SUMMARY (full policy below). lichensclerosus.ai is an educational platform centered on an INCI ingredient analyzer. We are committed to processing minimal personal data, providing clear consent mechanisms, and respecting your data rights. The tool works without an account — no personal or medical information is required. If you provide your email, we use it for transactional purposes (rate-limit notifications, subscription confirmation) and for opt-in newsletter and product announcements. You can withdraw consent at any time. We work with named processors: Anthropic (AI inference), Cloudflare (hosting/database), MailerLite (email), Gumroad (subscription payments), Resend (transactional email). We do NOT sell your data. This policy explains in detail.
The Data Controller for personal data processed via lichensclerosus.ai is:
Alessandro Cuggiani
Sole proprietor with Individual Entrepreneur Small Business Status (IE SBS)
Fiscal residence and business registration: Tbilisi, Georgia (the country in the South Caucasus, NOT the U.S. state of Georgia)
Italian citizen
Email: [email protected]
The Data Controller does not have a Data Protection Officer (DPO) as a designated DPO is not mandatory for this scale of processing. However, all privacy questions and rights requests can be sent directly to the email above.
EU/UK representative: The Data Controller does not maintain a permanent EU/UK representative under GDPR Art. 27 / UK GDPR equivalent at this time, given that processing is occasional and does not include large-scale or high-risk processing of EU/UK personal data. EU and UK users may contact the Operator directly at the email above for any data protection matter, and may always lodge complaints with their national supervisory authority (see Section 15).
This Privacy Policy applies to the processing of personal data via the website lichensclerosus.ai and all subdomains and tools provided as part of that platform (collectively, the "Service"). It does not apply to:
This policy is designed to comply with:
The Service processes the following categories of personal data:
Earlier versions of the Service included additional tools (a chat-based Biology Assistant, a weekly Check-in tool with self-tracking, and static educational reference pages). These features were removed in May 2026. Any user data tied to those features that was previously stored in the database (e.g., past check-in entries, chat history, opt-in preferences) is no longer actively processed. Users with stored data from deprecated features can request deletion of all such data at any time via the contact in Section 14.
The table below summarises why we process each category of data and the legal basis under GDPR Art. 6 (and where applicable, the additional condition under GDPR Art. 9 for special category data):
| Data category | Purpose | Legal basis |
|---|---|---|
| Technical request data (IP, user agent) | Operating the Service, security, abuse prevention | Legitimate interest (GDPR Art. 6(1)(f)) |
| Rate-limit hash | Preventing abuse of AI tools | Legitimate interest (GDPR Art. 6(1)(f)) |
| Anonymous UUID (localStorage) | Allowing your data to persist across sessions on your own device | Strictly necessary for service (functional, no consent needed) |
| Email address | Subscription management, magic-link authentication, rate-limit notifications, optional newsletter and product announcements | Consent (GDPR Art. 6(1)(a)) for newsletter; contract performance (GDPR Art. 6(1)(b)) for paid subscription and transactional emails |
| INCI submissions (product name, ingredient list) | Generating AI-powered educational analysis via Anthropic API | Contract performance (GDPR Art. 6(1)(b)) — providing the requested service |
| Voluntary health-related information (if user includes it in submission) | Processing only as part of the analysis the user requested | Explicit consent (GDPR Art. 6(1)(a) + Art. 9(2)(a)) recorded via the disclosure modal before first use |
| Aggregated, anonymized usage patterns (hashed INCI submissions in community database) | Improving the Service, identifying common patterns at population level | Legitimate interest (GDPR Art. 6(1)(f)) |
EXPLICIT MARKETING DISCLOSURE. If you subscribe to our newsletter or otherwise opt-in to receive emails, you understand that the Operator may use your email address to send you the following types of communications:
This explicitly includes content that may be considered marketing under applicable consumer protection laws (e.g., GDPR, CAN-SPAM Act, CASL).
By providing your email and opting in (e.g., via the newsletter form, the LS Unlimited subscription, or the email-saving option in the tools), you provide explicit informed consent for the Operator to send you the categories of email above. Consent can be withdrawn at any time without effect on the lawfulness of processing prior to withdrawal.
How to withdraw consent: every email we send includes an unsubscribe link in the footer. Clicking it removes you from the mailing list. You can also email [email protected] with the subject "Unsubscribe" to be removed manually. Withdrawal takes effect within a reasonable time and at most within 10 business days.
