Privacy Policy
Last updated: 30 June 2026
1. Who We Are
Renovaara is an AI-powered beauty analysis platform operated by Renovaara (AI-Beauty) (“we”, “us”, “our”). We provide face-shape analysis, six personalised analysis infographics (face features, skin, colour season, hairstyle, spectacles, and hair colour), downloadable PDFs, and an optional Style Guide add-on generated from a full-body photo.
Questions about this policy? Reach us at privacy@renovaara.in.
2. Data We Collect
2.1 Data you provide directly
- Selfie uploads — front-facing photo(s) you upload for face analysis and infographic generation.
- Full-body photos — optional image uploaded only if you purchase the Style Guide add-on (₹99).
- Account information — email address and/or phone number collected via Supabase Auth (Google OAuth, magic link, or phone OTP).
- Payment details — processed entirely by Razorpay. We never store card numbers, CVVs, or bank credentials. We retain order IDs, amounts, and payment status for your account history.
2.2 Data collected automatically
- Usage data — pages visited, features used, session duration, browser type, and device type (via Vercel Analytics / standard server logs).
- IP address — logged transiently for security, abuse prevention, and currency detection at checkout.
- Cookies — Supabase sets a session cookie for authentication. We do not use third-party advertising cookies.
3. How We Use Your Data
- Generate your free face-shape preview and, after unlock, your six analysis infographics and PDF.
- Generate your optional Style Guide infographic and PDF when you purchase that add-on.
- Authenticate your account and gate paid features.
- Process and verify payments via Razorpay webhooks (Full Report at ₹299; Style Guide at ₹99).
- Send transactional emails (receipt and report-ready notifications) via Resend.
- Detect and prevent abuse, fraud, and unauthorised access.
- Improve our product experience using anonymised, aggregated analytics.
We do not sell, rent, or trade your personal data to third parties for advertising purposes.
4. Image and Facial Data
Your selfie is transmitted securely to our AI pipeline for analysis. Under our API agreements, your images are not used to train third-party foundation models. We use AWS Rekognition for initial face detection and OpenAI for structured analysis; infographic and try-on visuals may be generated via Replicate and FAL.
Selfies are stored in a private Supabase storage bucket accessible only to your account. Full-body photos for the Style Guide add-on are stored separately and processed only when you purchase that product.
You may delete your report and associated images at any time from your dashboard. Deletion is permanent and irreversible.
5. Legal Basis for Processing (GDPR / DPDP)
- Contract — processing required to deliver the service you requested or paid for.
- Legitimate interests — security, fraud prevention, and product improvement.
- Consent — for optional marketing emails, where you opt in explicitly.
Indian users have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act), including the right to access, correct, and erase your data.
6. Data Sharing
We share data only with the following sub-processors, under confidentiality agreements:
| Provider | Purpose | Data shared |
|---|---|---|
| OpenAI | AI text/vision analysis | Photo, analysis prompts |
| AWS Rekognition | Face detection | Photo |
| Replicate / FAL | Infographic & visual generation | Photo, generation prompts |
| Supabase | Auth, database & storage | Email, phone, report data, images |
| Razorpay | Payments | Order amount, contact email |
| Resend | Transactional email | Email address |
| Vercel | Hosting & CDN | IP, request logs |
7. Data Retention
- Selfies and full-body photos — retained while your report is active; deleted when you delete the report or close your account.
- Report and infographic data — retained while your account is active, deleted within 30 days of account closure.
- Payment records — retained for 7 years for tax and legal compliance.
- Auth logs — retained for 90 days.
8. Security
All data is transmitted over TLS 1.2+. Supabase enforces Row-Level Security (RLS) so each user can only access their own data. The selfies storage bucket is private. API keys and secrets are stored as encrypted environment variables and never exposed client-side.
9. Children's Privacy
Renovaara is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us immediately and we will delete it.
10. Your Rights
You may at any time: access the data we hold about you, correct inaccurate data, request deletion of your account and all associated data, or withdraw consent for optional communications.
To exercise any right, email privacy@renovaara.in with the subject line “Data Request”. We will respond within 30 days.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or an in-app banner at least 7 days before they take effect. Continued use of the service after that date constitutes acceptance.