Last updated 5 May 2026
The short version
Usha is a personal skincare app. We store your products, routines, and diary entries so you can use them across devices — nothing else. We don’t sell data. We don’t advertise to you. Your servers live in the EU (Frankfurt). Skin conditions are stored separately from your other data, with their own consent and their own delete button. If you use Usha in guest mode, nothing leaves your device.
Who we are
Usha (“we”, “us”) is the data controller for information processed through the Usha mobile app and this website. Contact: hello@usha.app.
What we collect
We separate your data into three tiers and treat each one differently.
1. Account data
Email address, password hash (handled by Supabase Auth), notification preferences, account creation date. Used to let you sign in and to contact you about the service.
2. Cosmetic profile
Skin type (dry, oily, combination, sensitive), products on your shelf, AM/PM routines, diary entries (1–5 ratings and tags). Used to power the app’s features. Not shared with anyone.
3. Health data — skin conditions
Skin conditions (eczema, rosacea, acne, psoriasis, and similar) are treated as health data under Article 9 of the GDPR. They are stored in a separate database table from your cosmetic profile, with their own consent record and their own delete button. We will only store a skin condition after you have given explicit consent at the moment you add it. You can withdraw that consent at any time, which deletes all health data without affecting the rest of your account.
Where your data lives
We use Supabase (Supabase Inc.) as our database and authentication processor. Our project is hosted in the EU region (Frankfurt, eu-central-1). Supabase processes your data on our behalf under a Data Processing Agreement.
Guest mode
You can use Usha without creating an account. In guest mode, all your data lives locally on your device. Nothing is sent to our servers until you create an account and, in the case of skin conditions, give explicit consent.
Beta signup on this website
When you join the beta on this site, we store your email address, the date you signed up, the page you signed up from, and your browser’s user-agent string. We use this to send you one email when the beta opens. We do not add you to a marketing list.
Your rights
Under the GDPR you have the right to access, rectify, delete, and export your data, and to object to processing. You can do all of these from inside the app, or by emailing hello@usha.app. We respond within 30 days.
Cookies
This website uses no analytics, no advertising, and no third-party tracking. We set no cookies of our own. The app sets local storage for your guest data and authentication state — not cookies.
Changes to this policy
If we change this policy, we will update the “Last updated” date above. Material changes will be communicated by email to anyone with an account.