DermaPrime logoDermaPrime — Skin Intelligence
Try the app

Privacy Policy

Last updated: June 19, 2026

DermaPrime Health Technologies ("DermaPrime", "we", "us") provides an AI Skin Intelligence Platform. This Privacy Policy explains what personal data we process, why, on what legal basis, with whom we share it, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

1. Data controller

DermaPrime Health Technologies acts as the data controller for personal data processed through this website and application. You can contact us at privacy@dermaprime.app.

2. Data we process

  • Account data: name, email, hashed password, authentication identifiers.
  • Skin images and lesion metadata you upload or capture for analysis, including body area, notes, and timestamps.
  • Health-related inferences generated by our models (e.g. risk indicators, depth estimates).
  • Clinician review submissions when you request a second opinion.
  • Billing data processed by our payment provider (we never receive your full card number).
  • Technical data: IP address, device, browser, log data, and cookies (see our Cookie Policy).

3. Special categories of data (health)

Skin images and AI-derived indicators are considered data concerning health under Article 9 GDPR. We process this category only with your explicit consent (Art. 9(2)(a)). You can withdraw consent at any time; withdrawal does not affect prior lawful processing.

4. Purposes and legal bases

  • Provide the analysis service — Art. 6(1)(b) contract + Art. 9(2)(a) explicit consent.
  • Account, security, fraud prevention — Art. 6(1)(c) legal obligation and 6(1)(f) legitimate interest.
  • Improving model quality, only with separately granted consent — Art. 6(1)(a) / 9(2)(a).
  • Customer support and communications — Art. 6(1)(b)/(f).

5. Retention

See our Data Retention and Deletion Policy. In short: images submitted for instant analysis are processed in memory and are not persisted server-side unless you explicitly save them to your dataset; saved entries remain until you delete them or your account; clinician-review images are kept for the minimum period required to complete the review and meet legal record-keeping obligations.

6. Recipients and processors

We share data only with vetted processors bound by Data Processing Agreements: our cloud infrastructure provider, our payment processor, and (where you request it) clinicians performing a paid review. We do not sell personal data and we do not use it for advertising.

7. International transfers

Where data leaves the EEA, transfers rely on Standard Contractual Clauses and, where applicable, supplementary measures.

8. Your rights

  • Access, rectification, erasure, restriction, and portability.
  • Objection to processing based on legitimate interests.
  • Withdrawal of consent at any time.
  • Complaint to your local supervisory authority.

Submit a request via our Contact & Privacy Requests page or from Account → Privacy inside the app.

9. Security

We use TLS in transit, encryption at rest, role-based access control, Row-Level Security on every user-data table, and private storage buckets for images. See our security overview for details.

10. Children

The service is not directed to children under 16. We do not knowingly collect their data.

11. Changes

We will notify material changes by email or in-app notice and update the "Last updated" date.