Privacy Policy

What we log

Each search request records the following:

• –Hashed IP address — your IP is hashed with a rotating salt. The raw IP is never written to disk. Salt rotates every 30 days, making logs from different rotation windows unlinkable.
• –Query string — the ingredient or study topic you searched for (e.g. "retinol", "niacinamide acne").
• –Timestamp — UTC time of the request.
• –Cache hit flag — whether the result was served from cache or required a live API call.

Logs are retained for 30 days, then deleted automatically.

What we do not do

• –We do not use tracking cookies or analytics pixels. The only cookie this site sets is a strictly-necessary admin session cookie (HttpOnly, SameSite=Strict) used solely by the internal admin panel. This cookie is exempt from GDPR consent requirements and from Vietnamese personal data protection regulations under the necessity exemption.
• –We do not load third-party scripts. No Google Analytics, no Facebook Pixel, no advertising networks.
• –We do not correlate hashed IPs across salt rotation windows or attempt to re-identify individual users.

Why we log

• –Abuse detection — rate-limiting automated scrapers and enforcing fair-use limits on our upstream API budget.
• –Product insights— understanding which ingredients and study topics the Twins Skin R&D team and public visitors search most often, to prioritise our review queue.
• –Debugging — diagnosing slow or failed searches by correlating timestamps with upstream API error logs.

Your data

We never sell, share with third parties, or use for advertising the data described above. Because IPs are hashed with a rotating salt, we cannot retrieve or delete a specific user’s records on request — there is no stable identifier to look up. If you have concerns about data handling, contact us at the address below.

Contact

Privacy questions: [email protected]