and basic transaction records (like the last four digits of a card, transaction ID, and amount) for our accounting.
We do not knowingly collect data that reveals your racial or ethnic origin, health, or other special categories of personal data, unless you choose to provide it (for example, mentioning a specific skin condition). SkinButler is focused on skincare and product recommendations; any health-related information you share (such as skin conditions) is used only to personalize your recommendations and is not used for any other purpose without your explicit consent.
How We Use Your Data
We process personal data for the following purposes, in accordance with applicable law:
To Provide and Personalize Our Service: We use the information you give us to deliver the SkinButler services you expect. This includes analyzing your skin profile and preferences to provide tailored product recommendations, skincare routines, and content suited to your needs. For example, we use your answers to our skincare quiz and other profile details to suggest products that address your specific skin concerns. (Legal basis: Performance of a contract – we need this data to provide the personalized service you signed up for.)
Account Management and Customer Support: We process your account information to maintain your account, authenticate you when you log in, and provide customer support. This includes using your contact details to respond to your inquiries, troubleshoot issues, and inform you of important service information or changes (such as updates to our terms or privacy policy). (Legal basis: Performance of contract for providing account features; and legitimate interests in ensuring customer service and satisfaction.)
Product Recommendations and Marketing Communications: With your data, we will send you personalized product recommendations, skincare tips, and relevant offers. Both free and premium users may receive suggestions for products that fit their skin profile or notifications about new features and promotions. We consider these recommendations as an integral part of the SkinButler service, designed to help you find suitable skincare solutions. We may send these communications via email, in-app notifications, or other channels. You are always free to opt out of marketing emails or newsletters by using the unsubscribe link in any email or by contacting us. We will only send you promotional communications if you have not objected to them. (Legal basis: Legitimate interests to inform our users about product recommendations and offers. In certain cases, we will obtain your consent where required by law – for example, if local law requires opt-in for email marketing, we will only send you such emails if you have consented.)
Analytics and Improvement of Our Services: We use usage data and cookies to understand how our website and app are used and to improve their functionality. For instance, we analyze which pages or features are most popular, how users navigate the site, and where they encounter issues. This helps us optimize user experience, develop new features, and make informed decisions about our product development. (Legal basis: Legitimate interests in improving our service. Where required by law (e.g. for non-essential cookies), we rely on your consent.)
Advertising and Retargeting: We may use your data to run advertising campaigns on third-party platforms like Google, Facebook, and Instagram, in order to reach new customers or re-engage with you. For example, if you visit our site, we or our partners might use cookies/pixels to remember your visit so we can show you SkinButler ads on other websites or social media platforms. We might also use a hashed version of your email or other identifier to create “custom audiences” for our ads – this means showing our advertisements to people on those platforms who are either already SkinButler users or who share similar interests. These platforms (Google, Facebook/Instagram) may receive some of your information (like cookie identifiers or hashed email) to enable these ads, but they are not allowed to use it for other purposes. (Legal basis: Consent, where cookies or tracking are involved. We will ask for your consent via our cookie notice before using non-essential cookies or pixels for advertising. We also have a legitimate interest in promoting our business, but will always respect your choices regarding advertising cookies.)
Security and Fraud Prevention: We may process personal data as needed to secure our website and services, prevent fraud, abuse, and other harmful activities. This can include monitoring login activity to detect suspicious behavior or ensuring software integrity. (Legal basis: Legitimate interests in protecting our platform and users, and legal obligation in some cases to prevent unlawful activities.)
Legal Compliance: In certain circumstances, we may need to process or disclose your data to comply with a legal obligation, a court order, or to defend against legal claims. For example, we may retain transaction records for tax law compliance or provide information if required by government authorities under applicable law. (Legal basis: Compliance with a legal obligation.)
We will not use your personal data for purposes that are incompatible with the above, unless we obtain your permission or are required or allowed by law. In particular, we do not engage in any automated decision-making that produces legal or similarly significant effects on you. Any profiling we do (such as analyzing your skin data to recommend products) is intended to provide better service and does not negatively affect your rights or well-being. You have the right to object to profiling used for direct marketing – if you do so, we will stop using your data for that purpose.
Cookies and Tracking Technologies
Cookies are small text files stored on your device to collect standard internet log information and visitor behavior information. When you use SkinButler, we and our third-party partners use cookies and similar technologies (such as pixels, tags, or SDKs for mobile apps) to automatically collect information about your device and your interaction with our service. This section explains how we use these technologies:
Necessary Cookies: Some cookies are essential for the website to function properly. For example, they help with things like logging you in, remembering your preferences (such as language or region), and keeping the site secure. These cookies are always active because our site won’t work properly without them.
