Legal

Privacy Policy

Last updated: April 10, 2026

Dermo ("we", "our", "us") takes your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it. It applies to the Dermo mobile app and the dermo.no website.

What we collect

We collect only what we need to provide the service:

  • Account information: email address and an encrypted password (or Apple Sign-In identifier).
  • Skin photographs: images you choose to upload for analysis, along with optional notes about location and symptoms.
  • Analysis results: the AI risk assessments generated from your photos and any reminders you set.
  • Device information: basic technical data such as device type, OS version, and crash logs to keep the app stable.

We do not collect advertising identifiers, location data, contacts, or browsing history.

How we use your data

  • To run AI analysis on the photos you submit.
  • To save your scan history so you can monitor changes over time.
  • To send reminders you have explicitly opted into.
  • To improve the safety and accuracy of the service (only with de-identified data and only when you opt in).

How your data is stored

Photos and health data are encrypted in transit (TLS) and at rest. We use Supabase as our backend provider, with infrastructure hosted in the European Union. AI analysis is performed by trusted model providers under strict data-processing agreements; your photos are never used to train third-party models.

Sharing

We never sell your data. We share data only with the service providers strictly necessary to run Dermo (hosting, AI analysis, crash reporting), and only under contracts that meet GDPR requirements.

Your rights

Under GDPR and Norwegian law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and all associated data at any time, directly from the app.
  • Export your data in a machine-readable format.
  • Withdraw consent for optional data uses at any time.
  • Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).

Children

Dermo is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We will notify you in the app and update the date above whenever this policy changes materially.

Contact

Questions about privacy? Email us at hei@dermo.no.