Privacy Policy

Last updated: January 11, 2026

Data Controller

Twacha Labs is the data controller responsible for processing your personal data.

Company Name: Twacha Labs

Legal Entity: [PLACEHOLDER: Insert legal entity name]

Registered Address: [PLACEHOLDER: Insert registered address]

Contact Email: privacy@twachalabs.com

Data Protection Officer: [PLACEHOLDER: Insert DPO contact if applicable]

Special Category Data Processing

Under GDPR Article 9, biometric data (including facial images) is classified as special category data. We process this data only with your explicit consent.

  • Legal Basis: Explicit consent (GDPR Article 9(2)(a))
  • Purpose: Skin analysis and personalized recommendations
  • Retention: Data is retained until you request deletion or withdraw consent
  • Sharing: We do not share biometric data with third parties without your explicit consent

Rights of the Data Subject

Under GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure

You can request deletion of your data ("Right to be Forgotten").

Right to Restrict Processing

You can request that we limit how we use your data.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interests.

To exercise these rights: Contact us at privacy@twachalabs.com with your request. We will respond within 30 days as required by GDPR.

ML Research Data Usage

[PLACEHOLDER: Insert your ML research data usage policy]

Anonymized Data for Research

[PLACEHOLDER: Describe if/how anonymized data is used for ML model improvement, research purposes, etc. Include opt-in/opt-out mechanisms if applicable.]

Data Sharing with Research Partners

[PLACEHOLDER: Describe any data sharing arrangements with research institutions, universities, or ML research partners. Include consent mechanisms.]

Model Training and Improvement

[PLACEHOLDER: Explain how user data contributes to model training, whether data is anonymized, and how users can opt out.]

Data Security

  • Encryption: All data is encrypted in transit (TLS) and at rest
  • Access Controls: Strict access controls and authentication for all systems
  • Infrastructure: GDPR-compliant cloud infrastructure with regular security audits
  • Data Minimization: We only collect data necessary for providing the service

Questions or Concerns?

If you have questions about this privacy policy or wish to exercise your rights, please contact us:

Email: privacy@twachalabs.com
Subject Line: "GDPR Request - [Your Request Type]"