Analytics Cookies (Google Analytics): We use Google Analytics to understand how users find and use our site. Google Analytics places cookies in your browser to collect data such as your IP address (which is truncated/anonymized in many cases), browser type, pages visited, time spent on pages, and other usage statistics. We receive this information in aggregate form (e.g., overall website usage reports) to help us improve content and user experiences. Google may also process this information for its own analytics purposes. Please note that Google LLC is a US-based company; however, Google Analytics data is subject to safeguards (Google has committed to compliance with EU data protection through measures like Standard Contractual Clauses and the EU-US Data Privacy Framework). If you do not want to be tracked by Google Analytics, you can opt out via our cookie banner settings or install the official Google Analytics Opt-out Browser Add-on.
Advertising Cookies/Pixels: We partner with advertising platforms like Google Ads, Facebook, and Instagram (Meta Platforms) to market SkinButler on other sites and social networks. These platforms use cookies or pixel tags on our site to gather information about your browsing (such as the pages you visited or actions you took on SkinButler). This allows us to later show you relevant ads about SkinButler when you visit Google, Facebook/Instagram, or their partner sites. For example, if you took our skincare quiz, you might see an ad for SkinButler’s premium features on Facebook. The data collected (such as a cookie ID or device ID) is pseudonymous to us – we cannot see your personal identities from it. However, platforms like Facebook might combine this info with your user account if you’re logged in to their service. We only implement these advertising cookies with your consent. You can manage or revoke your cookie preferences at any time using our website’s cookie settings or through your browser settings. Also, you can opt out of interest-based ads from these platforms by adjusting your ad settings in your Google or Facebook account.
Other Third-Party Tools: From time to time, we might use other tools that utilize cookies or similar tech – for example, an A/B testing tool to test new features, or an embedded video player that sets its own cookies. If so, we will inform you via our cookie banner or policy. We will ensure any third-party tool respects your privacy and complies with applicable laws.
For more detailed information, please see our Cookie Policy (if available) or the cookie settings on our site, where you can find a list of cookies in use. By using our site with cookies enabled in your browser, you consent to our use of cookies as described here. Remember, you can always control cookies through your browser settings: you can refuse or delete cookies, though doing so may affect some functionality of our service (for example, you might need to re-login or some personalized features might not remember your preferences).
How We Share Your Data
We treat your personal data with care and do not sell your information to third parties. However, in order to run our business and provide our services, we sometimes need to share information with others. The main instances in which personal data may be shared are:
Service Providers (Processors): We use trusted third-party companies to help us operate SkinButler and perform certain functions on our behalf. These include hosting providers (for our website and databases), email service providers (to send out emails or newsletters), analytics services (like Google Analytics), advertising partners (like Google and Facebook as described above), payment processors (for handling subscription or purchase payments), and customer support tools. These service providers only receive the information necessary for them to perform their specific services. For example, our payment processor will receive your payment details to process a transaction, or our email provider will get your email address to send a newsletter. We require all service providers to handle personal data securely and in accordance with applicable law, and they are not allowed to use your information for their own purposes.
Advertising and Social Media Partners: As noted, we may share limited data with advertising platforms (Google, Facebook/Instagram) to facilitate our marketing campaigns. This might include site usage data collected via tracking pixels or hashed customer contact info for creating ad audiences. This data sharing is covered under our Cookies and Tracking section and is done based on your consent and our legitimate interest in marketing. These partners act as independent data controllers for the information they receive; they are responsible for complying with data protection laws on their end. We recommend reviewing their privacy policies (e.g., Google’s Privacy Policy, Facebook’s Data Policy) to learn how they treat your data.
Affiliates and Business Transfers: Currently, Advai Labs AB does not have any subsidiaries or affiliates to share your data with for business purposes. If in the future SkinButler becomes part of a group of companies, we might share data within our corporate family only as necessary and with equivalent protections. Additionally, if we undergo a business transaction such as a merger, acquisition by another company, or sale of some or all assets, your personal data could be transferred to the successor entity. If such a transfer happens, we will ensure the new owner will continue to respect your personal data rights as set out in this Privacy Policy, and we will notify you of any significant changes.
Legal Requirements and Protection: We may disclose personal information to third parties (such as authorities, regulators, or legal counsel) if we determine that such disclosure is reasonably necessary to (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of SkinButler, our users, or the public. We will only do this when permitted by law and after careful consideration of your privacy rights.
Aside from the scenarios above, we will not share your personal data with third parties unless we have your consent or are otherwise allowed or required by law. If we ever want to share your data for any other purpose (for example, sharing your testimonial on our site, or collaborating with a partner for a new service), we will inform you and, if necessary, ask for your permission.
