Rebound Privacy Policy
Last updated: 14 July 2025
Welcome to Rebound, the AI‑powered platform that helps you discover beauty products tailored to your unique skin profile. We believe great skin starts with great data and great privacy. This notice explains—in plain English—what information we collect, why we collect it, and how you can control it when you use our website, mobile app, or any service that links to this notice (collectively, the "Services").
1. Scope
This policy applies to all visitors, registered users, and beta testers of the Rebound website (rebound‑ai.com) and our iOS/Android apps.
2. The Data We Collect
| Category | Examples | Why We Collect It |
|---|---|---|
| Account & Contact | Email address (wait‑list sign‑up, newsletter, account login) | Create or maintain your account, send service updates and educational content you request |
| Quiz Responses | Skin type, concerns, ingredient preferences, routine history | Generate personalized product recommendations and AI insights |
| Optional Facial Images | Selfies or short video clips you choose to upload for skin analysis (future feature) | Detect concerns such as blemishes, dryness, or redness to refine recommendations; never used for face recognition |
| Usage Metrics | Pages viewed, buttons tapped, session length, referring URL | Understand which features people love and improve performance |
| Device & Log | Browser type, operating system, IP address, crash reports | Keep the Service running smoothly and troubleshoot issues |
| Cookies & Similar Tech | Small text files, local storage, mobile SDK events | Remember preferences, measure analytics, guard against fraud |
What we DON'T collect: government IDs, payment card numbers, or biometric identifiers unrelated to skincare. Facial images are collected only if you opt in and are stored solely for cosmetic analysis.
3. How We Use Your Data
- Personalization – generate quiz results, ingredient breakdowns, recommendation scores, and—in the future—image‑based skin assessments if you opt in.
- Communication – send requested newsletters, wait‑list updates, transactional messages, and important policy changes. (No spam—we hate it too.)
- Product Development – aggregate, de‑identify, and analyse usage patterns to decide which features to build next.
- Security & Compliance – detect fraud, enforce Terms of Service, and comply with legal obligations.
We rely on one or more of these lawful bases: your consent (e.g., for face scans and marketing emails), performance of a contract, legitimate interests, and legal requirements.
4. When We Share Your Data
We never sell your personal information. We share only when necessary:
- Service Providers – vetted vendors that help us run email delivery, cloud hosting, on‑device or cloud image processing, error monitoring, or analytics. They may use your data only as instructed by Rebound and must delete it when the task is done.
- Legal & Safety – if required by law, court order, or to protect Rebound, our users, or the public from harm.
- Business Transfers – if we merge, acquire, or divest part of our business, your data may transfer as part of that deal (you'll be notified beforehand).
All partners are bound by confidentiality and data‑protection obligations equivalent to—or stricter than—this policy.
5. Your Choices & Rights
Depending on where you live, you may have rights to:
- Access – ask for a copy of the personal data we hold.
- Correct – update inaccurate or incomplete information.
- Delete – request erasure of your data or specific assets such as uploaded selfies (we comply within 30 days unless retention is legally required).
- Restrict / Object – limit certain processing or marketing emails.
- Portability – obtain your data in a machine‑readable format.
👉 To exercise any right, use in‑app privacy controls, click unsubscribe in our emails, or write to getreboundai@gmail.com.
6. Cookies & Tracking Technologies
We use first‑party cookies and third‑party SDKs (e.g., Google Analytics) to understand traffic and improve UX. You can disable cookies in your browser or reset mobile identifiers; the core Service will still work, but some personalized features may not.
7. Data Security & Retention
- Encryption – data is encrypted at rest and in transit. Facial images, when collected, are stored in a segregated, access‑controlled bucket with automatic deletion after 12 months or sooner if you delete your account.
- Access Controls – staff access is limited by role and protected with multi‑factor authentication.
- Incident Response – we monitor for vulnerabilities and have a 24/7 plan to respond to any breach.
We keep your non‑image data only as long as necessary for the purposes outlined above, then either delete or de‑identify it.
8. International Transfers
We operate from the United States but may process data on servers located elsewhere. When we transfer data internationally, we rely on standard contractual clauses or other lawful safeguards.
9. Children's Privacy
Rebound is not intended for children under 13. If we learn we have collected personal data from a child, we will delete it immediately.
10. Changes to This Policy
We'll post any changes on this page and update the "Last updated" date. For material changes, we'll email you or show a prominent notice in the app. Continued use after changes means you accept the revised policy.
11. Contact Us
Questions, concerns, or product‑recommendation success stories? Reach our privacy team at getreboundai@gmail.com.
Thank you for trusting Rebound with your data—and your glow!