This policy explains how Revna collects, uses, and protects your personal data — including face photos and your GDPR rights.
1. Introduction & Data Controller
This Privacy Policy explains how Revna Skincare ("Revna", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you use the Revna mobile application, related services, and web pages (collectively, the "Service"). By using Revna, you acknowledge that you have read and understood this policy.
- Data Controller: MaviPiksel Internet Cozumleri Ltd.
- Support: [email protected]
- Website: revna.org
- Address: Çınar Mah. 5003/3 Sok. No:3 Tokatlı Plaza K:3 D:319, Bornova, İzmir, Türkiye
2. Nature of the Service — Cosmetic Disclaimer
Revna is a cosmetic skincare routine coach, not a medical device. The app provides visual pattern recognition for cosmetic guidance, product organisation, routine building, and optional progress tracking. Revna does not diagnose skin conditions, detect diseases, assess moles or cancer risk, prescribe or recommend medications, or replace the care of a qualified healthcare professional. All AI-generated output is cosmetic and informational in nature only.
3. Who This Policy Applies To
This policy applies to all users of the Service. Revna is designed for adults aged 18 and above. We do not knowingly collect or process data from individuals under 18. If we identify an account belonging to a minor, we will take steps to delete the associated data promptly.
4. Data We Collect
We collect the following categories of data:
- Account data — email address, login credentials, user ID, account preferences
- Optional profile data — skin tone, age range, product preferences, routine goals
- Face photos — submitted by you for cosmetic visual analysis (see Section 5)
- Product cabinet entries — product names, ingredients, and usage notes you provide
- Routine records — your skincare steps and adherence tracking
- Device & technical data — device model, OS version, app version, language, region, crash logs, error reports
- Usage data — screens visited, session duration, app performance events
- Push notification tokens — for reminders you opt into
- Subscription data — transaction IDs and status for paid plans (no payment card details stored)
5. Face Photo & Biometric Data
Face photos you submit are used exclusively to generate cosmetic visual reports. To perform analysis, your face photo is transmitted to OpenAI (api.openai.com), a third-party AI service. OpenAI does not retain your photo after the request completes and does not use it for advertising or model training. We do not use face photos to build facial recognition systems, share raw photos with third-party analytics tools, or combine them with other biometric identifiers. Where your jurisdiction classifies face photos as biometric or sensitive personal data (including under GDPR), we process them based on your explicit consent, which you can withdraw at any time through app settings.
6. How We Use Your Data
We use your data to:
- Create and manage your account
- Authenticate your session securely
- Deliver AI-powered cosmetic analysis and visual reports
- Manage your product cabinet and routine records
- Send reminders and notifications (with your consent)
- Monitor app performance and diagnose errors
- Prevent fraud and protect system security
- Respond to support requests
- Comply with applicable legal obligations
- Protect our rights in legal proceedings
7. Legal Bases for Processing (GDPR)
Where GDPR or equivalent regulations apply, we process your data on the following legal bases:
- Explicit consent — for face photos, biometric data, progress tracking, and push notifications
- Contract performance — for account creation and service delivery
- Legitimate interest — for app security, error monitoring, and fraud prevention
- Legal obligation — for compliance with applicable law
8. Third-Party Services
Revna uses the following third-party services to operate:
- Supabase — database, authentication, and file storage (data encrypted in transit and at rest)
- OpenAI (api.openai.com) — AI analysis of face photos; images are transmitted securely and are not retained after the request completes per OpenAI's data handling policy; not used for advertising or model training
- Microsoft Clarity — anonymized UI heatmaps and session recordings for general app screens only; screens involving face photos, analysis results, or health-related content are strictly excluded
- Google Sign-In — authentication option (governed by Google's privacy policy)
- Apple Sign-In — authentication option (governed by Apple's privacy policy)
9. International Data Transfers
Some of our service providers operate outside your country. Your data may be processed on servers located in different jurisdictions, including the United States. We apply appropriate safeguards — including contractual protections and technical measures — to protect your data during international transfers in accordance with applicable law, including GDPR Standard Contractual Clauses where required.
10. Data Retention
We retain data only as long as necessary for the purposes set out in this policy:
- Account data — while your account is active
- Face photos (progress tracking off) — deleted after processing, typically within minutes of the request
- Progress photos (opt-in) — until you delete them or close your account
- Analysis reports — until you delete them or close your account
- Notification tokens — until app removal or token refresh
- Crash logs and analytics — per provider retention policies (typically 30–90 days)
- Support records — for the duration of the issue plus a reasonable operational period
11. Your Rights
Depending on your jurisdiction, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to certain processing activities
- Receive your data in a portable, machine-readable format
- Withdraw consent at any time (see Section 12)
- Lodge a complaint with your local data protection supervisory authority
12. Consent Withdrawal
You may withdraw consent at any time through the app settings or by contacting [email protected]. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. Some features — such as face photo analysis and progress tracking — may become unavailable after withdrawal.
13. Account & Data Deletion
You can delete your account directly from within the app settings. All associated data — including saved photos, reports, and profile information — will be deleted or anonymised within a reasonable timeframe. Backup systems may cause a short delay of up to 30 days. You may also request deletion by contacting [email protected]. Identity verification may be required.
14. Security
We implement reasonable technical and organisational safeguards, including:
- Encrypted data transmission (HTTPS/TLS)
- Access controls and role-based permissions
- Server and database security measures
- Session authentication systems
- Activity logging and anomaly monitoring
- Data minimisation — we collect only what is necessary
15. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via in-app notification or email, and — where required by law — we will request renewed consent. The "Last Updated" date at the top of this page always reflects the most recent revision.
16. Contact
For privacy-related requests, questions, or complaints:
- Email: [email protected]
- Website: revna.org
- Address: Çınar Mah. 5003/3 Sok. No:3 Tokatlı Plaza K:3 D:319, Bornova, İzmir, Türkiye