Privacy Policy

Clearpill provides candid appearance assessments and personalized protocols. This notice explains what we collect, how we process your scans to generate reports and plans, and the limited records we keep to run the service.

Last updated: Oct 22, 2025

Our promise to the Clearpill community

We capture only what's needed to meter usage, validate purchases, and return your results. Scans are processed to produce assessments and protocols—no image editing or filters—and we don't store your photos or outputs after delivery. Partners we rely on must protect your requests just as we do.

We never sell your personal information
Usage meters & transaction IDs auto-delete within 7 days
Photos flow through for processing and aren't stored by Clearpill
What we collect Transaction identifiers, usage meters, error event metadata How it is used Processing scans, enforcing limits, keeping the service reliable Assessment processing Where photos go and how protocols are generated Face data specifics Retention, third parties, and why we process it Your controls Delete data, request copies, or appeal automated actions

What “assessments & protocols” means

In this policy, “assessments & protocols” includes every Clearpill feature that turns your photos into a report (scores, strengths, rationale) and a step-by-step plan. Clearpill does not alter or synthesize images.

Information we collect

Clearpill keeps only the limited information required to meter your usage, validate purchases, and keep the service healthy. We do not maintain personal profiles, nor do we store photos or assessment outputs after a request is fulfilled.

Transaction confirmations

  • Store-issued identifiers: anonymized transaction IDs, plan type, and renewal status supplied by Apple or Google to confirm eligibility. Clearpill does not receive payment card numbers, billing addresses, or personal names from these records.

Usage metering

  • Scan counters: counts of assessments and protocol generations over a rolling seven-day window. These exist only to enforce fair use and aren't linked to personal profiles.

Error diagnostics

  • Event metadata: timestamped error codes or failure states captured when a request cannot be completed. Any request content or identifiers are stripped before the event is stored, and the remaining metadata expires along with the usage counter.

Transient request processing

  • Photos & instructions: face/frame imagery and assessment settings are relayed to our assessment pipeline solely to produce your report and protocol. Clearpill does not retain copies after the response is delivered back to your device.

How we use your information

The limited records we keep serve operational safeguards only. Specifically, we use them to:

  • Verify that a request is associated with a valid store transaction before processing.
  • Apply rate limits so everyone gets fair access to assessments and protocols.
  • Diagnose failures and protect Clearpill from misuse or automated attacks.
  • Meet legal, accounting, or security obligations that require proof of how the service is used.

Our legal bases (where applicable)

  • Contract/legitimate interests: to provide and improve the service and protect it from abuse.
  • Consent: where local laws require it (e.g., optional analytics or notifications).
  • Legal obligation: to comply with law or enforce our terms.

How assessment processing works

Clearpill uses in-house orchestration and vetted assessment infrastructure partners to turn your photos into reports and protocol plans. Face data derived on your device stays local, and partners never receive the biometric signals described in the face data handling section.

  • Report generation (vision models): on-device facial landmarking and posture/framing signals produce category and sub-category scores with plain-English rationale.
  • Protocol planning: your latest report is converted into a prioritized, multi-week plan with tasks and cadence.
  • No image synthesis: Clearpill does not edit, filter, or generate images.
  • Vendor policies: We select partners that commit to strong safeguards and do not instruct them to use your content to train their models, however, we do not and can not guarantee the vendors won't store the parts or all of the data they receive. Some vendors may retain minimal logs for abuse prevention per their own policies. We minimize what we send and review partners regularly.
We limit shared data to what's required for processing and ask partners not to retain or train on user images. If we materially change vendors or processing, we'll update this policy and, when feasible, notify users in-app.

Face data handling

Clearpill treats “face data” (biometric templates, facial landmarks, depth maps, or similar derived signals) separately from the photos you choose to upload. All face data is generated and used locally on your device.

No retention or transmission

We do not transmit or sync face data outside the app. The Clearpill app stores these biometric signals only on your device inside the app sandbox and never copies them to Clearpill servers or third-party services. Platform-level device backups remain under your control; Clearpill does not upload face data to any cloud account.