International Data Transfers
We are based in Sweden, and our website and databases are primarily hosted in the European Union. However, some of the third parties we work with may process data in other countries. For example, Google and Meta (Facebook/Instagram) are companies headquartered in the United States, so the analytics and advertising data collected through our site may be transferred to the U.S. or other locations outside the European Economic Area (EEA).
Whenever we transfer or allow access to your personal data outside the EEA, we take steps to ensure your data receives an adequate level of protection:
Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses (SCCs) in our contracts with service providers to guarantee that personal data will be given the same level of protection as in the EU.
EU-US Data Privacy Framework: Where applicable, we may rely on the new EU-US Data Privacy Framework or other adequacy decisions for transfers to certified organizations in the United States. For instance, if our U.S.-based partners are certified under this framework, it means they commit to protect personal data according to EU standards.
Other Safeguards: We also assess our vendors for their security measures and privacy commitments. In some cases, we may implement additional encryption or pseudonymization before data is transferred, to add extra protection.
You can contact us if you would like more information about international data transfers or to request a copy of the relevant safeguards in place.
Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for providing our services and satisfying any legal, accounting, or reporting requirements. How long we keep data can vary depending on the type of information and the purpose:
Account Data: If you have a SkinButler account, we keep your personal profile data as long as your account is active. You can choose to delete or close your account at any time. Upon your account closure, we will delete or anonymize personal information associated with your account within a reasonable period. Anonymization means we remove or irreversibly alter personal identifiers so that the data can no longer be linked to you. For example, we may convert your usage history into aggregate statistics that contain no personal identifiers. We retain such anonymized data to help us understand overall user engagement and improve our services, but it will not identify you.
Marketing Data: If you have subscribed to our marketing communications (e.g. newsletters or product recommendation emails), we will keep your contact details on our mailing list until you unsubscribe or opt out. If you opt out, we may retain just enough information (like your email address in a suppression list) to ensure we honor your opt-out going forward.
Transaction Data: For any premium subscriptions or purchases, we will retain records of transactions (e.g. invoices, payment confirmations) for as long as needed for business record-keeping and legal compliance. Financial records are generally kept for a minimum period required by accounting/tax laws (for example, 7 years under Swedish accounting standards) after the transaction. However, as noted, we do not store full payment card details ourselves.
Analytics Data: Data collected via Google Analytics and similar tools may be stored by those providers. We have set our Google Analytics data retention settings to a reasonable period (e.g., 14 months) after which user-level data is deleted from Analytics servers. We may retain aggregate reports (which do not identify individuals) for longer.
Logs and Security Data: Our server logs and security records (which may contain IP addresses or device identifiers) are typically retained for a short period for troubleshooting and security monitoring, then either deleted or archived anonymously, unless we need to keep them longer (e.g., if investigating a security incident).
After the applicable retention period, we will securely erase or anonymize personal data. If deletion or anonymization is not immediately possible (for example, because the data is stored in backup archives), we will isolate it from further processing until deletion is possible.
Your Rights and Choices
As a user of SkinButler and, if applicable, as a data subject under the GDPR or similar laws, you have a number of rights regarding your personal data. We respect your rights and have processes in place to help you exercise them. These rights include:
Right to Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we use it. This is sometimes called a “Data Subject Access Request.” We will provide you with a copy of your information in a commonly used electronic format, unless you request otherwise.
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to ask us to correct or update it. For example, if you change your email address or if you realize the skin profile information in your account is wrong, you can update some of this in your account settings or ask us to assist with the correction.
Right to Erasure: You have the right to request deletion of your personal data (“right to be forgotten”). You can achieve much of this by deleting your account through our service. This will remove your profile and personal info from our active systems. If you want us to erase any other data we hold about you, you can contact us with your request. We will honor valid erasure requests and also instruct any third-party processors to delete your data, except where retention is required by law (for instance, we might need to keep a record of a transaction for tax purposes for a certain time, but we will inform you if so).
Right to Restrict Processing: In certain situations, you have the right to ask us to restrict or “pause” processing your data. For example, if you contest the accuracy of the data or have objected to processing (see below), you can request restriction while we address your concern. When processing is restricted, we will store your data securely and not use it until the restriction is lifted (unless necessary for legal claims or protection of rights).
Right to Object: You have the right to object to our processing of your personal data when we base it on legitimate interests, including profiling. This means if you do not agree with a processing purpose we undertake under legitimate interest (for example, direct marketing or certain analytics), you can object, and we must stop unless we have a compelling legitimate reason that overrides your rights or it’s needed for legal claims. In particular, you can always object to direct marketing uses of your data – if you do so, we will stop sending you marketing communications or personalized product recommendations via email.
