Privacy Policy
This Privacy Policy explains how Tonic ("we", "us", "our") collects, uses, and protects personal data when you use the Tonic mobile app, our website, and related services (together, the "Service"). Tonic is a cosmetic and self-care product for men. It is not a medical device and does not provide medical advice, diagnosis, or treatment.
We take the privacy of your face photos seriously. This policy describes what we do with them, the legal bases we rely on, and the controls you have. If you do not agree with this policy, please do not use the Service.
1. Controller and contact
The controller responsible for your data is [Legal entity name], [registered address], [country]. You can reach us at hello@tonicc.app. [If appointed, our Data Protection Officer can be reached at [DPO contact].] [If established outside the EU, our EU/UK representative under Art. 27 GDPR is [name and contact].]
2. What data we process
- Face-scan photos and derived appearance data. When you run a scan, we process the photo you provide to generate a cosmetic "freshness" read and personalized care suggestions. [Describe your build accurately: whether the image is analyzed on-device or uploaded to our servers, and whether the original photo is stored or discarded after processing.] We do not use these photos for biometric identification, to recognize or verify who you are, or to build a face-recognition template.
- Account data: such as email address, sign-in identifiers, language, and settings.
- Care history and progress: your scores over time, plan, and the steps you complete, so the Service can show progress and personalize suggestions.
- Purchase and subscription data: plan, status, and transaction identifiers. Payments are handled by the app stores or our payment provider; we do not receive your full card number.
- Device and usage data: app version, device type, operating system, crash logs, and interaction events needed to run, secure, and improve the Service.
- Support communications: messages you send us and their content.
- Cookies and similar technologies on our website, as described in section 10.
3. Purposes and legal bases (GDPR / DSGVO)
- Provide the Service (create your read, plan, and progress) - performance of a contract (Art. 6(1)(b)).
- Process face photos for the scan - your explicit consent, which you give before scanning and can withdraw at any time (Art. 6(1)(a); and Art. 9(2)(a) to the extent appearance data is treated as a special category). [Confirm the correct basis with counsel for your market.]
- Billing, security, fraud prevention, and improving the Service - our legitimate interests, balanced against your rights (Art. 6(1)(f)), and compliance with legal obligations (Art. 6(1)(c)).
- Marketing emails, where applicable - your consent, which you can withdraw.
4. Consent and withdrawal
Camera and photo processing runs only with your consent. You can withdraw consent at any time in the app settings or by contacting us; withdrawal does not affect processing carried out before withdrawal. You can also stop scanning at any time and delete your scans (section 8).
5. Sharing and processors
We do not sell your personal data. We share it only with service providers (processors) who help us run the Service under data-processing agreements, and where required by law. Categories include: [cloud hosting], [scan/AI processing], [payment providers and app stores], [analytics], [customer support], and [email delivery]. A current list of processors is available on request. Where we recommend third-party care products, links may lead to independent retailers who are separate controllers under their own privacy policies.
6. International transfers
If data is processed outside the EEA/UK/Switzerland, we use appropriate safeguards such as EU Standard Contractual Clauses and additional measures where needed. [List transfer mechanisms and recipient countries.]
7. Retention
We keep personal data only as long as needed for the purposes above or as required by law. Scan images are [retained for the minimum time needed to produce your result and then deleted / processed on-device and not stored - state your actual practice]. Care history is kept while your account is active. Billing records are kept for the statutory period. When no longer needed, data is deleted or anonymized.
8. Deleting your data
You can delete individual scans, your care history, or your entire account in the app, or by emailing hello@tonicc.app. Deleting your account removes your personal data except where we must keep records by law.
9. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and least-privilege handling of scan data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. Cookies and analytics
Our website uses strictly necessary cookies and, with your consent, analytics or preference cookies. You can manage your choices via the cookie banner or your browser settings. [Insert cookie table / consent-manager details before launch.]
11. Automated processing
The "freshness" read is generated automatically to give you cosmetic guidance. It does not produce legal or similarly significant effects and is not used to make decisions about you within the meaning of Art. 22 GDPR.
12. Age
The Service is intended for adults (18+). It is not directed to children, and we do not knowingly collect data from minors. If you believe a minor has used the Service, contact us and we will delete the data.
13. Your rights
Subject to applicable law (including the GDPR/DSGVO), you have the right to access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interests, as well as to withdraw consent at any time. To exercise these rights, contact hello@tonicc.app. You also have the right to lodge a complaint with your local data-protection supervisory authority [e.g., in Germany your state authority; in Austria the DSB; in Switzerland the FDPIC].
14. Changes
We may update this policy as the Service evolves or the law changes. The "last updated" date above reflects the current version; we will notify you of material changes as required.
15. Contact
Questions about this policy or your data: hello@tonicc.app.