Privacy Policy

Overview

The Skin Code is operated by PixelMatrix (ABN available on request), based in Australia. We are committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy explains what information we collect, why we collect it, how we use it, and your rights in relation to it. If you have any questions, contact us at info@pixelmatrix.com.au.

What we collect

When you use The Skin Code, we may collect the following:

• Name — provided voluntarily during the quiz
• Email address — provided during the quiz, used to send your result and access your dashboard
• Quiz responses — your answers to the 30-question skin archetype assessment
• Skin type — self-reported after the quiz (e.g. oily, dry, combination)
• Hormonal context — self-reported (e.g. on contraception, peri-menopausal, post-natal)
• Routine context — self-reported (e.g. minimal, standard, comprehensive)
• Dopamine Dynamics assessment responses — if you complete this optional assessment
• Technical data — IP address, browser type, device type, and general location (country/city) via Vercel geolocation headers

We do not collect payment information directly. We do not collect sensitive health data beyond the self-reported items above.

Why we collect it

• To deliver your quiz result and skin archetype
• To personalise your protocol dashboard
• To send your result and relevant follow-up communications via email
• To allow you to access your dashboard via a magic link (no password required)
• To improve the accuracy and usefulness of the assessment over time
• To understand where users are located for routing purposes (e.g. directing Australian users to Glow hormone testing)

How we use your information

Your information is used only for the purposes above. We do not sell your data. We do not share it with third parties for marketing purposes.

We may share your data with the third-party service providers listed below, who process it on our behalf:

• Supabase — database and authentication. Data stored on servers in Australia and the United States. supabase.com/privacy
• Vercel — website hosting and edge functions. vercel.com/legal/privacy-policy
• Resend — transactional email delivery. resend.com/privacy

We may in future integrate HubSpot for CRM purposes. If and when this integration is activated, this policy will be updated.

Cookies and session data

We use cookies and browser storage for essential functionality: to maintain your session while logged in, and to remember your consent preferences. We do not use advertising cookies or third-party tracking cookies.

You can decline non-essential cookies via the banner on your first visit. Essential cookies required for authentication and session management cannot be disabled while using the authenticated areas of the site.

Data retention

We retain your account data and quiz results for as long as your account is active. If you request deletion, we will remove your personal data from our systems within 30 days, except where retention is required by law.

Your rights

Under the Australian Privacy Act, you have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your data
• Withdraw consent to receiving marketing communications at any time (unsubscribe links are included in all marketing emails)
• Complain to the Office of the Australian Information Commissioner (OAIC) if you believe your privacy rights have been breached

To exercise any of these rights, email us at info@pixelmatrix.com.au. We will respond within 30 days.

Security

We implement reasonable security measures to protect your personal information from unauthorised access, disclosure, or loss. Authentication is handled via Supabase magic links — no passwords are stored. Data is transmitted over HTTPS.

No data transmission over the internet is 100% secure. If you have concerns about a security incident, contact us immediately at info@pixelmatrix.com.au.

Children

This site is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will remove it promptly.

Changes to this policy

We may update this policy from time to time. The current version will always be available at this URL. For significant changes, we will notify you by email if you have an account with us.