Melanin MatchSign in or create account

Privacy Policy

Last updated: 9 May 2026

This policy explains what data Melanin Match collects, how it's used, and what your rights are under UK GDPR.

What I collect

Account data

  • Your email address, used to sign in via magic link or Google OAuth.
  • If you sign in with Google: your name and profile picture URL, as provided by Google.

Scan data

  • The LAB colour values (lightness, red-green, yellow-blue) computed from your scan.
  • The classified bucket (your undertone and depth).
  • A confidence score for the classification.
  • Timestamp of the scan.

No images. Your scan photo is processed in your browser, the colour reading is extracted, and the photo itself is never uploaded to or stored on our servers.

App activity

  • Shades you save to your saved list.
  • Ratings you give to saved shades (perfect, slightly off, doesn't work).

Cookies

  • Authentication cookies from Supabase, used to keep you signed in. These are essential. I don't use analytics or tracking cookies.

What I don't collect

  • Photos or images
  • Location data
  • Device fingerprints
  • Browsing activity outside Melanin Match
  • Marketing trackers or ad pixels

Why I collect it

  • Email and account info: so you can sign in and so your saved shades persist between sessions.
  • Scan data: to give you accurate matches and improve the algorithm. Aggregated, anonymised scan data helps refine the classifier.
  • Saved shades and ratings: to power the match-rate feature, where ratings from users in the same bucket as you help inform recommendations.

Who I share it with

I use third-party services to run the app. They process some of your data on my behalf:

  • Supabase for database and authentication (your email, scan data, saved shades).
  • Vercel for hosting (standard server logs including IP addresses, kept for a limited period).
  • Resend for email delivery (your email address, when sending magic links).
  • Google for OAuth sign-in (your name, email, profile picture URL, only if you sign in with Google).

When you click a “Shop now” link to a product, you're handed over to the retailer's site (often via the Awin or Amazon Associates affiliate networks). Those services may track your click. I earn a commission if you make a purchase. This doesn't affect what's recommended to you, only how the app generates revenue.

I never sell your data.

How long I keep it

  • Account and scan data: as long as your account is active.
  • Server logs (Vercel): typically 30 days.
  • If you delete your account, your account and scan data are deleted within 30 days.

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data I hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to certain processing.
  • Withdraw consent at any time.

To exercise any of these rights, email me at the contact address below.

Children

Melanin Match is not intended for users under 16. If you're under 16, please don't use this service.

Changes to this policy

If this policy changes, the “Last updated” date will reflect the new version. Significant changes will be communicated to active users by email.

Contact

For privacy questions or to exercise your rights: hello@melaninmatchapp.com