DermLens AI · Nexa Global Limited
Your privacy matters to us. This Privacy Policy explains exactly what personal data we collect when you use DermLens AI, why we collect it, how we protect it, and the rights you have over it. Please read it carefully. By using our Service, you agree to the practices described here.
Medical Disclaimer: DermLens AI provides non-medical, educational skincare information only. It does not constitute medical advice, diagnosis, or treatment. Our app exclusively recommends over-the-counter products — never prescription or pharmacy-only items. Always consult a qualified healthcare professional for medical concerns.
DermLens AI is operated by Nexa Global Limited, a company incorporated in Abu Dhabi, United Arab Emirates.
Registered Address:
Smart Station, First Floor, Incubator Building
Masdar City, Abu
Dhabi, United Arab Emirates
Contact: dermlensai@gmail.com
Nexa Global Limited is the data controller responsible for your personal data as described in this Privacy Policy. We are committed to protecting your privacy and handling your data transparently, lawfully, and securely.
We collect only the data necessary to provide and improve the DermLens AI Service.
| Data Type | What It Includes | Why We Need It |
|---|---|---|
| Facial Photographs | Images of your face you upload for skin analysis | Core AI skin analysis function |
| Account Information | Email address, display name, password (if account created) | Account management and security |
| Profile Information | Optional: skin type, age range, skincare concerns | Personalising recommendations |
| Communications | Messages, feedback, or support queries you send us | Customer support and service improvement |
| Data Type | What It Includes |
|---|---|
| Device Information | Device type, operating system, browser type and version |
| Usage Data | Features used, time spent, pages viewed, interactions |
| Technical Logs | IP address (anonymised where possible), error logs, access timestamps |
| Analytics Data | Aggregated, anonymised usage patterns for service improvement |
We do not collect payment card details, government IDs, medical records, or any information that directly reveals a diagnosed medical condition.
We use your personal data only for the following purposes:
We do not use your data for automated individual decision-making that produces significant legal or medical effects about you.
Facial photographs may constitute biometric or special category personal data under applicable data protection laws. We handle this data with the highest level of care and apply strict safeguards.
Our AI analysis is based on machine learning models and has inherent limitations. Accuracy may be affected by image quality, lighting, camera resolution, and skin tone. Results are educational estimates only and must not be used for medical purposes.
We may use third-party AI service providers (such as cloud AI platforms) to power our analysis. These providers act as data processors under our instruction and are contractually bound to process your data only as directed by us, with appropriate security standards in place.
Where GDPR or similar frameworks apply to you, we rely on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Providing the skin analysis Service | Performance of a contract / legitimate interests |
| Processing facial photographs | Explicit consent (special category data) |
| Sending service communications | Legitimate interests / contractual necessity |
| Sending marketing messages | Consent (you can withdraw at any time) |
| Analytics and service improvement | Legitimate interests |
| Legal compliance | Legal obligation |
| Fraud and security | Legitimate interests / legal obligation |
You may withdraw consent at any time for consent-based processing by contacting us at dermlensai@gmail.com. Withdrawal does not affect the lawfulness of processing before withdrawal.
We do not sell your personal data. We do not sell, rent, or trade your personal information — including your facial images — to any third party for their own marketing or commercial purposes.
We may share your data only in the following limited circumstances:
DermLens AI integrates with or may use the following categories of third-party services:
| Category | Examples | Purpose |
|---|---|---|
| Cloud Hosting & Storage | AWS, Google Cloud | Secure data storage and app hosting |
| AI Processing | Cloud AI platforms | Machine learning skin analysis |
| Analytics | Google Analytics | Anonymised usage insights |
| Authentication | Google Sign-In | Secure account login |
| Email / Communications | Email service providers | Service and support communications |
Each third party is subject to its own privacy policy. We encourage you to review their policies. We are not responsible for the privacy practices of third-party websites linked from within our App.
| Data Type | Retention Period |
|---|---|
| Facial photographs (one-off analysis) | Deleted immediately after processing is complete |
| Facial photographs (saved to account) | Until you delete them or close your account |
| Account information | For the duration of your account, plus 30 days after closure |
| Usage and analytics data | Up to 24 months, in anonymised or aggregated form |
| Support communications | Up to 2 years from last interaction |
| Legal and compliance records | As required by applicable UAE law (typically 5–7 years) |
When data is no longer required, we securely delete or anonymise it. You may request early deletion at any time by contacting dermlensai@gmail.com.
We take the security of your personal data seriously and implement appropriate technical and organisational measures including:
Despite these measures, no internet transmission or digital storage system is 100% secure. We cannot guarantee absolute security, but we are committed to prompt action in the event of a suspected data breach. Where required by law, we will notify affected users and relevant authorities without undue delay.
Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, contact us at dermlensai@gmail.com. We will respond within 30 days.
Request a copy of the personal data we hold about you.
Ask us to correct any inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten").
Ask us to limit how we use your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
Withdraw consent at any time for consent-based processing.
Request human review of significant automated decisions.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with your local data protection authority. For UAE residents, this is the UAE Data Office.
DermLens AI is operated from Abu Dhabi, UAE. Your data may be processed by our service providers in other countries, including those in the European Economic Area, the United States, or elsewhere.
Where personal data is transferred outside the UAE or EEA, we ensure that appropriate safeguards are in place, such as:
You may request details of the safeguards we use for international transfers by contacting dermlensai@gmail.com.
DermLens AI is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. Users between the ages of 13 and 17 must use the Service under parental or guardian supervision.
For users in the European Economic Area, the minimum age is 16 years (or the applicable age of digital consent in your country), unless verifiable parental consent is provided.
If you believe we have inadvertently collected data from a child under 13, please contact us immediately at dermlensai@gmail.com and we will delete the information promptly.
DermLens AI is a Progressive Web Application (PWA) and uses the following technologies:
| Technology | Purpose | Can You Opt Out? |
|---|---|---|
| Essential cookies | App functionality, session management, security | No — required for core function |
| Analytics cookies | Understanding usage patterns (anonymised) | Yes — via cookie preferences |
| Performance cookies | App speed and error monitoring | Yes — via cookie preferences |
| PWA service workers | Offline capability and app caching | Via browser settings |
You can manage cookie preferences through your browser settings at any time. Disabling non-essential cookies will not affect core App functionality.
As a UAE-based company, we comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). UAE residents have the right to access, correct, and request deletion of their personal data, and to object to processing. Contact us at dermlensai@gmail.com to exercise these rights.
If you are located in the European Economic Area or United Kingdom, you have enhanced rights under the General Data Protection Regulation (GDPR) or UK GDPR, including all rights listed in Section 10. Where we process your data, we do so on the legal bases set out in Section 5. You may lodge a complaint with your national data protection authority if you believe your rights have been violated.
California residents have rights under the California Consumer Privacy Act (CCPA), including:
To submit a CCPA request, email dermlensai@gmail.com with the subject line "CCPA Privacy Request".
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
We encourage you to review this Policy periodically. Continued use of the Service after the updated effective date constitutes your acceptance of the revised Policy.
For any privacy-related questions, data access requests, or concerns, please reach out to us:
© 2026 Nexa Global Limited. All rights reserved. · www.dermlensai.com
DermLens AI is an educational skincare tool and does not provide medical advice, diagnosis, or treatment.