Seoul-curated full-size 100% authentic K-Beauty

Privacy policy

Effective Date: April 25, 2025

Last Updated: April 25, 2025

1) Who we are

Venus Labs Inc. (“Venus,” “we,” “us”) provides the Venus mobile apps and website (the “Services”). Questions: [email protected].


2) Scope & key definitions

This Policy covers personal data we process through our apps, site, and support.
“Face Data” = (a) selfies you choose to upload; (b) numeric skin metrics derived from those images. We do not create or store biometric templates for identity.


3) What we collect

  • Account & profile. Email/Apple/Google ID, display name; optional age range, skin type, allergens, goals.

  • Face Data. Raw images you upload; derived metrics (e.g., redness score, acne count, hydration, tone, calmness, smoothness, purity, Venus Score).

  • Usage & device. App events, device/OS, language, time zone, crash logs.

  • Support. Messages/attachments you send us.

  • Marketing (opt-in). Push/email preferences.

4) How we use data

  • Provide the Services. Log in, analyze skin, build routines, power your boxes, and show your progress.

  • AI processing. Images are processed to produce numeric metrics. We do not share raw images with vendors. We may send anonymized numeric metrics to an AI vendor to generate text explanations.

  • Improve & secure. Debugging, analytics, fraud prevention.

  • Marketing (opt-in). Tips, updates, promos.

  • Legal. Enforce Terms, comply with law.

5) Sharing & disclosure

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising. We share only with:

  • Hosting & infra: AWS (US) for encrypted storage; crash/diagnostics vendors.

  • Analytics: GA4 (configured without Ads features).

  • AI vendor: Receives numeric metrics only (no images) for text generation.

  • Legal & transactions: If required by law or in a merger/acquisition.

A current list of subprocessors is available at venuslabs.com/legal/subprocessors.


6) Face Data transparency (Apple §5.1.1)

  • Collected: User-supplied selfies; derived numeric metrics (e.g., dryness level, redness level, acne level, tone, calmness, smoothness, purity, Venus Score).

  • Purpose: (1) Show you analysis and personalized guidance; (2) with separate opt-in, use de-identified/aggregated metrics to improve models.

  • Third-party sharing: Raw images: never shared. Numeric metrics only may be shared with our AI vendor for text generation.

  • Storage: AES-256 at rest on AWS (US). In transit via TLS 1.2+.

  • Retention: Raw images = life of account + 30 days; derived metrics = deleted at account deletion or on request.

  • Opt-out / deletion: Delete images in-app; or Settings → Delete Account to remove everything.

  • No facial recognition. We do not identify/verify users or track identity from Face Data.


7) Legal bases (GDPR/UK GDPR)

  • Contract (Art. 6(1)(b)): account, core services.

  • Consent (Art. 6(1)(a), Art. 9(2)(a)): Face Data processing; marketing; optional model-improvement.

  • Legitimate interests (Art. 6(1)(f)): security, non-advertising analytics, fraud prevention.
    We also comply with CCPA/CPRA and Korea PIPA.

8) Data retention


Raw selfies Account life + 30 days

Derived metrics Deleted at account deletion or on request

Account/profile Account life + 30 days

Aggregated analytics ≤ 24 months

Support threads 24 months after resolution

We delete or de-identify data when no longer needed.


9) Security

TLS in transit; AES-256 at rest; least-privilege access; logging and monitoring; periodic third-party testing; incident response program.


10) Your rights & choices

  • Delete account/data: In-app Settings → Delete Account or email [email protected].

  • Access/portability: Request a machine-readable copy (JSON/CSV).

  • Correction: Edit profile in-app.

  • Consent: You can disable scans and/or withdraw the separate model-improvement opt-in at any time.

  • Marketing: Opt out in app/email.

  • US (CPRA): You may request access, correction, deletion; we do not sell/share personal data; we honor Global Privacy Control (GPC) signals.

  • Response times: US—within 45 days; EU/UK—within 30 days. Appeals available where required.

Submit requests to: [email protected]


11) Children

Not for under-13s. If a child’s data was submitted, contact us for deletion.


12) International transfers

We store/process in the United States. For EU/UK data, we rely on SCCs and comparable safeguards. For Korea PIPA cross-border transfers, we disclose: recipient (Venus Labs Inc., AWS, listed vendors), country (US), purpose (hosting/processing), items transferred (as above), retention (as above), and contact ([email protected]). You may withdraw cross-border consent where required.


13) Automated decisions

We do not make automated decisions that produce legal or similarly significant effects. Guidance is cosmetic/wellness only.


14) Not medical advice

Content is informational/cosmetic only and not medical advice.


15) Cookies & tracking (website)

We use essential cookies and basic, non-advertising analytics (GA4). Manage preferences at Cookie Settings. We honor GPC.


16) Changes

We’ll post updates in-app and notify you of material changes 7 days before they take effect.


17) Contact

Venus Labs Inc.
[email protected]

Seoul-curated full-size 100% authentic K-Beauty

Seoul-curated full-size 100% authentic K-Beauty