Privacy Policy

Last updated: 1 March 2026

The Short Version

  • When you scan a product by photo, your photo is sent to our server and forwarded to Anthropic's AI (Claude) for identification. Photos are never stored — they are processed in real-time and immediately discarded.
  • We use Brave Search API to verify ingredient lists from the web. Only product names are searched — no personal data.
  • We do not require user accounts and collect no personal data beyond anonymous analytics.
  • We use Cloudflare Web Analytics, which sets no cookies and collects no personal data.
  • We never sell your data to anyone.

1. Who We Are

LuxSense is developed and operated by Bogdan Tudor, an individual developer based in Romania. LuxSense is not yet incorporated as a legal entity. We provide a skincare ingredient scanning and analysis application and website (together, the "Service").

For the purposes of the General Data Protection Regulation (GDPR), Bogdan Tudor is the data controller — we decide how and why personal data is processed.

Contact us:
Email: [email protected]
Subject line: "Privacy Inquiry"

2. What Data We Collect

When you scan a product by photo

Data What Happens Stored?
Product photo Sent from your device to our server (Cloudflare Workers), then forwarded to Anthropic's API (Claude AI) for product identification No. Processed in real-time, immediately discarded. Not stored on our servers or retained by Anthropic for training.
Web search queries Product name sent to Brave Search API to find ingredient lists on retailer websites No. Transient, not logged by us. No personal data sent.
Fetched web pages Our server may fetch public retailer pages to extract ingredient lists No. Processed in real-time, discarded.
Scan results Ingredient analysis and safety scores returned to your device Cached on your device only.

When you scan a barcode

Barcodes are read entirely on your device using Apple Vision. Only the extracted barcode number (e.g., "3337875398718") is sent to our server for product lookup. No image data is transmitted during barcode scanning.

Data collected automatically

  • Anonymous website analytics — page views, referrers, country (coarse) via Cloudflare Web Analytics. Cookieless, no personal identifiers.
  • IP address — processed by Cloudflare for request routing. Not stored by us.

Data we do NOT collect

  • User accounts or email addresses — no accounts are required.
  • Location data — not requested or stored.
  • Health data — no Apple Health or HealthKit integration.
  • Payment data — the app is free.
  • Advertising identifiers (IDFA) — not collected.
  • Contacts, calendars, or other personal data — not accessed.

3. How We Use Your Data

Purpose Data Used Legal Basis (GDPR)
Identify products from photos Product photo (sent to Anthropic API) Legitimate interest (Art. 6(1)(f))
Verify ingredient lists Product name (sent to Brave Search API) Legitimate interest (Art. 6(1)(f))
Calculate safety scores Ingredient names matched against database Legitimate interest (Art. 6(1)(f))
Website analytics Anonymous page view data (cookieless) Legitimate interest (Art. 6(1)(f))
Legal compliance As required by law Legal obligation (Art. 6(1)(c))

4. Camera Usage & Photo Processing

This section explains exactly what happens when you scan a product by photo:

  1. You point your camera at a product and capture a photo.
  2. The photo is compressed on your device (JPEG format).
  3. The compressed photo is sent via HTTPS (TLS 1.3) to our backend server on Cloudflare Workers.
  4. Our backend forwards the photo to Anthropic's Claude AI with a prompt to identify the product.
  5. Claude processes the image and returns: product name, brand, and preliminary ingredient list.
  6. The photo is immediately discarded — not stored in any database, file, log, or cache.
  7. Our backend uses Brave Search API to search the web for the product and verify/complete the ingredient list.
  8. Ingredients are matched against our database (CosIng, PubChem, Open Beauty Facts) for safety scoring.
  9. Results are returned to your device.

We cannot access your camera feed, photo library, or any images on your device beyond the specific photo you capture for scanning. Photos are not written to disk or logged on our servers at any point.

Anthropic's Data Handling

Under Anthropic's API Data Policy (as of March 2026): API inputs (including photos) are not used for model training. They may be retained for up to 30 days for trust and safety purposes (abuse monitoring), after which they are deleted. See Anthropic's policies.

5. Who We Share Data With

We do not sell, rent, or trade your data. We share data with the following service providers, solely as necessary to operate the Service:

  • Anthropic, PBC — AI model provider. Receives product photos for identification. Photos are not stored for training. Located in the United States. Anthropic's policies →
  • Brave Software, Inc. — Web search provider. Receives product name search queries only — no photos, no personal data, no user identifiers. Located in the United States. Brave's privacy policy →
  • Cloudflare, Inc. — Hosting, edge computing, CDN, and privacy-first web analytics. EU users' requests are typically processed at EU edge locations. Cloudflare's GDPR commitment →
  • Apple Inc. — App Store distribution. Subject to Apple's Privacy Policy.
  • Third-party websites — Our server may fetch publicly available product pages from retailers to extract ingredient lists. No user data is sent to these websites.

6. International Data Transfers

When you use photo scanning, your product photo is transmitted to:

  • Cloudflare Workers — edge location nearest to you (typically within the EU for EU users)
  • Anthropic's API — servers in the United States

These transfers are protected by:

  • The EU–U.S. Data Privacy Framework (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • TLS 1.3 encryption in transit
  • The fact that photos are not stored and contain product packaging images, not personal data

For Brave Search queries, only product names are transmitted — no personal data crosses borders.

7. How Long We Keep Your Data

Data Type Retention Period
Product photos Zero retention. Processed in real-time, immediately discarded.
Scan results Cached on your device. Deleted when you clear the app.
Web search queries Transient. Not logged by us.
Website analytics Aggregated and anonymous — no personal data retained.

8. Your Rights Under GDPR

As an EU resident, you have the following rights. Exercise any of these by emailing [email protected]. We'll respond within 30 days.

Note: Since we do not currently require user accounts or collect personal data, we are unlikely to hold any personal data about you. However, you may still exercise these rights:

  • Access — Request a copy of all personal data we hold about you.
  • Rectification — Ask us to correct inaccurate data.
  • Erasure ("right to be forgotten") — Ask us to delete your personal data.
  • Restriction — Ask us to temporarily stop processing your data.
  • Data portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interest.

Right to lodge a complaint: You can complain to the supervisory authority in your EU member state. In Romania, this is the ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal).

9. Cookies & Tracking

We don't use cookies for analytics or tracking.

Our website uses Cloudflare Web Analytics, a privacy-first analytics service that:

  • Does not use cookies
  • Does not track users across sites
  • Does not collect personal information
  • Does not fingerprint devices

Because we don't set tracking cookies, you won't see a cookie consent banner on our site.

10. Children's Privacy

LuxSense is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

11. Security

We take reasonable technical and organizational measures to protect data in transit:

  • All data transmitted is encrypted with TLS 1.3
  • Photos are processed in isolated Cloudflare Worker sandboxes and immediately discarded
  • Photos are never written to disk, database, or log files
  • Cloudflare provides DDoS protection and Web Application Firewall (WAF)
  • Backend access requires multi-factor authentication

No system is 100% secure. If we discover a data breach affecting personal data, we will notify affected individuals and the relevant supervisory authority within 72 hours, as required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last updated" date at the top
  • We will provide notice via in-app notification or on our website
  • We will give at least 30 days' notice before material changes take effect

13. Contact Us

For any questions, concerns, or requests regarding your privacy or this policy:

We aim to respond to all privacy-related requests within 30 days.