legal

Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains how Skintick collects, uses, stores, and protects personal data when you use our website, API, documentation, and related services. This is a v1 template and is not legal advice.

Under GDPR, a privacy notice should explain who controls the data, what data is collected, the purposes and legal bases for processing, retention, rights, and contact details. GDPR Article 13 lists information that should be provided when personal data is collected from a user.

1. Data Controller

The data controller is:

Skintick

Operator: [LEGAL ENTITY / YOUR NAME]

Email: privacy@skintick.io

Address: [ADDRESS]

2. Personal Data We Collect

We may collect the following data:

Account and billing data

  • name;
  • email address;
  • company name;
  • billing address;
  • VAT/tax information;
  • payment status;
  • subscription plan;
  • Stripe customer ID or subscription ID.

We do not store full payment card numbers. Payments are handled by Stripe.

API usage data

  • API key identifier;
  • request timestamps;
  • endpoints used;
  • response status codes;
  • rate-limit events;
  • IP address;
  • user agent;
  • usage volume;
  • error logs.

Website data

  • pages visited;
  • referrer;
  • browser/device information;
  • basic analytics events;
  • cookie or similar identifiers if analytics/cookies are enabled.

Support data

  • messages you send us;
  • issue reports;
  • feedback;
  • technical debugging information.

3. How We Use Personal Data

We use personal data to:

  • provide the API and website;
  • create and manage accounts;
  • process payments and subscriptions;
  • generate and manage API keys;
  • apply rate limits;
  • monitor API reliability;
  • prevent abuse and fraud;
  • provide support;
  • send service emails;
  • improve the product;
  • comply with legal, tax, accounting, and security obligations.

4. Legal Bases for Processing

If GDPR applies, we process personal data based on one or more of the following legal bases:

  • Contract: to provide paid API access and account services.
  • Legitimate interests: to secure the Service, prevent abuse, monitor usage, improve reliability, and support users.
  • Legal obligation: to comply with tax, accounting, billing, and regulatory requirements.
  • Consent: where required for optional cookies, analytics, or marketing communications.

The European Commission describes GDPR as setting lawful grounds for processing personal data, and the Swedish privacy authority IMY explains that controllers remain responsible for ensuring processing complies with GDPR.

5. Payment Processing

Payments are processed by Stripe. Stripe may collect and process billing, payment, tax, and fraud-prevention information according to its own terms and privacy practices.

For EU digital services, Stripe Tax can help calculate tax based on the customer's location and applicable EU VAT rules.

6. Cookies and Analytics

We may use cookies or similar technologies for:

  • essential website functionality;
  • session management;
  • analytics;
  • security;
  • abuse prevention.

If we use non-essential cookies or analytics requiring consent, we will provide a cookie banner or consent mechanism where required.

7. Service Providers

We may share personal data with trusted service providers that help us operate Skintick, such as:

  • hosting providers;
  • database providers;
  • email providers;
  • payment processors;
  • analytics providers;
  • monitoring/logging providers;
  • customer support tools.

These providers may only process data for the purposes we authorize.

8. International Transfers

Some service providers may process data outside your country or region.

Where required, we use appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

9. Data Retention

We keep personal data only as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods:

  • account data: while your account is active;
  • billing records: as required by tax/accounting law;
  • API usage logs: typically [30-180 days], unless needed for security or abuse investigation;
  • support emails: typically [24 months];
  • marketing data: until you unsubscribe or request deletion.

10. Security

We use reasonable technical and organizational measures to protect personal data, including:

  • hashed API keys;
  • access controls;
  • encrypted connections where applicable;
  • backups;
  • logging and monitoring;
  • least-privilege access where practical.

No system is perfectly secure, and we cannot guarantee absolute security.

11. Your Rights

Depending on your location, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • delete data;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw consent;
  • lodge a complaint with a data protection authority.

For EU/EEA users, GDPR provides these rights to data subjects.

To exercise your rights, contact: privacy@skintick.io

12. Marketing Emails

You can unsubscribe from marketing emails at any time using the unsubscribe link or by contacting us.

We may still send transactional emails related to your account, billing, API key, security, or service usage.

13. Children

Skintick is not intended for children. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date and may notify users by email or through the website.

15. Contact

Email: privacy@skintick.io

Operator: [LEGAL ENTITY / YOUR NAME]

Address: [ADDRESS]