Right to Data Portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another service provider (where technically feasible). This right applies when our processing is based on your consent or on a contract with you, and is carried out by automated means. In practice, this could include things like your profile information and quiz results that you gave us, which you might want to reuse elsewhere. If you need such data, contact us and we will assist in providing it.
Right to Withdraw Consent: In cases where we rely on your consent to process your data (for instance, if we ever asked for consent to send marketing emails or to enable certain cookies), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. For example, if you consented to marketing emails, you can later unsubscribe (withdraw consent) and we will stop that particular processing.
Right not to be Subject to Automated Decisions: As noted earlier, we do not make any purely automated decisions that have legal or significant effects on you. If that ever changes, you would have the right to request human intervention, express your point of view, and contest the decision.
To exercise any of your rights, please contact us at info@skinbutler.com. We may need to verify your identity to process certain requests (for example, by confirming you have access to the email associated with your account) to ensure we don’t disclose data to the wrong person. We will respond to your request as soon as possible and at least within the timeframes required by law (under GDPR, typically within one month). There is no fee for exercising your rights, except in rare cases of excessive or unfounded requests, in which case we may charge a reasonable fee or refuse the request with explanation.
Finally, if you believe that we have not handled your personal data properly or have not respected your rights, you also have the right to lodge a complaint with a data protection supervisory authority. Since we are based in Sweden, our lead authority is the Swedish Integritetsskyddsmyndigheten (IMY). You can contact IMY or your local EU/EEA data protection authority about your concern. Of course, we would appreciate the chance to address your concerns directly first, so we encourage you to reach out to us with any issues.
Security of Your Data
We take the security of your personal information very seriously. We have implemented appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure. These measures include encryption of data in transit (e.g. using HTTPS on our website), encryption of sensitive data at rest, firewalls and access controls on our servers, and regular security assessments of our systems. We also limit access to personal data to authorized personnel who need it to perform their jobs and who are bound by confidentiality obligations.
However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security. It’s important that you also play a role in keeping your information safe – for example, by choosing a strong password for your SkinButler account and keeping your login credentials confidential. If you have reason to believe that your interaction with us is no longer secure (for instance, if you feel your account has been compromised), please contact us immediately so we can help resolve the issue.
Children’s Privacy
SkinButler is not directed to children under the age of 13, and we do not knowingly collect personal data from anyone under 13 years old. If you are under 13, please do not use our service or provide any personal information to us. If we learn that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as soon as possible.
If you are a teenager between 13 and 16 (or the relevant age of digital consent in your country), you should review this Privacy Policy with a parent or guardian and make sure you understand it. Some features or content we provide (for example, certain skincare recommendations for teenagers) may be targeted to older teens (15+), and we encourage parental guidance for younger users. Ultimately, if we need to rely on consent as a legal basis for processing your data and you are below the age at which you can give valid consent on your own, we will require consent from your parent or guardian.
Parents and guardians who believe that SkinButler might have collected personal information from a child under 13 (or under the applicable age of consent) may contact us at info@skinbutler.com, and we will promptly investigate and delete the information.
Upcoming Features and Updates
We are continually improving SkinButler and adding new features to enhance your skincare experience. We plan to launch a mobile application within the next few months (expected within 6-9 months from the date of this Policy). The SkinButler mobile app will offer our core services on your smartphone, and the same privacy principles outlined in this Policy will apply. For example, if the app introduces new functionalities that require additional personal data (such as optional access to your device’s camera to scan a product or analyze your skin, or the use of push notifications on your device), we will clearly inform you and request any necessary permissions within the app. We will also update this Privacy Policy to include any new data practices once the app is launched, ensuring you stay informed about how your information is handled. We are committed to transparency and will not collect new types of personal data or use your data in new ways without updating you and obtaining consent if required.
Please note that this Privacy Policy (version dated September 10, 2025) reflects our services and practices as of now. If we introduce significant new features or data uses, we will revise our Privacy Policy accordingly and notify users of the changes (for example, via email or a notice on our website/app).
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Last updated” date at the top of this Policy. If the changes are material, we will provide a more prominent notice (such as a banner on our website or an email notification) to inform you of the update.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of SkinButler after any updates to this Policy will signify your acknowledgement of the changes. If we make changes that require your consent (for example, if a new feature requires new consent), we will obtain that consent as appropriate.
Contact Us
Your privacy and trust are very important to us. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:
Advai Labs AB (SkinButler) Attn: Privacy Officer Styrmansgatan 2, 114 54 Stockholm, Sweden Email: info@skinbutler.com
We will be happy to assist you and will do our best to address any issues promptly. Thank you for using SkinButler and trusting us with your skincare journey and personal data. We are dedicated to safeguarding that information and helping you feel confident in our service.