Privacy Policy

Who We Are

FaceCutie ("we," "us," or "our") is a product of Goshen Consulting LLC, a New Jersey limited liability company. We operate the website at facecutie.com and the web application at app.facecutie.com.

For privacy questions, contact us at privacy@goshenconsultingllc.com.

Information We Collect

Account Information

When you create a FaceCutie account, we collect:

• Email address — used for sign-in via magic link and account recovery
• Username — chosen by you, displayed on your community posts
• Avatar — an emoji you select to represent yourself
• Account creation date — automatically recorded

If You Sign in with Google

If you choose "Continue with Google," Google shares the following with us via OAuth 2.0:

• Your Google email address
• Your Google account name
• Your Google profile picture URL (we don't display this — we use the FaceCutie avatar emoji instead)
• A unique Google user ID

We do NOT receive: your password, contacts, calendar, search history, or any other Google data. You can revoke FaceCutie's access at any time at myaccount.google.com/permissions.

Photos You Upload

When you use the AI Beauty Mirror or Product Scanner, your photo is transmitted to Anthropic's Claude AI service for real-time analysis. We never store your photos on our servers. After analysis, the photo is discarded.

What WE keep (when you're signed in): a record of the analysis result — your skin score, celebrity twin match, recommended routine. The photo itself is not retained.

Data You Create in Your Account

When you're signed in, we store the following in our database (Supabase, hosted in the United States):

• Skin Tracker logs — the daily mood, score, and notes you record
• Products tried — products you've added with your reactions
• Mirror analysis history — past skin scores, celebrity twin matches, and routines (without photos)
• Community posts — content you publicly share in the community feed
• Likes — which community posts you've liked

Anonymous Local Data

If you use FaceCutie without signing in, your tracker data, products, and other inputs stay only in your browser's local storage. This data never reaches our servers and is permanently lost if you clear browser data.

Analytics Data

We use Google Analytics 4 to understand site usage. This includes anonymized data: pages visited, time on site, device type, and country/region-level location. We do not use analytics to identify you personally. If you decline cookies via our cookie banner, analytics is automatically disabled for your session.

How We Use Your Information

• To provide the features you request (skin analysis, recommendations, community)
• To send authentication emails (magic links to sign in)
• To send you newsletter emails if you've subscribed (you can unsubscribe anytime)
• To improve our service based on aggregate usage patterns
• To detect and prevent fraud, abuse, or violations of our Terms of Service
• To enforce community guidelines and remove harmful content
• To comply with legal obligations

We do not sell your personal information. We do not use your information for advertising on third-party platforms. We do not use your skin tracker data or selfies to train AI models.

Third-Party Services We Use

FaceCutie relies on these trusted third-party services:

• Anthropic Claude AI — processes uploaded photos for real-time analysis. Photos are transmitted but not stored. Anthropic's privacy policy.
• Supabase — hosts our user database (authentication, skin logs, posts). Data is stored in the United States. Supabase's privacy policy.
• Google OAuth — optional sign-in method. Subject to Google's privacy practices. Google's privacy policy.
• Mailchimp — manages our newsletter list. Mailchimp's privacy policy.
• Google Analytics — anonymized usage analytics. Google's privacy policy.
• Vercel — application hosting. Vercel's privacy policy.
• Netlify — marketing site hosting. Netlify's privacy policy.
• Amazon Associates — when you click affiliate product links, Amazon tracks the referral. Amazon's privacy policy.

Your Privacy Rights

Depending on where you live, you may have the following rights. We honor these rights for all users worldwide regardless of your location.

Access Your Data

You can request a copy of all data we hold about your account. We will provide it in a machine-readable format (JSON or CSV) within 30 days of request. Email privacy@goshenconsultingllc.com with the subject "Data Access Request."

Correct Your Data

You can update your username and avatar directly in the app via the profile editor. For other corrections, contact us.

Delete Your Account and Data

You have the right to delete your FaceCutie account and all associated data at any time. To do this:

• Email us at privacy@goshenconsultingllc.com with the subject "Delete My Account"
• Include the email address associated with your account
• We will permanently delete: your profile, all skin logs, all products tried, all mirror analysis history, all community posts you authored, and all likes you've given
• Deletion will be completed within 30 days of verification
• After deletion, your data is irrecoverable

You can also delete individual community posts directly in the app via the trash icon on your own posts.

Opt Out of Marketing

Every newsletter email contains an "Unsubscribe" link. You can also email us to be removed from all marketing communications. Note: even if you opt out of marketing, we will still send you essential account emails (sign-in links, security notifications, terms updates).

Disable Analytics

Click "Decline" on our cookie banner to immediately disable Google Analytics for your session. Already accepted? Clear your browser's site data for facecutie.com to reset your consent.

For California Residents (CCPA/CPRA)

You have specific rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the "sale" or "sharing" of your information. We do not sell or share your personal information for cross-context behavioral advertising.

For European Residents (GDPR)

If you are in the European Economic Area, UK, or Switzerland, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and objection. The lawful basis for our processing is your consent (which you can withdraw at any time) and the performance of our service contract with you. We do not transfer data outside our hosting providers' standard contractual frameworks.

Children's Privacy

FaceCutie is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us immediately and we will delete the account and all associated data.

Users between 13 and 17 should only use FaceCutie with the consent and supervision of a parent or legal guardian.

Data Security

We use industry-standard security measures:

• All data transmitted between your device and our servers is encrypted (HTTPS/TLS)
• Authentication is handled by Supabase with industry-standard JWT tokens
• Database access is protected by Row-Level Security policies that prevent users from accessing each other's private data
• API keys are stored in secure environment variables, never exposed in client-side code
• We don't store passwords (we use passwordless magic-link authentication or Google OAuth)

However, no system is 100% secure. We cannot guarantee absolute security of any information you transmit to us.

Data Retention

We retain your information as long as your account is active. If you don't sign in for 24 months, we may consider your account inactive and delete it after sending an email warning. If you delete your account, your data is removed within 30 days. Anonymized aggregate analytics may be retained indefinitely.

International Users

FaceCutie is operated from the United States. If you are using our services from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other countries where our service providers operate.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes (changes that affect your rights), we will notify you by email and update the "Last Updated" date. Continued use after changes constitutes acceptance.