Derma.Log

Privacy Policy

Privacy Policy

Last updated: May 2026

Purpose

This Privacy Policy explains how Derma.Log handles personal data for private skin observation records. Derma.Log helps users document, organize, review, export, and discuss skin observations over time.

Derma.Log is not a medical provider. It does not diagnose disease, rule out medical conditions, replace medical professionals, provide emergency care, or make clinical treatment decisions.

Data Derma.Log may process

Depending on how the app is used, Derma.Log may process data such as:

  • Account information, including email address, account status, session state, subscription or entitlement state, and storage usage.
  • Skin observation records, including spot records, entries, body-area labels, timestamps, notes, symptom selections, and structured observation fields.
  • Images added by the user, image metadata used by the app, and storage references needed to display or manage images.
  • Reminder-related information, including reminder labels, associated spots, timing, recurrence, and notification state.
  • Privacy settings related to protected areas and sensitive inspection controls.
  • Export, backup, and support information provided or generated at the user's request.

Derma.Log records may contain sensitive personal data, including skin images, health-related observations, body-area information, notes, dates, reminders, exports, backups, screenshots, and shared files.

How data is used

Derma.Log may use data to:

  • Create and manage accounts.
  • Store, display, organize, and update skin observation records and images.
  • Support reminders, protected-area privacy behavior, exports, backups, and supported restore behavior within current limits.
  • Manage subscription or account-tier state, storage limits, and account deletion.
  • Troubleshoot app behavior and maintain service reliability and security.

Derma.Log should not use private user records as a social, advertising, or public profile surface. Private use remains private by default.

Permissions

Derma.Log may request device permissions for app features, such as camera access for photos, photo or file access for imports and exports, notifications for reminders, and optional calendar access if calendar sync is enabled. Permission behavior may vary by platform.

Reminder notifications are organizational. They do not provide medical guidance.

Exports, backups, and sharing

Users may create exports or backups from their Derma.Log records. These files may contain sensitive personal data. Users are responsible for reviewing exported files before sharing them and for choosing trusted destinations.

Once files are saved, shared, uploaded, printed, transferred, or opened outside Derma.Log, Derma.Log may not be able to control or delete those external copies.

Dataset exports and anonymization options should not be treated as a guarantee that re-identification is impossible in every legal, technical, or real-world context. Skin images, notes, timestamps, body-area information, and longitudinal patterns may remain sensitive.

Subscriptions and storage limits

Derma.Log may process subscription and storage-related data to determine account limits. Subscription limits may restrict new storage growth. Existing owned history should remain accessible across subscription transitions, and privacy and dignity controls should not be premium-only.

Billing-provider records may be controlled by the billing provider rather than only by Derma.Log.

Account deletion

Users may be able to delete their Derma.Log account. Account deletion is intended to permanently remove the account and account-linked operational Derma.Log records once completed.

Users should export or back up records they want to keep before deletion. Account deletion does not delete files already exported, saved, shared, printed, uploaded, transferred, or stored outside Derma.Log. It also does not automatically guarantee cancellation, refund, or billing-history deletion from an external billing provider.

Research boundary

Ordinary private use of Derma.Log is not an active research contribution program. Normal private account use does not automatically contribute user records to research, AI training, public datasets, commercial datasets, or external evidence programs.

Any future research or evidence contribution feature must be optional, explicit, consent-based, separately governed, and legally reviewed before activation.

Third-party services and security

Derma.Log may rely on third-party services for functions such as authentication, cloud storage, app distribution, billing, notifications, calendar integration, device permissions, sharing workflows, file picking, or diagnostics if added in the future. Those services may have their own terms, privacy policies, limitations, and retention behavior.

Derma.Log should use reasonable technical and organizational measures to protect user data. No digital service can guarantee perfect security. Users should protect their devices, credentials, exports, and backups.

User rights and contact

Depending on applicable law, users may have rights to access, correct, export, delete, restrict, object to, or withdraw consent for certain personal data processing. Privacy requests can be sent to privacy@derma-log.eu.

Support contact is not medical care. Users with medical concerns should contact a qualified medical professional, and users with urgent symptoms should contact local emergency services.