Skratch Skin Tracker Skratch Skin Tracker
  • Features
  • FAQ
  • Contact
  • Privacy
  • Terms

Skratch Skin Tracker — Privacy Policy

Effective date: 16 May 2026

This Privacy Policy explains how Skratch Skin Tracker (the "App") collects, uses, stores and shares personal data. The App is operated by Bellerophon Consulting (International) Limited ("we", "us", "our"). Contact: legal@skratchtracker.com.

This policy is written for the current pre-release/TestFlight version of the App. If the App is later modified, such as the introduction of advertisments, this policy will be updated before that change goes live.

Important summary: The App is a personal tracking and information tool. It is not a medical device and does not provide diagnosis, treatment, clinical advice or clearance. Some data you enter may be health-related. We aim to minimise what leaves your device and to separate optional analytics and AI-improvement processing from core app functionality.

1. Who is responsible for your data?

The data controller for data processed by the App is Bellerophon Consulting (International) Limited, currently based in the United Kingdom. Email: legal@skratchtracker.com.

Where third-party services process data under their own terms or for their own legally permitted purposes, including Apple and Google/Firebase, their own privacy notices may also apply. Where those services act as data processors on our behalf, they do so under their applicable data-processing terms.

2. App features and data map

The App currently uses Firebase Authentication, Cloud Firestore, Firebase AI Logic, Firebase App Check, Firebase Analytics, Firebase Crashlytics and Firebase Cloud Messaging/Messaging. The Firestore database location is europe-west2 (London).

Most symptom tracking data remains local to your device. Local data may include symptom logs, skin photographs, treatment records, self-check and recovery quiz answers, region preference and PDF exports created by you. Photos are stored on-device and are not sent to Firebase AI or Firestore by the App in the current version.

If you create an account or enable online signal-sharing features, limited account and signal-sharing data is stored in Firebase. This may include your Firebase user ID, Sign in with Apple account identifiers made available to the App, signal-sharing profile records, linked-contact relationship records, invite/link records, generic concern-level status or signal state, treatment-status category needed for signal logic, timestamps and technical metadata.

Signal sharing is designed to share a generic status/signal with linked users. It is not designed to share symptom details, photographs, names of contacts, free-text notes, email addresses, Apple identifiers, invite codes or full raw logs.

3. Health-related and sensitive data

Information about symptoms, skin photographs, treatment use, contacts, AI questions and app context may reveal health-related information. Under UK and EU GDPR, data concerning health is a special category. We treat this as sensitive and seek to minimise what is processed outside your device.

Signal sharing does not share symptom details. It uses a generic alert/status to linked users if your concern level reaches the highest threshold and signal sharing is enabled.

The App may compute a concern level or contact-risk estimate locally using information you enter. This processing is deterministic and rule-based. It does not produce legal effects or similarly significant effects concerning you within the meaning of Article 22 UK GDPR or EU GDPR, and no decisions about you are made solely on the basis of automated processing. These outputs are provided solely as a self-tracking aid and do not constitute medical assessment or diagnosis.

The AI feature may receive health-related context only if you choose to use AI and, for app-context mode, opt in to sending a minimised app-context summary. Do not use the AI feature for emergencies or for confidential information you do not want processed by an external AI service.

4. Legal bases for processing

For UK GDPR and EU GDPR purposes, we rely on the following legal bases where applicable:

  • Contract or steps necessary to provide the requested service: to operate core app functionality, account features, signal sharing, Firestore-backed linking, AI responses requested by you, and account deletion.
  • Explicit consent (Article 9(2)(a)) / consent (Article 6(1)(a)): for optional analytics collection; for context-aware AI where health-related app context is sent to Firebase AI / Google; and for optional AI-improvement review where AI questions, AI responses and selected app context are stored or reviewed to improve the feature. Where health-related data is involved, explicit consent under Article 9(2)(a) is the condition for processing special-category data.
  • Legitimate interests (Article 6(1)(f)): for security, fraud prevention, abuse prevention, app reliability, Crashlytics diagnostics, App Check and necessary service logs, provided this does not override your rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 13).
  • Legitimate interests (Article 6(1)(f)): for Firebase AI operational monitoring used to measure request volume, latency, errors, token usage and model performance for service reliability. A Cloud Logging exclusion filter is applied to prevent storage of AI prompt or response content in operational logs. This monitoring records only aggregate performance metrics and does not store or review what you ask the AI or what it replies. You have the right to object to this processing (see Section 13).
  • Legal obligation: where we must retain or disclose limited information to comply with law, regulator requests or legal process.

