Privacy Policy — Klimate

The short version

Klimate collects the minimum data needed to make your skincare protocol smarter. We do not sell your data. We do not run ads. We do not share your skin diary, photos, or health information with third parties for marketing. Element learns from your patterns to serve you, not advertisers.

Who we areKlimate LLC, a Missouri limited liability company. Contact: hello@tryklimate.com

What we collect

Account information

Email address (waitlist signup, account creation, login)
Display name and optional nickname
Password (stored as a salted hash via Supabase Auth — we never see your plaintext password)
If you sign in with Apple: the Apple-provided identifier and the email you choose to share (real or relay)

Climate and location data

Your zip code or coarse location, used to fetch live environmental data from OpenWeatherMap
We do not track your continuous GPS location and we do not store a movement history

Skin and routine data

Onboarding quiz answers (skin type, concerns, sensitivities)
Skin diary entries — mood, notes, observations you choose to log
Optional skin photos you take or upload through the app
Which protocols Element generated for you and which Drops you used

Subscription and payment data

Subscription status, plan type ($6.99/mo Klimate Pro, Founding 100 lifetime pricing, etc.)
Payments are processed by Apple (in-app) or Stripe (web). Klimate never sees or stores your full credit card number.

Technical data

Device type, operating system version, app version, crash logs
Anonymous usage analytics to help us fix bugs and improve the app

How we use your data

To run the Klimate app and Element AI — generating your daily Climate Score and protocol
To improve Element's accuracy as it moves through Phase 1 (rule-based), Phase 2 (per-user AI protocols at 500 users), and Phase 3 (cross-user models at 5,000 users)
To send you transactional emails (account, subscription, shipping when Drops launch)
To send you marketing emails only if you opted in — you can unsubscribe anytime
To detect fraud and protect the security of the platform
To comply with legal obligations

Element AI and your data

Element is the AI layer inside Klimate. It reads your environment and your skin history to write protocols that are specific to you. Here's how that works at each phase:

Phase 1 (today): Rule-based scoring. Your data stays in your account. No machine learning is applied.
Phase 2 (at 500 users): Element generates personalized protocols using your conditions, skin type, and diary history. Per-user adaptation only — your data is not pooled with other users.
Phase 3 (at 5,000 users): Federated and aggregated learning. We may use de-identified, aggregated patterns across the user base to improve protocols. You can opt out of cross-user model training in your Privacy settings at any time. Your individual diary entries, photos, and identity are never shared.

Who we share data with

We share only the minimum needed to operate Klimate, with vendors bound by data-processing agreements:

Supabase — authentication and database hosting
OpenWeatherMap — receives your zip code to return climate data; does not receive your identity
Formspree — waitlist email collection on tryklimate.com
Apple — App Store, Sign in with Apple, in-app purchases
Stripe — web payments (when applicable)
Render / Netlify — backend and website hosting

We do not sell your personal information. We do not share your data with advertisers. We do not run behavioral ad networks.

Your rights

You have the right to:

Access a copy of the data we hold about you
Correct inaccurate data
Delete your account and your data (some records may be retained for legal or fraud-prevention purposes)
Export your skin diary and protocol history
Opt out of any future cross-user model training
Withdraw marketing consent

To exercise any of these rights, email hello@tryklimate.com. We will respond within 30 days.

California, EU, and other regional rights

If you live in California (CCPA/CPRA), the European Union (GDPR), the United Kingdom, or another jurisdiction with specific privacy laws, you have additional rights including the right to know, the right to delete, the right to portability, and the right to non-discrimination for exercising your rights. The contact above applies to all such requests.

Children

Klimate is not intended for children under 13, and we do not knowingly collect data from anyone under 13. Users between 13 and 18 should have a parent or guardian review this policy.

Data retention

We keep your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (for example, transaction records for tax purposes).

Security

We use industry-standard security: encrypted connections (TLS), hashed passwords, encrypted database storage, and access controls. No system is perfectly secure, and we cannot guarantee absolute security, but we take reasonable steps to protect your data.

Changes to this policy

If we make material changes to this policy, we will notify you by email or in-app before the changes take effect. The "Effective" date at the top of this page will always reflect the most recent version.

Contact

Questions about this policy or your data? Email hello@tryklimate.com.