Learn about our comprehensive security measures and data protection practices.
At EverSkin, we are committed to protecting the security and privacy of our users' data. Our security practices are designed to safeguard personal and skin-related information from unauthorized access, misuse, alteration, or disclosure. This policy explains how we protect our application, infrastructure, and customer data.
We follow industry best practices and continuously monitor our systems to ensure your data remains safe and secure.
Cloud Hosting:
EverSkin services are hosted on secure cloud platforms, primarily Amazon Web Services (AWS), which provides advanced physical and environmental protection. Secure third-party payment processors are used for handling subscription transactions.
Data Storage:
User-uploaded skin photos are processed for analysis and are not stored permanently. These images are automatically deleted from our servers after analysis or within a limited retention period used strictly for troubleshooting and quality improvement.
Disaster Recovery:
All critical system and user data is backed up regularly. Our disaster recovery procedures are tested periodically to ensure service continuity in case of unexpected system failures.
Authentication & Access Control:
We enforce strong password policies and use multi-factor authentication (2FA) for administrative and internal system access.
Secure Development:
Our application is updated regularly using secure deployment pipelines. This ensures fast delivery of security patches and reduces vulnerabilities.
Content & Input Protection:
We apply automated filters and validation mechanisms to ensure only relevant and appropriate user content (such as facial skin photos) is processed by our AI systems.
Data Minimization:
We only collect the minimum amount of data required to deliver personalized skincare routines and platform functionality.
Encryption:
All data transmitted between users and EverSkin is protected using SSL/TLS encryption.
Payment Security:
All payments are processed through secure, PCI-DSS compliant third-party platforms. EverSkin does not store or process full payment card details.
Security Monitoring:
We continuously monitor our systems for potential security threats and unusual activities.
User Notification:
If a verified security breach affects user data, affected users will be notified promptly via email. Post-incident reviews are conducted to prevent future occurrences.
EverSkin complies with relevant data protection regulations, including:
All third-party services we use are selected based on their strong compliance and security standards.
Users are responsible for keeping their account credentials secure.
Uploaded content, including skin images, must comply with our Terms of Service and Privacy Policy. Any misuse or unauthorized use may result in account suspension.
EverSkin reserves the right to update this policy as needed. Significant changes will be communicated to users via email or in-app notifications. Continued use of the service implies acceptance of the updated policy.
If you have any questions or concerns about this Security Policy, please contact us:
Email: support@everskin
Website: www.everskin.app
Team: EverSkin Security Team