Where we rely on legitimate interests, we have conducted a balancing assessment and concluded that the processing is necessary for the stated purposes, is proportionate, and does not override the rights and freedoms of data subjects given the limited and non-content nature of the data involved.

5. Analytics consent

Firebase Analytics is optional. The App does not enable Firebase Analytics until you have been shown a clear choice and you select "Allow analytics" or equivalent. If you decline, the App remains fully usable and Firebase Analytics stays disabled.

Analytics is used only to monitor aggregate app and feature use. We do not use Analytics for advertising, profiling, eligibility decisions, medical decisions or automated decision-making. We do not knowingly send symptom details, photographs, AI question text, treatment entries, body areas, contact names, invite codes, Apple identifiers, email addresses, free-text notes, or quiz answers to Analytics.

Analytics events are limited to broad feature-use events, such as opening a screen, using export, opening AI, using signal sharing or completing a non-content-specific flow. You can withdraw Analytics consent in the App's settings. Withdrawal takes effect for future collection; it does not affect data already collected during the period consent was active.

6. Crashlytics and diagnostics

Firebase Crashlytics helps us detect and fix crashes. Crash reports may include technical details such as device model, iOS version, app version, timestamps, stack traces and diagnostic state. We do not intentionally log symptom details, AI question text, photographs, treatment notes, contact names, email addresses, Apple identifiers, invite codes or other health content into Crashlytics.

Crashlytics data is processed under legitimate interests for app reliability and crash resolution. It does not require separate consent because the data collected is limited to technical diagnostics and does not include health content.

7. Authentication and account deletion

If you use signal sharing or online features, you may sign in using Sign in with Apple and Firebase Authentication. We use this to create a Firebase user ID and to associate Firestore signal-sharing records with your account.

Where the App provides an account deletion function, we will use reasonable efforts to delete your Firebase Authentication account and Firestore records controlled by the App and associated with your signal-sharing profile, links, invites, signals and any AI-improvement records stored by the App for that account. Local data may need to be cleared separately using the local clear-data function where available, or by uninstalling the App.

Deletion does not necessarily remove data already exported, shared with another person, stored locally unless separately cleared, retained in backups or logs for a limited period, retained by third-party providers under their own terms, or retained where required for legal, security or abuse-prevention reasons. We do not promise deletion of data outside our control.

8. AI feature, app-context mode and AI-improvement review

The Intelligence feature uses Firebase AI Logic / Google to generate responses. AI output is generated automatically and may be inaccurate, incomplete or unsuitable for your circumstances. It is not medical advice, diagnosis or treatment.

The App offers two AI modes. "Ask without app context" sends only the typed AI question and necessary technical request data. "Use app context" sends the typed AI question plus a minimised app-context summary, but only after you opt in to this context-aware processing.

The minimised app-context summary may include treatment status, recent symptom pattern, recent symptoms as broad categories, concern level, contact-risk estimate, contact-risk sharing status, region and other non-identifying app-state categories relevant to the response. The App does not send photographs, names, email addresses, Apple identifiers, contact names, invite codes, free-text notes or full raw logs to Firebase AI.

AI-improvement review is separate from using the AI feature. If you explicitly opt in to AI-improvement review, the App may store your AI questions, AI responses and selected minimised app context in a pseudonymised form to improve AI quality, safety, reliability and feature performance. This may include health-related information. Records are associated with a pseudonymous identifier, not your name or email. You can use the AI feature without allowing AI-improvement review, and you can withdraw consent at any time in Settings.

If you do not opt in to AI-improvement review, the App does not store your AI conversation content for product-improvement review. Firebase AI / Google may still process your request transiently to generate a response and may process operational, safety, security or legal-compliance data under applicable Firebase/Google terms and settings.

We use Firebase AI operational monitoring to measure request volume, latency, errors, token usage and model performance for service reliability. This monitoring does not store AI prompt or response content. A Cloud Logging exclusion filter is applied at the Google Cloud project level to prevent prompt and response text from being written to operational logs. This exclusion applies to all AI requests regardless of whether you have opted in to AI-improvement review. The monitoring records only aggregate performance metrics (such as error rates, latency percentiles and token counts) and is processed under legitimate interests for service operation.

The App may offer a "Clear chat" control to remove the visible or locally held chat from the App. Clearing chat removes content controlled by the App; it does not necessarily delete information already processed by Firebase AI / Google for earlier response generation, safety, security, logging, service delivery or legal purposes.

