Legal

Privacy Policy

Last updated: April 25, 2026

This policy explains what data Dermo ("we", "us") collects, why we collect it, and how we look after it. It applies to the Dermo mobile app and dermo.no.

What we collect

We only collect what we need to provide the service:

  • Account information: Your email address and an encrypted password, or an Apple Sign-In identifier if you sign in with Apple.
  • Skin photographs: Photos you take in the app, along with any notes you choose to add about location and symptoms.
  • Analysis results: The assessments the app gives you, any AI analyses you've ordered, and the reminders you've set up.
  • Device information: Basic technical information such as device type, OS version, and crash logs, so we can keep the app stable.

We do not collect advertising identifiers, location data, contacts, or browsing history.

How we use your data

  • To produce assessments of the photos you take, both the regular check and an AI analysis if you've ordered one.
  • To save your scan history, so you can follow changes over time.
  • To send reminders you've explicitly asked for.
  • To improve the safety and accuracy of the service, only with de-identified data and only when you've opted in.

How your data is stored

Photos and health data are encrypted both in transit (TLS) and at rest. We use Supabase as our backend provider, with infrastructure in the European Union. AI analysis is performed by model providers we have data-processing agreements with, and your photos are never used to train third-party models.

Sharing

We share data only with the service providers needed to run Dermo (hosting, AI analysis, and crash reporting), and only under contracts that meet GDPR requirements. If you've opted in within the app, anonymised data may also be shared with organisations working on skin health research, such as universities, hospitals, and other research partners. We never share identifiable personal data with advertisers or insurance companies.

Your rights

Under GDPR and Norwegian law, you have the right to:

  • Access the personal data we hold about you.
  • Correct any data that is inaccurate or incomplete.
  • Delete your account and all associated data at any time, directly from the app.
  • Export your data in a machine-readable format.
  • Withdraw consent for optional data uses at any time.
  • Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Children

Dermo is not intended for children under 16, and we don't knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

If we make significant changes to this policy, we'll let you know in the app and update the date at the top of the page.

Change of ownership

If Dermo is acquired, merges with another business, or sells its assets, your personal data may be transferred to the new owner as part of the transaction. The new owner will be bound by the same consents you have given, and may not use your data for new purposes without obtaining fresh consent. You'll be notified of the change, and you keep all your rights (access, correction, and deletion) under the new owner.

Contact

Questions about privacy? Get in touch, or send an email to hei@dermo.no.