Your scan photo. When you scan, the photo is resized on your device, sent over an encrypted connection to our server, passed to an AI vision model for cosmetic analysis, and discarded. It is not written to disk, not logged, not used for training, and cannot be retrieved afterward — by you or by us. The same applies to product photos used by match.

A device identifier. A one-way hash derived from an Apple-provided per-device value. It contains no personal information and is used only to enforce the daily free tier. It resets if you reinstall the app.

Anonymous usage counts. So we know which features are used, the app sends plain event counts (e.g. "a scan happened", "a product was tapped"). These are tallied as daily totals with no device identifier attached — they cannot be traced to a person or a phone. No third-party analytics SDK is involved.

Nothing else. No account, no email, no location, no contacts, no advertising identifiers, no third-party trackers.

The guided scan and the apply guide use Apple's ARKit face tracking (which relies on the TrueDepth camera) to locate your face in real time — only to frame the scan and to show where on your face each routine step goes.

What is collected. While the camera is open, ARKit produces face-position and face-geometry data on your device. mori nori reads this live, in memory, on your device only. The single thing that ever leaves your device is a standard 2D photo taken during the scan.

How it is used. The TrueDepth face data is used solely on-device, for real-time guidance — aligning the scan and positioning the apply markers. It is never used to identify or authenticate you. The 2D scan photo is sent to an AI vision model for cosmetic skin analysis, then discarded.

Sharing & disclosure. The TrueDepth face-tracking data is never transmitted to us or to any third party — it does not leave your device. The 2D scan photo is sent only to our AI inference providers (Anthropic, Google) transiently, under no-training API terms, and is shared with no one else.

Retention. The TrueDepth face data is never stored — it exists only while the camera is open. The 2D scan photo is never stored either: it is analyzed in memory and discarded — not written to disk, not logged, not used for training. Only the resulting scores and findings (text, no images) are kept, and those stay on your iPhone.

You can opt in to help build an anonymous skin-outcome dataset — and turn it off anytime. It is off until you choose it.

If you opt in, we keep only pseudonymous skin metrics (scan scores, the types and severity of findings, your routine, and capture quality) and product interactions (which items you tapped or marked as used). Nothing else.

Never a photo. Never your name, email, or an account — there isn't one. This data is keyed only to the device identifier above, is not linked to your identity, and is not sold. We use it to surface which routines tend to help which skin types — shown only as aggregates across many people, never as anything traceable to you.

It is revocable anytime: tap Delete my data in settings and your contribution is erased from our servers.