Privacy Policy

1. Introduction

At Eternup Biotech Private Limited ('Eternup,' 'we,' 'us,' or 'our'), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform and services. 'Platform' refers to the mobile application and website owned and operated by Eternup Biotech Private Limited.

By using Eternup, you consent to the data practices described in this policy. If you do not agree with our practices, please do not use our Platform.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Identity Data: Name, age, gender, email address
• Contact Data: Phone number, location/city
• Payment Data: Transaction IDs, payment status (payment card details are processed securely by our payment gateway partners and not stored by us)
• Account Data: Google account information if you sign in via Google OAuth

2.2 Biometric and Health Data

• Facial Images: Front, left profile, and right profile photographs of your face
• AI Analysis Data: Facial structure, skin type, skin conditions, pigmentation patterns
• Health Information: Skin concerns, allergies, medications, medical history
• Lifestyle Data: Sleep patterns, diet, stress levels, sun exposure, skincare routine
• Genetic Information: Family history of skin conditions

2.3 Voice and Conversation Data

During AI dermatology consultations, we record and process:

• Voice recordings (processed via OpenAI Realtime API)
• Conversation transcripts
• Consultation responses and answers

2.4 Technical Data

• Device information (type, operating system, browser)
• IP address and geolocation data
• Usage data (pages visited, time spent, features used)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Delivery

• Perform AI-powered facial analysis using your photographs
• Conduct AI dermatology consultations
• Generate personalized skincare reports and recommendations
• Track your skin health journey and progress

3.2 Account Management

• Create and manage your user account
• Authenticate your identity
• Process payments and maintain billing records

3.3 Communication

• Send transactional emails (payment confirmations, reports)
• Provide customer support
• Send important service updates and security alerts
• Request feedback on our services

3.4 AI Model Improvement

With your consent, we may use anonymized and de-identified data to:

• Improve our AI algorithms and analysis accuracy
• Train and refine our machine learning models
• Conduct research on skincare patterns and trends

Note: Your facial images and personal data are anonymized before use in AI training.

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share your data with trusted third-party service providers who help us operate our Platform:

• Google Gemini AI: For facial image analysis
• OpenAI: For AI consultation voice processing
• MongoDB Atlas: For secure data storage
• Cloudinary: For image hosting and management
• Cashfree: For payment processing
• Firebase: For phone authentication
• Email Service Providers: For transactional emails

All service providers are bound by strict data protection agreements and are prohibited from using your data for their own purposes.

4.2 Legal Requirements

We may disclose your information when required by law:

• To comply with legal obligations or court orders
• To protect our rights, property, or safety
• To prevent fraud or illegal activity
• In connection with legal proceedings

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data transmission uses HTTPS/TLS encryption
• Secure Storage: Data stored in encrypted databases (MongoDB Atlas)
• Access Controls: Strict access controls and authentication
• Regular Audits: Security audits and vulnerability assessments
• Anonymization: Facial data anonymized for AI training purposes

While we strive to protect your data, no system is completely secure. We cannot guarantee absolute security against unauthorized access or breaches.

6. Data Retention

We retain your data for as long as necessary to provide our services:

• Account Data: Retained while your account is active
• Facial Images: Stored securely for report generation and future comparisons
• Consultation Data: Retained to track your skin health journey
• Payment Records: Retained for 7 years as per Indian tax laws

You may request deletion of your data at any time (subject to legal retention requirements). See Section 9 for details.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns and improve our Platform
• Provide personalized experiences

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Platform.

8. International Data Transfers

Your data may be transferred to and processed in countries outside India, including:

• United States (OpenAI, Cloudinary servers)
• EU regions (MongoDB Atlas, Google Cloud)

We ensure that all international data transfers comply with applicable data protection laws and include appropriate safeguards.

9. Your Privacy Rights

Under Indian data protection laws and regulations, you have the following rights:

9.1 Access and Portability

• Request a copy of your personal data
• Download your consultation data and reports
• Receive your data in a portable format

9.2 Correction and Update

• Update your profile information
• Correct inaccurate data

9.3 Deletion ('Right to be Forgotten')

• Request deletion of your personal data
• Request removal of your facial images from our systems

Note: Some data may be retained for legal compliance (e.g., payment records for tax purposes) or anonymized for AI research.

9.4 Withdraw Consent

You may withdraw your consent for data processing at any time. However, this may limit your ability to use our services.

9.5 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days.

10. Children's Privacy

Users between ages 13-18 must have parental or guardian consent to use our Platform. We do not knowingly collect data from children under 13 without verifiable parental consent.

If we discover that we have inadvertently collected data from a child under 13, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

• Email notification to your registered email address
• Prominent notice on our Platform
• In-app notification

Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

13. Compliance with Indian Laws

This Privacy Policy complies with:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Pending Digital Personal Data Protection Act (DPDP Act)
• Other applicable Indian data protection regulations