Tinch

Privacy Policy

(Datenschutzerklärung)

This Privacy Policy explains how information is processed when you access or interact with this website and its services. Protecting user privacy and handling data responsibly is a priority.

By accessing or using this website, information may be processed as described in this policy.

Effective: April 2026

1. Data Controller

The entity responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Tinch
Berlin, Germany
Email: support@tinch.app

Full legal information can be found in our Impressum.

2. Data We Process

We process only the minimum amount of information necessary to operate, maintain, and improve the service.

Interaction and Operational Data

When users interact with the platform, certain operational and interaction-related information may be processed, including:

  • session identifiers
  • user interactions with the platform
  • messages and inputs submitted through the recommendation interface
  • recommendation-related interactions
  • timestamps of interactions
  • basic operational and security-related information necessary to maintain the functionality and reliability of the service

This information is used to operate the platform, generate recommendations, improve service performance, maintain security, and better understand how the service is used.

User Input

Users may voluntarily provide information through the platform interface. This may include skincare preferences, product-related questions, or other information submitted in order to generate automated recommendations.

The service does not require user accounts and does not require users to provide names or email addresses for standard use.

Users are encouraged not to submit highly sensitive medical information through the platform.

3. Legal Basis for Processing

We process your data on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR): For optional analytics technologies where consent has been provided.
  • Legitimate interest (Art. 6(1)(f) GDPR): For operating and improving the service, ensuring platform security, maintaining platform functionality, and analyzing operational usage patterns necessary for the operation of the service.

4. Cookies and Similar Technologies

This website uses essential technologies required for the operation, security, and reliability of the platform.

The platform may also use analytics technologies to better understand website usage and improve service performance.

Users may manage optional analytics preferences through the cookie settings interface where applicable.

5. Use of External Service Providers

To operate and maintain the service, we use specialized external service providers. These providers may process limited data on our behalf in areas such as:

  • cloud hosting and infrastructure
  • system operations and database storage
  • AI-powered processing to generate product recommendations
  • traffic analysis and service performance measurement

These providers act as data processors under data processing agreements (DPAs) in accordance with Art. 28 GDPR.

Some service providers may be located outside the European Economic Area. In such cases, appropriate safeguards are implemented in accordance with applicable data protection law.

6. Automated Recommendations

The platform uses automated technologies, including machine-learning systems, to analyze product data and user inputs and generate product recommendations.

These recommendations are intended solely to assist users in exploring product options and do not constitute professional, medical, dermatological, or pharmaceutical advice.

No automated individual decisions with legal or similarly significant effects within the meaning of Art. 22 GDPR are made.

7. Data Retention

Personal data is retained only for as long as necessary for the respective processing purposes or as required by applicable legal obligations.

After the applicable retention period expires, data may be deleted or processed in anonymized form.

8. Data Security

Appropriate technical and organizational measures are implemented to protect information against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the internet or method of electronic storage can be guaranteed to be completely secure.

9. Your Rights

As a user within the European Economic Area, you have the following rights under the GDPR:

  • Right of access to your stored data (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure of your data (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR)

Requests related to your data protection rights may be directed to: support@tinch.app

10. Right to lodge a complaint

If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a competent data protection supervisory authority.

11. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect operational, legal, or regulatory developments. Updated versions will be published on this page.

Privacy Policy | Tinch