Kosme
KR

Privacy Policy

Terms|Privacy

Privacy Policy (Kosme)

Last updated: 2026-05-29

TOEM TECH LLC (“Company”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy explains how we collect, use, process, store, and disclose information when you use the Kosme mobile application and related services (the “Service”).

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We may collect the following categories of information:

A. Information You Provide and Facial Data (Face Data)

  • Facial Images and Photo Data (Including Face Data) for Skin Analysis: Facial photos and facial image data directly taken or uploaded by the user for AI-based skin analysis, personalized product recommendations, and history (Before/After) tracking features.
  • Account information such as email address
  • User preferences and skincare-related inputs
  • Customer support communications

B. Automatically Collected Information

  • Device information (Operating system and app version)
  • IP address
  • Usage analytics and interaction data
  • Crash logs and diagnostic data

C. Analysis and Generated Data

  • AI-generated skin analysis results and skin scores
  • Product recommendation history and comparison data

2. How We Use Information and Facial Data

We use the collected information strictly for the following purposes:

A. General Data Use

  • Provide, operate, and maintain the Service, including customer support;
  • Improve product recommendations and Service quality;
  • Detect, prevent, and address fraud, abuse, or security issues, and comply with legal obligations.

B. Specific Use of Facial Data (Face Data) and Photos

The Company processes and utilizes uploaded facial photos and facial data solely for the following specified service purposes:

  • AI-Based Skin Condition Analysis: Analyzing the user's facial images to precisely measure skin scores, moisture levels, and trouble areas.
  • Personalized Skincare Product Recommendations: Generating optimal K-Beauty product recommendations based on the analyzed skin data.
  • Skin History and Progress Tracking: Providing features that allow users to compare current analysis results with previously saved ones (Before/After tracking).

We may use anonymized and aggregated data strictly for system and model improvement. Under no circumstances do we sell, rent, or lease your facial images or facial data to third parties for marketing or commercial purposes.

3. Storage Location and Retention of Facial Data (Face Data)

A. Storage and Infrastructure Location

  • To ensure data safety and secure management, uploaded facial images and facial data are safely stored and retained in encrypted secure storage provided by Supabase.

B. Retention Period and Destruction Principle

  • Retention for Core Features: Uploaded images and generated analysis results are securely retained to provide essential features—such as accessing past skin analysis reports, history management, before/after comparisons, and tracking skin progress over time—for all users, including non-members (guests) and registered members.
  • Destruction Upon Request or Withdrawal: The Company will immediately and permanently destroy the associated facial data and photos from the system without delay only when a user requests the deletion of a specific analysis record within the app, or proceeds with account/data deletion (membership withdrawal). (However, minimal backup copies to prevent system errors may persist in an encrypted state for a maximum of 14 days before being completely purged.)

4. Third-Party Services and AI Providers

Certain features of the Service rely on third-party infrastructure and AI providers.

We may share limited data with trusted third-party providers to operate, maintain, secure, and improve the Service, including:

  • OpenAI (AI Analysis Technology Provider): Receives the user's uploaded skin photo data to execute the skin analysis algorithms.
  • Supabase (Database and Backend Hosting Provider): Manages secure data storage and encryption processing.
  • Cloud hosting and analytics providers

Such providers may process data on our behalf solely for purposes related to operating and improving the Service.

A. Scope of Third-Party Data Transfer and Security Assurances (Compliance with Guideline 5.1.1(i))

  • Data transmitted to third-party AI providers is strictly limited to the "facial photos and images uploaded for skin analysis" provided by the user. No other personally identifiable information, such as email addresses, is transmitted.
  • We ensure and contractually mandate that all third-party partners (including OpenAI) with whom data is shared implement strong data protection measures and encryption technologies equivalent to or greater than our own Privacy Policy. These providers process facial data temporarily and solely for executing Kosme's analysis functions; they are strictly prohibited from utilizing the user's facial data for their independent model training or any other commercial purposes.

5. Data Retention

We retain personal information for as long as reasonably necessary to:

  • provide the Service;
  • maintain user accounts and history;
  • provide before/after and progress tracking features;
  • comply with legal obligations;
  • resolve disputes;
  • enforce agreements.

If you delete your account or request deletion, we will take reasonable steps to delete or anonymize associated personal data within a reasonable period, subject to legal obligations, fraud prevention, and security requirements.

Temporary backup copies may persist for a limited time (up to 14 days) before being completely deleted.

6. Data Security

We implement reasonable technical and organizational safeguards designed to protect personal information, including facial data. This includes encryption in transit (HTTPS), encryption at rest (AES-256), and strict access control protocols.

However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

7. Your Rights (Withdrawal of Consent and Deletion)

Depending on your jurisdiction, you may have the following rights, which can be exercised at any time via the in-app settings or customer support:

  • Access your personal information and facial data;
  • Request correction of inaccurate information;
  • Request deletion of your personal information and facial data (Immediate destruction);
  • Withdraw consent for data processing;
  • Object to certain processing activities.

To exercise these rights, contact us using the information below.

8. Children’s Privacy

The Service is not intended for children under 13 years of age.

We do not knowingly collect personal information or facial data from children under 13. If we become aware that such information has been collected, we will delete it without delay.

9. International Data Transfers

Your information may be processed and stored in countries other than your own, including the United States.

By using the Service, you consent to such transfers where permitted by law.

10. Cookies and Analytics

We may use analytics tools, identifiers, and similar technologies to understand how users interact with the Service and improve functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If material changes are made, we may provide notice through the Service or by other appropriate means.

Continued use of the Service after updates become effective constitutes acceptance of the revised Privacy Policy.

12. Contact and Rights Exercising Desk

If you have questions regarding this Privacy Policy, facial data processing, or privacy-related requests, contact us at:

TOEM TECH LLC
Email: kosme@toemtech.com