Privacy, in plain English.
Last updated: 2026-04-11. This is the interim policy for closed beta. We will publish a full reviewed version before public launch.
The short version
- We never store your photos. Not for an hour, not for a day. Your photo stays in memory during the analysis request and is gone when the request ends.
- We do store the analysis result (numbers, scores, concerns) if you're signed in, so we can show you weekly progress.
- We don't sell your data. Ever. It's not a business model we will ever run.
- You can delete your account and all its data at any time. One click.
- Limen is for cosmetic purposes only and is not medical advice.
What we collect
When you upload a photo for analysis, we send it to our vision model (Claude, by Anthropic) and optionally a cross-validation model (GPT-4o-mini, by OpenAI). The photo is base64-encoded, sent once, and never saved to our servers, object storage, or any other persistent medium.
If you are signed in, we save the structured analysis result to our database. This includes: your Fitzpatrick estimate, skin type, per-concern scores (hydration, acne, redness, etc.), and model metadata (which model, cost, latency). No photo, no identifying image data, no filename.
For account signup, we store: email, hashed password (never the plaintext), birth year (only to confirm you are 13 or older — no day/month), and an account creation timestamp.
We also record standard web server logs (IP address, user agent, request path) for security and rate limiting. These logs are kept for 30 days and then deleted.
Who sees your photo
Two model providers see your photo for the duration of the analysis request:
- Anthropic (Claude, primary vision model) — see Anthropic's privacy policy.
- OpenAI (GPT-4o-mini, cross-validation, optional) — see OpenAI's privacy policy.
Both providers have commercial contracts with us that prohibit training their public models on our API traffic. Neither provider stores your photos beyond the short period required to process the API call per their data retention policies.
Who we do NOT share with
We do not sell your data to advertisers, data brokers, or research firms. We do not share your data with skincare brands as part of our affiliate arrangements. Brand recommendations are based entirely on the analysis model output, not on anything the brand pays us.
Your rights
You can, at any time:
- Export all of your Limen data as JSON.
- Delete your account and every row we have about you, permanently. One click in the account page.
- Ask us questions about what we know and how we use it. Email Evgeny directly at hello@limen.dev (or whatever the actual domain is at launch) and you'll get a real reply within 72 hours.
If you're in the EU, EEA, or UK, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority. If you're in California, you have rights under CCPA.
Cookies
We use a single authentication cookie (Supabase session cookie) when you are signed in, to remember you between page loads. We do not use tracking cookies, analytics cookies, or advertising cookies on this site. No Google Analytics. No Facebook Pixel. No third-party trackers.
Minimum age
Limen is only available to users 13 years and older. We enforce this at signup by requiring a birth year. We do not knowingly collect data from children under 13. If you become aware that a child under 13 has created an account, please contact us and we will delete it immediately.
Changes
We will update this page when our data practices change. If the change is material (e.g. we start using a new vendor or collecting new data), we will notify signed-in users by email and give you a reasonable window to review before it takes effect.
Questions
Reach Evgeny (Limen founder) directly at hello@limen.dev. Real human, real replies, no support ticket queue.