9. Notifications

The App may use local notifications and/or Firebase Cloud Messaging. You can control notification permission through iOS Settings. Notification content does not contain detailed health information unless clearly explained and necessary for the notification you request.

10. Sharing with third parties

  • Apple: Sign in with Apple, App Store/TestFlight, StoreKit and device-level permissions.
  • Google/Firebase: Authentication, Firestore, AI Logic, App Check, Analytics, Crashlytics and Messaging as described above.
  • External health-resource websites: if you tap a link to NHS, CDC, WHO, DermNet or similar resources, that website receives your request and handles data under its own policy.
  • User-controlled exports/shares: if you export a PDF, send a coordinator message or share information outside the App, that information is handled by the recipient/app you choose.
  • Legal/safety disclosures: we may disclose limited information where required by law or to protect rights, safety, security or prevent abuse.

We do not sell personal data. We do not share personal data for cross-context behavioural advertising. We do not currently serve advertising. If advertising or AdMob is added later, this policy and any required consent flows must be updated before launch of that feature.

11. International transfers

Cloud Firestore is configured with a europe-west2 (London) database location. Some Firebase/Google services, Apple services, analytics, crash reporting, AI processing, support or security processing may involve processing in other countries, including the United States. Where required by applicable law, transfers are handled using safeguards or transfer mechanisms used by the relevant provider, which may include Standard Contractual Clauses, adequacy decisions or other lawful mechanisms. Nothing in this policy creates responsibilities beyond those imposed by applicable law.

12. Retention

  • Local data remains on your device until you delete it, clear app data or uninstall the App.
  • Firestore signal-sharing data remains until you delete your account, remove links/invites/signals where supported, or until it is deleted under our operational processes, subject to legal, security, abuse-prevention, backup and technical limitations.
  • AI chat history is not stored by the App in Firestore for ordinary AI use in the current version, unless you opt in to AI-improvement review.
  • AI-improvement records, where you explicitly opt in, may be retained for up to 12 months from creation and then deleted or anonymised, unless a shorter period is required, you withdraw consent earlier, or you delete your account. On consent withdrawal or account deletion, records are deleted within a reasonable period subject to technical and legal constraints.
  • Crashlytics and Analytics data are retained according to Firebase/Google retention settings and operational requirements.
  • Backups, logs and provider-retained records may persist for a limited period after deletion where technically necessary, legally required, or maintained by a third-party provider under its own lawful retention practices.

13. Your rights

Subject to applicable law, conditions and exemptions, you may have rights to request access, correction, deletion, restriction, objection, portability and withdrawal of consent where processing is based on consent. Nothing in this policy is intended to create rights beyond those required by applicable law.

Where processing is based on legitimate interests (including AI operational monitoring, Crashlytics, security and abuse prevention), you have the right to object on grounds relating to your particular situation. On receiving an objection, we will cease the processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

For local-only data, you can usually control the data directly by editing or deleting it in the App, using local clear-data functions where available, or uninstalling the App. For account and Firestore data controlled by the App, use the in-app delete-account function where available or contact us.

You can withdraw optional Analytics consent, AI-context consent and AI-improvement review consent in the App's settings. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. Where technically and legally possible, future optional collection for that purpose will stop. Account deletion is subject to the limitations described in this policy.

To exercise any of these rights, contact us at legal@skratchtracker.com. We will respond within one month of receiving your request, or inform you if an extension is needed.

14. Security

We use reasonable technical and organisational measures appropriate to a small pre-release app, including iOS sandboxing, platform security, Firebase security features, Firestore security rules and App Check. No system is completely secure. You are responsible for protecting your device, passcode, Apple account and any exported files or messages.

15. Children

The App is intended for users aged 16 and over. Users under 16 must not use the App. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us and we will take steps to delete it.

16. Changes to this policy

We may update this policy to reflect app, legal or technical changes. Updated versions may be made available in-app, through TestFlight/App Store release notes, or by another reasonable method. If a change materially expands optional processing such as Analytics, advertising or AI-improvement review, we will request any new consent required by applicable law before the expanded processing begins.

17. Contact and complaints

Contact: Bellerophon Consulting (International) Limited, legal@skratchtracker.com.

If you are in the UK, you may complain to the Information Commissioner's Office (ICO) at ico.org.uk where applicable. If you are in the EU, you may complain to your local supervisory authority. We ask that you contact us first where possible so we can try to resolve the issue. This policy does not create complaint or remedy rights beyond those required by applicable law.

Home Features FAQ Contact Privacy Policy Terms of Service

Skratch Skin Tracker © 2026 Bellerophon Consulting (International) Limited.