Skip to content

Privacy Policy

Last updated: 6 May 2026

The Short Version

  • When you photograph an ingredient label, the photo is sent to our server and forwarded to Anthropic's Claude AI to read the ingredient text. The photo itself is processed in real time and not stored.
  • The extracted ingredient list and computed safety scores are stored in our database, linked only to an anonymous device identifier, never to your name, email, or other personal data.
  • When you scan a barcode, the barcode number alone may be sent to Go-UPC if the product isn't already in our database, to retrieve product name and image.
  • We do not require user accounts and don't ask for your name, email, or contact details.
  • We use Cloudflare Web Analytics, which sets no cookies and collects no personal data.
  • We never sell your data to anyone.

1. Who We Are

LuxSense ("LuxSense," "we," "us," or "our") is the operator of the LuxSense skincare ingredient scanning and analysis application and website (together, the "Service"). LuxSense is operated from Australia.

For the purposes of the General Data Protection Regulation (GDPR), LuxSense is the data controller: we decide how and why personal data is processed for users in the European Economic Area, the United Kingdom, and Switzerland.

Contact us:
Email: [email protected]
Subject line: "Privacy Inquiry"

2. What Data We Collect

When you scan a product by photo

Data What Happens Stored?
Ingredient label photo Sent from your device to our server (Cloudflare Workers), then forwarded to Anthropic's API (Claude) to extract the printed ingredient list as text No. Processed in real time, immediately discarded after extraction. Not stored on our servers and not retained by Anthropic for model training.
Barcode number If the scanned barcode isn't already in our database, the bare barcode number (e.g. "3660005081960") is sent to Go-UPC to retrieve product name, brand, and image. No photo, no personal data, no device identifier is sent to Go-UPC. The product metadata Go-UPC returns is cached in our database. The lookup itself isn't logged.
Scan results Extracted ingredient list and computed safety scores returned to your device Yes. Stored on our servers (Cloudflare D1) so the product becomes searchable for other users and can be served from cache on future scans. Tied only to an anonymous device identifier, never to your name, email, or other personal data. If you share an analysis, the shareable copy is stored separately for 30 days then auto-deleted.

When you scan a barcode

Barcodes are read entirely on your device using Apple Vision. Only the extracted barcode number (e.g., "3337875398718") is sent to our server for product lookup. No image data is transmitted during barcode scanning.

Data collected automatically

  • Anonymous website analytics: page views, referrers, country (coarse) via Cloudflare Web Analytics. Cookieless, no personal identifiers.
  • IP address: processed by Cloudflare for request routing. Not stored by us.

Data we do NOT collect

  • User accounts or email addresses: no accounts are required.
  • Location data: not requested or stored.
  • Health data: no Apple Health or HealthKit integration.
  • Payment data: the app is free.
  • Advertising identifiers (IDFA): not collected.
  • Contacts, calendars, or other personal data: not accessed.

3. How We Use Your Data

Purpose Data Used Legal Basis (GDPR)
Read ingredient labels from photos Ingredient label photo (sent to Anthropic API) Legitimate interest (Art. 6(1)(f))
Look up product metadata for unknown barcodes Barcode number only (sent to Go-UPC) Legitimate interest (Art. 6(1)(f))
Calculate safety scores Ingredient names matched against our database Legitimate interest (Art. 6(1)(f))
Enforce free-tier scan limits and prevent abuse Anonymous device identifier and per-day scan counts Legitimate interest (Art. 6(1)(f))
Website analytics Anonymous page view data (cookieless) Legitimate interest (Art. 6(1)(f))
Legal compliance As required by law Legal obligation (Art. 6(1)(c))

4. Camera Usage & Photo Processing

This section explains exactly what happens when you photograph an ingredient label inside the app:

  1. You point your camera at an ingredient label and capture one or more photos (up to 3 per scan).
  2. Each photo is downscaled and re-encoded to JPEG on your device.
  3. The compressed photos are sent over HTTPS (TLS 1.3) to our backend on Cloudflare Workers.
  4. Our backend forwards the photo(s) to Anthropic's Claude with a prompt to extract the printed INCI ingredient list.
  5. Claude returns the extracted ingredient names. The photo is then immediately discarded, not stored in any database, file, log, R2 bucket, or cache.
  6. Each extracted ingredient name is matched against our database (CosIng, PubChem, Open Beauty Facts) for safety scoring.
  7. The scored ingredient list is stored in our database (linked only to an anonymous device identifier) and returned to your device.
  8. If you tap "Share" on a standalone ingredient analysis, the rendered analysis (not the original photo) is stored separately for 30 days under a random URL, then auto-deleted.

We cannot access your camera feed, photo library, or any images on your device beyond the specific photos you explicitly capture for scanning. Photos are never written to disk or persistent storage on our servers.