No third-party marketing. We do NOT share your email with third-party advertisers. We do NOT sell or rent email lists. We do NOT exchange email lists with other organisations. Email use is limited to communications from the Operator about lichensclerosus.ai and related properties operated by the Operator.
Soft opt-in for existing subscribers. If you have an active LS Unlimited subscription, you may receive transactional emails (subscription status, magic links) regardless of newsletter opt-in, because such communications are necessary for contract performance. These are not marketing emails.
Where the Service requires you to sign in to a feature (subscription account, syncing of personal product saves across devices), authentication uses passwordless magic-link email. You enter your email address, the Operator sends a unique time-limited URL to that email, and clicking the URL authenticates the session for that device. The Operator does NOT store user passwords because the Service does NOT use passwords. The Operator stores only the email address (associated with your anonymous UUID) and a rotating internal session token used to validate the authenticated session. Sessions can be terminated at any time by the user (via the "Logout" button where present) or by emailing the Operator.
SPECIAL CATEGORY DATA. The Service does NOT require any personal or medical information to function. The INCI Tool analyzes cosmetic ingredient lists, not user health profiles. Users are explicitly requested to NOT include identifying details, medical history, symptom descriptions, or other special category data in their submissions.
However, if you voluntarily include health-related information in a submission (for example, by typing context such as "I have erosive LS" alongside an ingredient list), that content is "special category personal data" under GDPR Art. 9 and is subject to enhanced protection.
The Operator's approach to voluntarily-submitted health data:
The Operator strongly recommends that you do NOT enter health information of any kind into submissions, since it is not needed by the tool. The Operator strongly recommends that you NEVER enter health information of identifiable third parties (e.g., notes about another person's condition).
Tracking entries (comfort ratings) and health-adjacent context. The community tracking feature (described in Sections 12 and 12b) stores a structured usage status and a five-point comfort rating with no free-text field. The structured fields by themselves are general personal data, not health data. However, the act of sharing a comfort rating on a platform whose entire context is lichen sclerosus arguably contextualizes the rating as health-adjacent. For maximum protection, the Operator treats tracking entries shared to the community aggregate under the same Art. 9(2)(a) explicit consent basis as free-text health information, with the consent captured via the per-entry "share with community" toggle. Tracking entries with the toggle OFF are processed under the general consent basis (Art. 6(1)(a)) and remain visible only to the user who created them.
The Service uses AI provided by Anthropic PBC (a U.S. company headquartered in San Francisco, California) to power the ingredient analyzer ("INCI Tool"). When you submit an ingredient list to the tool:
Prompt caching. The Operator uses Anthropic's prompt caching feature to reduce costs and latency. With prompt caching enabled, the static system prompt (the educational framework and evidence base) is cached by Anthropic for a short time (typically 5 minutes) so repeat queries do not re-transmit the same instruction context. User-submitted content is NOT cached — only the static system prompt. See Anthropic's documentation for details.
AI is not a person. AI-generated outputs are software-generated and may contain errors. They are educational only. Do not rely on AI outputs for medical decisions.
Anthropic's privacy practices. Anthropic's processing of data on behalf of the Operator is governed by Anthropic's commercial API terms and applicable data processing agreement. See Anthropic's privacy policy at anthropic.com/legal/privacy.
The Service is hosted on infrastructure provided by Cloudflare, Inc. (a U.S. company headquartered in San Francisco, California), specifically:
Cloudflare processes standard network traffic data (IP address, request logs, security events) as a sub-processor of the Operator. Cloudflare's privacy practices are governed by its privacy policy: cloudflare.com/privacypolicy/
The Service uses minimal cookies:
The Service does NOT use third-party advertising cookies, third-party analytics cookies (no Google Analytics, no Facebook Pixel, no equivalent), retargeting trackers, or any other cookies that would require consent under the EU ePrivacy Directive / Italian Codice Privacy.