Why we process it

  • On-device modules momentarily analyze facial geometry to score proportions, skin cues, and posture so we can produce the candid appearance assessment you requested.
  • The same transient measurements help assemble a personalized protocol aligned with that assessment.
  • Face data is not used for advertising, training unrelated models, or any purpose beyond creating your requested report.

How long it exists

Face data is stored locally alongside each scan so you can review reports, compare progress, or regenerate a protocol later. It stays on your device until you delete the individual scan or use Settings → Delete all local data. Clearpill does not maintain a remote copy, so local deletion removes the only stored version.

Third parties

No third parties receive or store face data. Infrastructure partners referenced elsewhere in this policy help us deliver and secure photo uploads, but they only handle the photo files themselves—not the biometric signals the app derives locally. If that ever changes, we will update this section before sharing face data and identify the partner, purpose, and retention period.

Retention & deletion

All data Clearpill stores has a fixed time-to-live (TTL):

  • Transaction confirmations: automatically deleted within seven days after the associated request is processed, unless a longer period is legally required (for example, to satisfy an open refund investigation).
  • Usage meters: scan/protocol counters reset continuously and fully clear within seven days.
  • Error diagnostics: error metadata is kept for at most seven days, then removed.
  • Photos & outputs: imagery and results relayed for processing are not stored by Clearpill after delivery back to your device.

How we share information

We do not sell personal information. The only sharing that occurs is limited to operating the service:

  • Service partners: hosting providers, assessment vendors, and payment processors that support Clearpill. They receive only the minimum information needed for the task at hand.
  • Team members & contractors: Clearpill staff or contractors with a need to know in order to maintain reliability or investigate abuse. Access is logged and limited.
  • Legal reasons: when required by law, court order, or to protect the rights, property, or safety of Clearpill, our community, or others.
  • Business transitions: if Clearpill is involved in a merger, acquisition, or asset sale, we will ensure the successor honors this policy or give you notice before data is transferred.

How we keep information safe

Clearpill uses industry-standard safeguards to protect the limited information we store.

  • Encryption in transit for all traffic between the app, our servers, and assessment partners.
  • Restricted access and logging on infrastructure that hosts transactional and usage metadata.
  • Automated policies that purge records after their seven-day lifetime.
  • Routine security reviews and incident response processes.

No system is flawless. If we ever discover a breach involving your data, we will notify you and the appropriate authorities in line with applicable laws.

Your choices & rights

Because Clearpill does not keep profiles or store your photos/outputs, there is little data to manage. Even so, you can always reach out if you need help.

  • Transparency: ask what transactional, usage, or error metadata is currently associated with your requests. We will confirm and share it, subject to legal requirements.
  • Deletion or restriction: while you can delete local data at any time, the request that we remove remaining hosted metadata sooner than the standard seven-day window, or pause additional processing tied to a transaction is not possible as we retain metadata for a maximum of 7 days to prevent abuse. A 'Delete all local data' option is available in-app where supported.
  • Appeals: contact us if a rate limit or automated decision negatively impacts you. A person will review and respond.

Residents of the European Economic Area, United Kingdom, Switzerland, certain U.S. states, and other regions may have additional rights such as data portability or the right to lodge a complaint with a supervisory authority. We honor applicable requests even when the only data we hold is metadata.

Clearpill does not collect contact emails for marketing and does not send promotional messages.

Children and age requirements

Clearpill is designed for users who are at least 16 years old. We do not knowingly collect information from users under 16. If you believe someone under 16 has provided us with personal data, please notify us and we will remove it promptly.

International data movement

Clearpill may be operated from multiple regions. When data is moved outside your home country, we rely on approved safeguards such as Standard Contractual Clauses or comparable agreements that require partners to protect your information.

Policy updates

We may update this Privacy Policy to reflect new features, service providers, or legal requirements. When we make material changes we will update the “Last updated” date, highlight the change inside the app or release notes, and provide time to review the new terms before they take effect.

Contacting us

If you have questions about this policy, need help with a privacy request, or want to appeal a response, reach out using the details below.

Privacy team

Email us anytime and we will respond within 48 hours, sooner for urgent security matters.

📬 [email protected]