Barcode Scanning

Barcodes are detected entirely on your device using Apple Vision. Only the resulting barcode number is sent to our server for lookup. No image data is transmitted during barcode scanning. If the barcode isn't in our database, the bare barcode number alone is forwarded to Go-UPC to retrieve product name and image. No photo, device identifier, or personal data is sent to Go-UPC.

Anthropic's Data Handling

Under Anthropic's API Data Policy: API inputs (including photos) are not used for model training. They may be retained for up to 30 days for trust-and-safety purposes (abuse monitoring), after which they are deleted. See Anthropic's policies.

5. Who We Share Data With

We do not sell, rent, or trade your data. We share data with the following service providers, solely as necessary to operate the Service:

  • Anthropic, PBC: AI model provider (Claude). Receives ingredient label photos to extract printed INCI ingredient text. Photos are not used for model training. Located in the United States. Anthropic's policies →
  • Go-UPC, Inc.: barcode-to-product database lookup. Receives only the bare barcode number when a scanned barcode isn't already in our database, and returns product name, brand, and image. No photo, no device identifier, no personal data is sent. Go-UPC's privacy policy →
  • Cloudflare, Inc.: hosting, edge computing, CDN, KV/D1/R2 storage, and privacy-first web analytics. Acts as our data-processing infrastructure provider under standard data-processing terms. Cloudflare's GDPR commitment →
  • Apple Inc.: App Store distribution and in-app purchase processing (subscriptions). Subject to Apple's Privacy Policy. We never see your full Apple ID, payment-card details, or billing address. Apple processes those and we only receive an anonymous transaction confirmation.

6. International Data Transfers

When you use photo scanning or scan an unknown barcode, data is transmitted to:

  • Cloudflare Workers: edge location nearest to you
  • Anthropic's API: servers in the United States (ingredient label photos only)
  • Go-UPC: servers in the United States (bare barcode number only, when the product isn't already in our database)

These transfers are protected by:

  • The EU-U.S. Data Privacy Framework, where the recipient participates;
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable;
  • TLS 1.3 encryption in transit;
  • The fact that photos and barcodes do not in themselves identify you, and the photos are not stored.

7. How Long We Keep Your Data

Data Type Retention Period
Product photos Zero retention. Processed in real-time, immediately discarded.
Scan results (ingredient lists, safety scores) Stored in our database to build the public product catalog. Linked only to an anonymous device identifier, never to a personal identity. Retained for as long as the product remains in our database; you can request deletion of any data linked to your device by emailing us.
Shared scan analyses When you tap "Share" on a standalone ingredient scan, the rendered analysis is stored for 30 days in a key-value store, accessed via a random URL, then auto-deleted.
Web search queries Transient. Not logged by us.
Website analytics Aggregated and anonymous, with no personal data retained.

8. Your Rights Under GDPR

As an EU resident, you have the following rights. Exercise any of these by emailing [email protected]. We'll respond within 30 days.

Note: Since we do not currently require user accounts or collect personal data, we are unlikely to hold any personal data about you. However, you may still exercise these rights:

  • Access. Request a copy of all personal data we hold about you.
  • Rectification. Ask us to correct inaccurate data.
  • Erasure ("right to be forgotten"). Ask us to delete your personal data.
  • Restriction. Ask us to temporarily stop processing your data.
  • Data portability. Receive your data in a structured, machine-readable format.
  • Objection. Object to processing based on legitimate interest.

Right to lodge a complaint: You can complain to the data protection supervisory authority in your country of residence. A list of EU/EEA supervisory authorities is published by the European Data Protection Board. UK residents may complain to the Information Commissioner's Office (ICO).

8a. Australian Privacy Rights

For users in Australia, LuxSense handles personal information consistent with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth). You may request access to, correction of, or deletion of any personal information we hold about you by emailing [email protected].

If you believe we have mishandled your personal information, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

9. Cookies & Tracking

We don't use cookies for analytics or tracking.

Our website uses Cloudflare Web Analytics, a privacy-first analytics service that:

  • Does not use cookies
  • Does not track users across sites
  • Does not collect personal information
  • Does not fingerprint devices

Because we don't set tracking cookies, you won't see a cookie consent banner on our site.

10. Children's Privacy

LuxSense is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

11. Security

We take reasonable technical and organizational measures to protect data in transit:

  • All data transmitted is encrypted with TLS 1.3
  • Photos are processed in isolated Cloudflare Worker sandboxes and immediately discarded
  • Photos are never written to disk, database, or log files
  • Cloudflare provides DDoS protection and Web Application Firewall (WAF)
  • Backend access requires multi-factor authentication

No system is 100% secure. If we discover a data breach affecting personal data, we will notify affected individuals and the relevant supervisory authority within 72 hours, as required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last updated" date at the top
  • We will provide notice via in-app notification or on our website
  • We will give at least 30 days' notice before material changes take effect

13. Contact Us

For any questions, concerns, or requests regarding your privacy or this policy:

We aim to respond to all privacy-related requests within 30 days.