BeautySparkBeautySpark

Privacy Policy

Last updated: 23/12/2025

1. Data Controller

BeautySpark is the data controller for your personal information.

Email: hello@beautyspark.me

2. Information We Collect

2.1 Personal Information

  • Name and email address
  • Profile information and preferences
  • Gender identity and date of birth
  • Physical characteristics (height and weight)
  • Account credentials
  • Communication preferences

2.2 Photos and Biometric Data

SPECIAL CATEGORY DATA: Your photos containing facial data are considered biometric data under UK GDPR Article 9.

When you upload photos for AI makeup analysis and recommendations, we collect and process these images. Your photos are used solely for providing our beauty services and are not shared with third parties without your explicit consent.

2.3 Device and Usage Data

  • Device information (device type, operating system, unique device identifiers)
  • Usage patterns and feature interactions
  • Performance data and error logs
  • IP address and general location (country/city level)

3. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

Data Type
Legal Basis
Account data
Contract (Art. 6(1)(b))
Photos/facial analysis
Explicit consent (Art. 9(2)(a))
Payment information
Contract (Art. 6(1)(b))
Usage analytics
Legitimate interests (Art. 6(1)(f))
Marketing
Consent (Art. 6(1)(a))

You provide explicit consent for biometric data processing when uploading photos. You can withdraw this consent at any time by contacting hello@beautyspark.me

4. How We Use Your Information

  • Provide AI-powered beauty recommendations and analysis
  • Process and analyze uploaded photos for makeup suggestions
  • Tailor recommendations based on physical attributes (age, gender, etc.)
  • Maintain and improve our services
  • Communicate with you about your account and our services
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience

We will NOT use your personal information or uploaded content to generate, facilitate, or promote any content that involves abuse, violence, pornography, hate speech, harassment, or any other harmful or illegal activities.

5. AI Processing and Facial Data

Our AI processes facial features from your photos, which is considered biometric data under UK GDPR.

What We Do:

  • Extract facial landmarks, skin tone, eye shape, and facial measurements
  • Analyze these features to generate makeup recommendations
  • Do NOT use facial data for identification or authentication
  • Do NOT share facial data with third parties (except AI processing services)

Data Retention:

  • Unprocessed photos: Deleted within 24 hours
  • Saved photos in your account: Retained until you delete or close account
  • Analysis results: Retained for 2 years or until account deletion

Third-Party AI Processors

To provide our advanced beauty analysis and generation features, we engage strictly vetted third-party sub-processors. We have executed Data Processing Agreements (DPAs) with each provider to ensure your data is safeguarded in compliance with UK GDPR standards.

Provider
Purpose of Processing
Data Shared
Google LLC (Gemini)
Multimodal makeup analysis and recommendation logic
Transient facial imagery, feature landmarks, colorimetric data
X.AI Corp
Natural language processing for beauty profiling
Anonymized user preferences, descriptive prompts
Fal.ai (Fal Corp)
High-fidelity generative makeup visualization
Source photos, segmentation masks, generated renders
Hugging Face, Inc.
Hosting of specialized computer vision models
Biometric embeddings (server-side only), face segmentation maps

Privacy Assurance: We configure our API integrations with these providers to ensure that your personal data (including photos) is used only for the specific purpose of generating your requested results. We explicitly opt-out of data usage for training their foundational models where available.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  1. 1.Right to Access (Subject Access Request): Request a copy of your data (free, within 1 month)
  2. 2.Right to Rectification: Correct inaccurate data
  3. 3.Right to Erasure ('Right to be Forgotten'): Delete your data (subject to limitations)
  4. 4.Right to Restrict Processing: Limit how we use your data
  5. 5.Right to Data Portability: Receive your data in a structured format
  6. 6.Right to Object: Object to processing based on legitimate interests
  7. 7.Right to Withdraw Consent: Withdraw consent for facial data processing at any time
  8. 8.Right to Lodge a Complaint: Complain to the ICO

Exercise Your Rights

We will respond within 1 month (extendable by 2 months for complex requests)

ICO Contact Information:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

7. International Data Transfers

We may transfer your data to countries outside the UK for AI processing and cloud storage.

Transfer Safeguards:

  1. 1.EU/EEA: Considered adequate by UK under transition provisions
  2. 2.USA: Transfers covered by Standard Contractual Clauses (SCCs) or Data Privacy Framework
  3. 3.Other Countries: Individual adequacy assessments and SCCs

You can request information about where your data is transferred and copies of transfer safeguards by contacting hello@beautyspark.me

8. Data Retention

  • Account data: Retained while your account is active
  • Transaction records: 7 years for tax, legal, and dispute purposes
  • Credit usage logs: 2 years
  • Failed generation records: 1 year

Data cannot be deleted during active disputes or investigations.

9. Security Measures

We implement appropriate technical and organizational security measures:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure data centers and infrastructure

10. Children's Privacy

BeautySpark is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: hello@beautyspark.me

Privacy Policy Inquiry

Response Time: We aim to respond within 5 working days.

This Privacy Policy is provided in accordance with UK GDPR and the Data Protection Act 2018.