Privacy Policy

Overview

Neeves Labs LLC (“NeevesLabs,” “we,” “us,” or “our”) builds and operates consumer mobile applications and related websites. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our apps, websites, and services, including the Rewind mobile app.

Rewind is a personal skincare app. It analyzes selfies you choose to submit, recommends a routine, lets you track that routine, and adapts recommendations over time. This policy applies to all data collected through Rewind and any other NeevesLabs product unless a product-specific policy says otherwise.

Information We Collect

We collect only what we need to provide the features described in the app. Specifically:

• Photos you submit. Selfies used for skin analysis and, optionally, photos of product back labels used to recognize products. Photos are processed by our skin-analysis pipeline and stored on encrypted object storage so you can review past scans.
• Onboarding answers. The age range, skin concerns, goal, and routine-level answers you provide during onboarding so we can personalize your routine.
• Routine and check-in data. The products in your routine, your daily AM and PM check-ins, the streak history, and related notes.
• Device identifier. A randomly generated identifier stored on your device that links your data to your account. We do not require you to create a username or password; the device identifier is how we recognize you on subsequent launches.
• Subscription state. Whether you have an active subscription, the plan type, and renewal status. We do not see your payment card or Apple ID; subscriptions are processed by Apple and tracked on our side through RevenueCat.
• Product analytics. Anonymous-by-default events about how you use the app, such as which screens you open and which features you tap. These are used to debug issues and improve the product.
• Diagnostic data. Crash reports and performance traces sent to our error-tracking system if the app misbehaves. These do not include your photos, routine, or onboarding answers.
• Push notification token. If you grant notification permission, we store the device token Apple gives us so we can send routine reminders.

We do not collect your name, email address, phone number, contacts, location, browsing history, or any health, financial, or biometric identification data.

How We Use Information

• To provide the service. Generate your skin analysis, build and adapt your routine, render your daily check-ins, and remind you about your routine when you ask us to.
• To personalize recommendations. Use your onboarding answers and routine history to suggest products and schedule adjustments.
• To process subscriptions. Confirm and manage your paid entitlement so paid features unlock correctly.
• To improve reliability. Investigate crashes and performance issues using diagnostic data.
• To improve the product. Understand which features are used and where users get stuck using anonymous-by-default product analytics.
• To comply with the law. Respond to lawful requests, enforce our terms, and prevent abuse.

We do not use your data for advertising, do not share it with data brokers, and do not sell it. We do not perform automated decision-making that produces legal or similarly significant effects.

Photos and Face Data

Selfies you submit are used only to compute skin metrics (such as hydration, texture, redness) and to recommend products. We do not use your photos for biometric identification, do not use them to train third-party models, and do not share them outside the service providers listed below.

Your photos are stored on encrypted object storage operated on our behalf. They are sent to our AI provider (Anthropic) for analysis at the time of a scan; Anthropic processes the image to produce the analysis output and does not retain it for training (see Anthropic's policy linked below). Your photos remain accessible to you in the app and can be removed at any time by deleting your account.

Service Providers

We rely on third-party processors to operate Rewind. Each processor receives only the data needed to perform its function and is contractually required to handle it confidentially.

• Apple — App Store distribution and in-app subscription payments. Privacy policy
• RevenueCat — Subscription state tracking. Privacy policy
• Anthropic — AI skin analysis, routine generation, and product analysis via the Claude API. Image and text inputs are sent to Anthropic at the time of analysis. Privacy policy
• Railway — Application hosting (our backend API and Postgres database run on Railway in the United States). Privacy policy
• Cloudflare R2 — Encrypted object storage for scan and product photos. Privacy policy
• PostHog — Product analytics. We use PostHog to understand feature usage. Events are keyed to a device identifier; no name, email, or precise location is sent. Privacy policy
• Sentry — Crash and performance diagnostics. We do not attach user identifiers to Sentry events. Privacy policy
• Expo — Push notification delivery and over-the-air update distribution for the mobile app. Privacy policy
• UPCitemdb — Barcode lookup service used when you scan a product barcode. We send the barcode number; we do not send any personal information. Privacy policy

International Transfers

NeevesLabs is based in the United States. Our service providers listed above primarily process data in the United States. If you are in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to and processed in the United States. We rely on the standard contractual clauses approved by the European Commission, and on equivalent safeguards offered by each provider, for these transfers.

Data Retention

We keep your data for as long as your account is active and as needed to provide the service. Specifically:

• Account data, photos, routine, and check-in history are kept until you delete your account.
• Product analytics events are kept for up to 12 months and then aggregated or deleted.
• Crash and performance diagnostics are kept for up to 90 days.
• Subscription records are kept as long as required for accounting and tax purposes (typically 7 years).

You can delete your account at any time from Settings > Delete my account in the Rewind app. Deletion removes your account, photos, routine, check-ins, and analysis history from our active systems immediately, including purging photo files from our object storage. If you request deletion by email instead, we will process the request within 30 days. We may retain anonymized aggregate metrics that no longer identify you.

Your Rights

Subject to local law, you have the right to access, correct, delete, export, and restrict our processing of your personal information, and to object to certain uses. You can exercise most of these directly in the app:

• Access and correction. Most of your data is visible in the app. Contact us if you need a copy or correction.
• Deletion. Use Settings > Delete my account, or follow the steps at our Account Deletion page.
• Portability. Request a copy of your data by emailing us.
• Opt out of analytics. Email us and we will exclude your device identifier from analytics processing.

California residents: The California Consumer Privacy Act (CCPA) gives you specific rights, including the right to know what personal information we collect, the right to delete it, and the right to opt out of sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising. To exercise your rights, contact us at the address below.

EU, UK, and Swiss residents: You have rights under the GDPR, the UK GDPR, and the Swiss FADP, including the right to lodge a complaint with your supervisory authority. Our lawful bases for processing are: (i) performance of our agreement with you to provide the service, (ii) your consent where we ask for it (for example, push notifications), and (iii) our legitimate interest in improving and securing the service.

Children

Rewind is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us and we will delete it.

Security

We use industry-standard safeguards to protect your information, including encryption in transit, encryption at rest for photo storage, access controls, and audit logging. No system is perfectly secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will revise the “Last updated” date at the top and, where appropriate, provide additional notice in the app or by email.

Contact

For privacy questions, requests to exercise your rights, or any other concern, contact us at privacy@neeveslabs.com. You can also email support@neeveslabs.com for general support.

Neeves Labs LLC
United States