Last updated: May 20, 2026
CosmetCheck ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our cosmetic compliance checking service.
We comply with the General Data Protection Regulation (GDPR) for users in the European Union, the Lei Geral de Proteção de Dados (LGPD) for users in Brazil, and the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) for users in Mexico.
We collect product information that you voluntarily submit for compliance checking, including:
When you create an account, we collect:
We automatically collect certain technical information, including IP addresses, browser type, and device information, for security and analytics purposes.
When you use our AI Listing generation feature, the product information you provide (name, ingredients, benefits) is sent to our AI service provider (DeepSeek) for processing.
Payment information is processed by Stripe. We do not store complete credit card numbers. Stripe handles your payment data according to their privacy policy.
We use your data to:
We process your personal data based on the following lawful bases, depending on your jurisdiction:
| Processing Activity | GDPR (EU) | LGPD (Brazil) | LFPDPPP (Mexico) |
|---|---|---|---|
| Account registration | Consent (Art. 6(1)(a)) | Consent (Art. 11) | Consent (Art. 8) |
| Compliance checking | Legitimate Interest (Art. 6(1)(f)) | Legitimate Interest (Art. 10) | Legitimate Interest (Art. 17) |
| AI Listing generation | Consent (Art. 6(1)(a)) | Consent (Art. 11) | Consent (Art. 8) |
| Payment processing | Contract Performance (Art. 6(1)(b)) | Contract Performance (Art. 7) | Contract Performance (Art. 17) |
| Analytics & security | Legitimate Interest (Art. 6(1)(f)) | Legitimate Interest (Art. 10) | Legitimate Interest (Art. 17) |
| Marketing communications | Consent (Art. 6(1)(a)) | Consent (Art. 11) | Consent (Art. 8) |
You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
All data is transmitted using TLS encryption and stored in secure, SOC 2-compliant data centers. We use Supabase for database hosting with Row Level Security (RLS) enabled.
We do not sell your data to third parties. Product information is used solely for compliance checking purposes.
Under GDPR, LGPD, and LFPDPPP, you have the right to:
How to Export Your Data: Navigate to Account Settings → Privacy → Export My Data. Your data export will be generated and emailed to your registered address within 72 hours. Alternatively, email privacy@cosmetcheck.com with subject "Data Export Request".
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. The specific retention periods are:
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Account data (email, name) | Until account deletion + 30 days | Automated deletion |
| Product compliance data | Until account deletion + 90 days | Automated deletion |
| AI-generated content | Until account deletion (on-demand) | User-requested deletion |
| Payment & billing records | 7 years (legal requirement) | Secure archival |
| Analytics & logs | 12 months | Automated rotation |
| Session & authentication tokens | 30 days of inactivity | Automated expiration |
| Marketing consent records | Until consent withdrawal | User-requested deletion |
Account Deletion: You can delete your account at any time via Account Settings → Privacy → Delete Account, or by emailing privacy@cosmetcheck.com. We will process deletion requests within 30 days.
After account deletion, certain data may be retained for legal compliance (e.g., tax records for 7 years under Brazilian law).
For privacy-related questions or to exercise your rights, please contact us at:
Email: privacy@cosmetcheck.com