Data Protection Notice
Last updated: January 2026
This Data Protection Notice summarizes how Sima Labs processes the personal data of people who use the SİMA service, in line with GDPR transparency requirements (Art. 13/14). For full details see the Privacy Policy.
1. Data controller
Your data is processed by Sima Labs as data controller. Contact: support@simalabs.app; our postal address is on the Contact page.
2. Data, purposes and legal bases
Phone number — SMS authentication (contract performance, Art. 6(1)(b); legitimate interests, Art. 6(1)(f)). Face photos & derived measurements — special-category biometric data used for aesthetic analysis and improvement suggestions, processed only on your explicit consent (Art. 9(2)(a)). Security records — sign-in/session/consent logs for security and proof. Usage analytics — anonymous by default, linked to your account only with optional consent.
3. Recipients and transfers
Data may be shared, only as necessary and with safeguards, with: Supabase (database, storage, authentication), Vercel (hosting), Anthropic (report + beard detection; front photo processed), Google Gemini (potential-look image generation; photo processed), PostHog (anonymous analytics, EU servers) and Paddle (payment; card data handled by Paddle). International transfers rely on appropriate safeguards (e.g. Standard Contractual Clauses).
4. Retention
Biometric data is kept only for as long as the analysis requires and is deleted/destroyed without delay once you withdraw consent or delete your account. Other data follows statutory retention periods.
5. Your rights & contact
You may exercise your GDPR rights (access, rectification, erasure, restriction, objection, portability), withdraw consent at any time, and lodge a complaint with a supervisory authority. Contact support@simalabs.app.