VEYLOLast updated · May 11 2026

Photo Use & AI Policy

Your photo is the single most sensitive piece of data Veylo processes. This page explains exactly what happens to it and how the AI analysis works.

1. Lifecycle of your photo

Default (no opt-in): photos are permanently deleted within 24 hours of upload.

  1. You take a selfie in the browser. Camera access is requested at the start of the scan flow.
  2. Once quality checks pass, the photo is uploaded to Supabase Storage via a signed URL.
  3. Our server fetches the photo and sends it to Anthropic’s Claude Sonnet 4.6 Vision model for analysis.
  4. The model returns a structured JSON analysis. We persist the analysis (skin type, scores, concerns) to our database.
  5. Within 24 hours, the photo is permanently deleted from Supabase Storage. The scan row is flagged photo_purged = true.

Progress Tracking subscribers (opt-in): if you subscribe to Progress Tracking and explicitly opt in at sign-up, we retain your scan photos so the dashboard can show side-by-side visual progress over time.

  • Your consent is recorded at the moment of subscription start.
  • You can cancel Progress Tracking at any time from your account. On cancellation, all retained photos are marked for deletion on the next cleanup run (within 6 hours).
  • You can also delete all retained photos via veylo.beauty/account/data independent of your subscription.
  • Retained photos are stored in Supabase Storage in the EU region with row-level security and short-lived signed URLs. Anthropic does not retain photos after the analysis call.

2. What we never do

  • We do not use your photo to train AI models. Anthropic's API has data-retention policies that exclude commercial API traffic from model training.
  • We do not sell or share your photo with third parties.
  • Without opt-in, we do not retain the photo past 24 hours.

3. How the AI analysis works

We use Claude Sonnet 4.6 Vision (Anthropic) to identify visible skin attributes — type, undertone, barrier indicators, hydration cues, pore visibility, and surface texture. The model returns a structured JSON; our deterministic rule engine then maps that to ingredient and routine recommendations.

The analysis is observational, not diagnostic. Veylo does not detect medical conditions. Always consult a dermatologist for medical concerns.

4. Your rights

Request export or deletion at veylo.beauty/account/data. We respond within 30 days, as required by GDPR (EU) and CCPA (California).

5. Contact

Email privacy@veylo.beauty.