The Operator works with the following sub-processors. Each has been selected for its commitment to data protection. Each processes personal data only on the Operator's documented instructions and under appropriate data processing terms.
| Processor | Purpose | Data processed | Location |
|---|---|---|---|
| Anthropic PBC | AI inference (INCI Tool) | Product name, ingredient list, any voluntary context user includes | USA |
| Cloudflare, Inc. | Hosting, edge serving, database, security | IP, request data, opt-in records, community products database | USA (with edge nodes worldwide) |
| MailerLite (UAB MailerLite) | Email distribution and newsletter management | Email address, subscription preferences | EU (Lithuania) |
| Gumroad, Inc. | Subscription payment processing and merchant of record | Email, payment data (Gumroad-side) | USA |
| Resend (resend.com) | Transactional email delivery (magic links, reminders) | Email address, transactional content | USA |
Each processor maintains its own privacy policy and security practices. The Operator monitors processors to ensure ongoing GDPR compliance.
Because the Operator is fiscally based in Georgia (country) and uses processors in the U.S. and EU, your personal data may be transferred internationally:
You acknowledge that international transfers may involve laws and protections different from those of your country of residence. By using the Service, you consent to these transfers.
| Data category | Retention period | Reason |
|---|---|---|
| Email subscriber data | Until unsubscribe + 12 months | Suppression list (preventing accidental re-add) |
| Active subscription data | Duration of subscription + 7 years (tax/accounting) | Tax record-keeping obligations under Georgian law |
| Anonymous UUID (server-side, opt-in) | Until deletion request, or 24 months of inactivity | Service functionality + automatic cleanup |
| INCI submissions (with hash, no personal identifier) | Indefinite as part of the community database (hash only, no link to user) | Public benefit of the educational database |
| Personal product saves ("My Products") | Until user removes the entry, OR 24 months of account inactivity, OR full account deletion request | Service functionality (personal product history) |
| Tracking entries (usage status, comfort rating) | Until user removes the entry, OR full account deletion request. Removed immediately from the public aggregate when user toggles share OFF or deletes the entry | Service functionality (personal experience log) + community aggregate |
| Historical data from deprecated features (e.g., past Check-in entries) | Deleted on user request; retained only pending such request | Features removed in May 2026; data no longer actively processed |
| Cloudflare access logs | Per Cloudflare's retention policy (typically 30 days for free tier, longer for paid) | Security and abuse investigation |
| Rate limit hashes (KV) | Rolling window (typically 24-72 hours) | Rate limit enforcement only |
You may request deletion of your data at any time. See Section 14.
When you analyse a product via the INCI Tool, a pseudonymized representation of the analysis (verdict, ingredient hash, mucosal-compatibility classification) may be stored in the community product database. This database is shown to other users of the Products tool to help the community discover patterns at scale.
What is stored:
What is NOT stored alongside in the community products table:
The community products table is therefore a pseudonymized aggregation. It is designed not to allow re-identification of any individual user from the table alone. As a general property of pseudonymization, no aggregation is provably impossible to re-identify under all conditions; the Operator does not maintain or use any linking dataset that would enable re-identification, and applies technical and organizational measures to prevent re-identification attempts.
The Service includes an optional tracking feature where users may log their personal experience with a product — choosing a usage status (considering / using / past) and an optional five-point comfort rating. Each tracking entry includes a "share with community" toggle.
When the toggle is OFF (default for considering status): the tracking entry is stored against your anonymous UUID and is visible only to you. It does not contribute to any aggregate displayed to other users.
When the toggle is ON: the comfort rating is included in the public community aggregate displayed on the relevant product's detail view. The aggregate is shown from the first shared rating onward and displays a count and a distribution of comfort ratings (e.g., "Community tracking N=3 — 2 comfortable, 1 neutral"). The aggregate does NOT display: your email, your UUID, the timestamp of your specific entry, or any other personal identifier.
Linking back: The tracking table internally associates each entry with your anonymous UUID, which is necessary for you to view and modify your own entries. The UUID is not displayed to other users. Aggregate output to other users contains no path back to your UUID.
Legal basis: Tracking entries shared to the community aggregate are processed under explicit consent (GDPR Art. 6(1)(a)) and, given the LS context, conservatively also under Art. 9(2)(a). Tracking entries not shared (toggle OFF) are processed under general consent (Art. 6(1)(a)) only.
Withdrawal: You can change the share toggle on any tracking entry at any time. You can delete any tracking entry at any time, either alone (keeping the underlying product save) or together with the product save (when you remove a product from your personal list). Deletion of a tracking entry removes it from the aggregate immediately. See Section 14 for how to exercise these rights.
