LavaBella Privacy Policy
Effective date: July 2, 2026 Last updated: July 2, 2026
LavaBella ("we") makes a skincare companion app. This policy explains what we collect, why we collect it, and the choices you have. It is written in plain language on purpose. Questions go to support@lavabella.com.
LavaBella is built primarily for the United States. Wherever you open the app, your data is processed in the United States.
1. What we collect
We collect only what the app needs to work. This is the full inventory.
Account and identity. Your email address. Your password, stored hashed by our authentication provider — we never see it in plain text. Your Apple or Google sign-in identifiers, if you sign in that way. Your display name. Your city, which you enter yourself. Timestamps for when your account is created and changed.
Skin profile. Your skin type, the concerns you select, and the consent acknowledgments you give during onboarding.
Face scans. The most sensitive data in the app. Section 2 covers it in full.
Product cabinet. Label photos you choose to capture are sent to Google Cloud Vision to read the ingredient text, then discarded. We keep the resulting product name, brand, and ingredient list. Label photos only — never face photos.
Coach conversations. Your messages to Lava, the in-app coach, are processed by Anthropic (Claude) to generate replies. The coach also receives your derived numeric skin scores — never images. Some messages may additionally be processed by OpenAI to detect signs of distress, so the app can respond with care and surface support resources.
Search text. Ingredient names, product names, and question text may be sent to OpenAI to create text embeddings for search. Never face imagery. Never biometric data.
Routines and activity. Generated routines, completions, streaks, and daily activity. Treatment interests and readiness-quiz answers. Booking requests, which are shared with the specific partner clinic you ask to book.
Notifications and weather. Your Expo push token and your notification preferences. Weather-based SPF guidance uses your city name only, sent to WeatherAPI.
Analytics and diagnostics. Usage events (PostHog) and crash reports (Sentry). On iOS we ask for App Tracking Transparency permission before any cross-app tracking. If you decline, we don't track.
Emails. Transactional email — welcome, verification, password reset, deletion confirmation — is delivered through Resend.
2. Face scans
Photos you take in the scan flow are stored privately, with access controls. They are analyzed by our own computer-vision pipeline, which runs on Modal — a cloud GPU provider that executes our code. The output is a set of derived numeric scores (for example redness, hydration, texture) and a small thumbnail.
Face scan images are never sent to any third-party AI service. Not Anthropic. Not OpenAI. Not Google.
Your scans are deleted when you delete your account.
3. Service providers
These companies process data on our behalf. Each receives only what its row describes.
| Provider | What it does with your data |
|---|---|
| Supabase | Database, authentication, private file storage |
| Modal | Runs our scan-analysis code on GPUs |
| Anthropic | Coach conversation text and derived scores |
| OpenAI | Text embeddings; distress detection on message text |
| Google Cloud Vision | Product-label photos only |
| Sentry | Crash reports |
| PostHog | Usage analytics |
| Expo | Push notification delivery, app builds |
| Resend | Transactional email |
| WeatherAPI | City name for weather |
| Cloudflare | Network security and content delivery |
| Hetzner | Server hosting |
| Upstash | Background job queue — no personal content, job metadata only |
4. What we never do
We never sell your personal data. There are no ads in the app. We do not share your data with data brokers.
5. Retention and deletion
We keep your data while your account is active.
Deleting your account — Profile → Settings → Delete account — permanently removes your profile, scans, thumbnails, cabinet, conversations, and activity.
Label photos are discarded right after the ingredient text is read.
Residual copies in encrypted backups roll off within 30 days.
6. Your rights and choices
You can access, correct, or delete your data at any time — in the app, or by writing to support@lavabella.com.
You can revoke consent in three ways: turn off notification categories in the app, change the tracking permission in iOS Settings, or delete your account.
7. California residents
If you live in California, you have the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising either. We do not sell your personal information, and we do not "share" it as the CCPA defines that term.
8. Outside the United States
If you use LavaBella from outside the United States, your data is processed in the United States.
9. Children
LavaBella is for people 13 and older. If you are under 13, do not create an account. If we learn an account belongs to a child under 13, we delete it.
10. Changes to this policy
If we make a meaningful change, we update the date at the top and let you know in the app before it takes effect.
11. Contact
support@lavabella.com. A real person reads it.