Privacy Policy
Introduction
Welcome to Reflecta.me! At Reflecta.me, we take your privacy seriously. This Privacy Policy explains how SenSec LLC ("we", "our", or "us") collects, uses, and protects your personal information when you use our Reflecta.me application ("Service").
By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.
Who We Are
Reflecta.me is operated by:
SenSec LLC
30 N Gould St Ste N
Sheridan, WY 82801
United States
Information We Collect
Personal Information
We collect the following personal information:
Account Information: When you create an account, we collect your name, email address, and profile picture through our authentication provider (Auth0).
Selfie Images: Our Service allows you to upload selfie images for analysis. These images are stored on our secure servers.
Usage Data: We collect information about how you use our Service, including access times, features used, and device information.
Special Categories of Data
While our Service analyzes facial expressions in selfies to provide wellness recommendations, we do not:
Store or process biometric data for identification purposes
Create permanent facial recognition templates
Score or rank users based on their appearance
Use facial data for any purpose other than providing the Service's wellness analysis
How We Use Your Information
We use your personal information for the following purposes:
To Provide Our Service: Processing your selfies to generate personalized wellness recommendations and creating your Reflecta Card.
To Maintain Your Account: Managing your registration, subscription, and access to our Service.
To Improve Our Service: Analyzing usage patterns to enhance functionality and user experience.
To Communicate With You: Sending you service-related notifications and updates.
To Protect Our Service: Detecting and preventing fraudulent activity and ensuring the security of our platform.
Data Storage and Security
We store your personal data on servers located in the Netherlands and the United States. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
Data Sharing and Third Parties
We are committed to maintaining your privacy and do not sell, trade, or otherwise transfer your personal information to external parties. However, we may share your information with:
Service Providers: We use third-party services to support our operations:
Auth0 for user authentication
OpenAI for image analysis and generating recommendations
Stripe for payment processing and subscription management
These providers have access to your personal information only to perform specific tasks on our behalf and are obligated to maintain its confidentiality. For payment processing, Stripe collects and processes your payment information directly. We do not store your complete credit card details on our servers.
Legal Requirements: We may disclose your information if required by law or in response to valid requests by public authorities.
Legal Basis for Processing (GDPR)
Under the EU General Data Protection Regulation (GDPR), we process your personal data on the following legal grounds:
Contract: Processing necessary for the performance of our contract with you to provide the Service.
Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as analyzing your selfies.
Legitimate Interests: Processing necessary for our legitimate interests, such as preventing fraud, ensuring network security, and improving our Service.
Legal Obligation: Processing necessary to comply with legal obligations to which we are subject.
Your Rights and Choices
You have the following rights regarding your personal information:
Access: You can request a copy of your personal information we hold.
Correction: You can request that we correct inaccurate or incomplete information.
Deletion: You can request that we delete your account and all associated data. You can delete your account directly through the 'Subscription' section in the Reflecta.me application, or by contacting us at privacy@reflecta.me for assistance. Upon such request, we will delete all your personal information within 24 hours, including selfies, analysis results, recommendations, and account information.
Restriction: You can request that we restrict the processing of your personal information.
Data Portability: You can request to receive your personal information in a structured, commonly used format.
Objection: You can object to our processing of your personal data in certain circumstances.
Withdraw Consent: You can withdraw any consent you previously provided for the processing of your personal information.
To exercise these rights, please contact us using the details provided at the end of this policy.
If you are a resident of the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.
California Privacy Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These include the right to know what personal information we collect, the right to delete personal information, the right to opt-out of the sale of personal information (though we do not sell your information), and the right to non-discrimination for exercising your privacy rights.
Cookies and Tracking
Our Service uses cookies and similar tracking technologies to enhance your experience. We use these technologies for the following purposes:
Authentication and security
Remembering your preferences
Analyzing usage of our Service
Managing user sessions
You can set your browser to refuse all or some browser cookies, but this may affect certain features of our Service.
Do Not Track
We respect Do Not Track ("DNT") signals. If your browser transmits a DNT signal, we will not track your browsing behavior on third-party websites.
Children's Privacy
Our Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to remove such information.
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Once your account is deleted, all your personal data will be permanently removed from our systems within 24 hours.
In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, specifically the Netherlands and the United States where our servers are located. These countries may have different data protection laws.
For users in the European Economic Area (EEA), we ensure that such transfers comply with applicable data protection laws. We implement appropriate safeguards such as standard contractual clauses approved by the European Commission to ensure that your data receives an adequate level of protection.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
Data Controller
SenSec LLC is the data controller responsible for your personal information. If you have questions about our data processing practices, including any requests to exercise your legal rights, please contact us using the information below.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
SenSec LLC
30 N Gould St Ste N
Sheridan, WY 82801
United States
Email: privacy@reflecta.me
By using Reflecta.me, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.