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
Users in Colorado, Virginia, Connecticut, Utah, Texas, Brazil, Canada, Australia, and other jurisdictions with privacy laws have analogous rights under their respective laws. The Operator honors these rights regardless of jurisdiction; please contact us using the methods in Section 14.
For the most common deletion requests related to product data, the Service provides in-app controls that you can use directly without contacting the Operator:
To exercise any right described above that is not handled by the in-app controls (e.g., right of access, right to data portability, full account deletion, withdrawal of marketing consent, restriction of processing):
The Operator may need to verify your identity before fulfilling sensitive requests (e.g., access or deletion of an account). Verification typically involves confirming control of the email address.
The Operator does not charge a fee for legitimate requests, except in cases of manifestly unfounded or excessive requests (GDPR Art. 12(5)), where a reasonable fee may apply or the request may be refused.
While not a formal data subject right under GDPR, users who notice apparent inaccuracies, miscitations, missed publications, or other quality issues in the AI tool's output are encouraged to email the Operator at [email protected]. The Operator investigates such reports in good faith and may correct the evidence base, prompt, or other aspects of the Service where the report is well-founded. This complements the formal accuracy disclaimer in the Terms of Service Section 13.
If you believe the Operator has violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. Possible authorities include:
The Operator encourages you to contact us first so we can address your concern, but this is not a precondition to lodging a complaint.
The Service is NOT directed at children. The Operator does not knowingly collect personal information from children under the age of 16 (or the higher age of digital consent in your jurisdiction). If you are under 16, do not use the Service. If a parent or guardian becomes aware that a child has provided personal information without consent, they should contact [email protected] for immediate deletion.
The Operator complies with applicable child privacy laws including:
The Operator implements appropriate technical and organisational security measures to protect personal data, including:
Cloudflare's infrastructure includes operational backup of stored data for disaster recovery purposes. Backups are retained according to Cloudflare's standard retention policy and are encrypted at rest. When you exercise your right to erasure (Section 13-14), the Operator deletes the data from the production database immediately; however, backup copies may persist in Cloudflare's encrypted backup systems for up to the next backup retention cycle (typically up to 30 days). Backup data is not actively accessed and is overwritten as part of normal backup rotation. After full backup rotation, no copies of your data remain.
In the event of a personal data breach affecting your data, the Operator will notify the relevant supervisory authority within 72 hours where required by law (GDPR Art. 33), and will notify affected users without undue delay where the breach is likely to result in high risk to their rights and freedoms (GDPR Art. 34). Notifications will include the nature of the breach, categories and approximate number of data subjects and records affected, likely consequences, and measures taken or proposed to address the breach.
Under GDPR Art. 35, a Data Protection Impact Assessment is required when processing is likely to result in high risk to the rights and freedoms of natural persons. The Operator has assessed the processing activities of the Service against the criteria in Art. 35(3) and the EDPB criteria for high-risk processing (WP248):
Considering scale, voluntariness of opt-in, the educational (non-clinical) nature of processing, and the explicit consent basis for any health data, the Operator has determined that a formal DPIA is not currently mandatory. The Operator will reassess this determination if processing activities, scale, or risk profile change materially. The Operator maintains internal records of processing in line with GDPR Art. 30 (Records of Processing Activities) where applicable based on processing scale.
The Service uses AI systems to generate educational responses (see Section 7), but these AI systems do NOT make decisions that have legal or similarly significant effects on you. Specifically:
Under GDPR Art. 22, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Because the AI outputs on this Service do not produce such effects, Art. 22 is not actively triggered. However, you can always request human review of any AI output by contacting the Operator.
For California residents, additional CCPA/CPRA disclosures:
The Operator may update this Privacy Policy from time to time to reflect changes in the Service, in applicable law, or in best practices. Material changes will be communicated via:
Continued use of the Service after a policy update constitutes acceptance of the updated policy. If you do not agree to changes, you must stop using the Service.
For any privacy-related question, request, or concern:
Data Controller: Alessandro Cuggiani
Address (fiscal): Tbilisi, Georgia (country in the South Caucasus)
Status: Individual Entrepreneur with Small Business Status under Georgian law
Email: [email protected]
Service: https://lichensclerosus.ai/
By using lichensclerosus.ai, you acknowledge that you have read, understood, and agreed to this Privacy Policy. This policy operates alongside and is incorporated by reference into the Terms of Service available at /terms/. Together, these documents govern your use of the Service.