DermatrixGet started

Privacy

We don't know you.We don't want to know you.

This isn't a legal disclaimer padded with jargon. It's a plain statement of exactly what happens to your data — and what doesn't.

Last updated: May 2026

TL;DR

Your identity

We don't know you. We don't want to know you.

Don't give us your real name. Seriously. Use a pseudonym, a throwaway handle, anything — we have no mechanism to verify it and no desire to.

For your account email, use a non-primary address. Apple's Hide My Email, SimpleLogin, or any alias service works perfectly. The email exists solely to send you your results; we cannot and do not cross-reference it with anything.

The less you tell us about yourself, the better. That is a feature, not a flaw.

Your skin images

Gone in 24 hours. No log. No backup. Full stop.

Every image you upload is stored in an isolated, encrypted temporary store with a hard 24-hour TTL. When the timer expires the object is destroyed — not archived, not moved, not soft-deleted. Destroyed.

There is no backup of your images. There is no access log that retains the image contents. There is no way for us — or anyone — to retrieve a deleted image, because there is nothing left to retrieve.

Analysis happens in memory during your session. Once the diagnosis is written, the image has served its only purpose.

What we keep

Only your S.O.A.P. diagnosis.

After your images are gone, one thing remains: a structured clinical note in S.O.A.P. format. Your note contains no image data, no biometrics, and no identifying information beyond what you voluntarily included in your intake.

What is S.O.A.P.?

S.O.A.P. (Subjective, Objective, Assessment, Plan) is a structured method for writing clinical notes. It was developed in the 1960s by Dr. Lawrence Weed at the University of Vermont as part of his work on the Problem-Oriented Medical Record. Today it is the standard documentation format used by physicians, nurses, physiotherapists, pharmacists, and virtually every other clinical profession worldwide.

The format exists for a single reason: to make sure nothing is missed and that any clinician who picks up the note — whether they are the original practitioner or a colleague seeing the patient for the first time — can immediately understand the full picture of the encounter.

Why doctors use it

  • Consistency — the same four headings appear in every note, in every specialty, in every country.
  • Completeness — the structure forces the clinician to separate what the patient reported (Subjective) from what was actually observed (Objective), preventing bias from bleeding between the two.
  • Communication — a note written by one doctor in one clinic can be read and understood by another doctor in a different country without explanation.
  • Legal and audit trail — a well-formed SOAP note is a defensible record of clinical reasoning, not just a list of actions taken.

Further reading: SOAP note — Wikipedia · SOAP Notes — StatPearls / NIH

Subjective
What you reported — your complaint, symptoms, medications, and skincare routine — in your own words.In a clinic this is what you tell the doctor when they ask "what brings you in today?"
Objective
What the analysis observed from your images during the session.In a clinic this is what the doctor sees, measures, or tests — the physical examination findings.
Assessment
The working diagnosis or differential, expressed in plain language.In a clinic this is the doctor's professional interpretation — what they think is going on.
Plan
Recommended next steps: ingredients to try, ingredients to avoid, when to see a clinician.In a clinic this is the treatment plan: prescriptions, referrals, lifestyle advice, and follow-up.

Third parties

We don't sell, share, or monetise your data.

We use Firebase Authentication to manage account sessions — they see your email address under their own privacy terms.

That is the full list. There is no ad network, no analytics pixel, no data broker relationship. Nothing.

Cookies

One cookie. It keeps you logged in. That's the whole story.

We set exactly one cookie, named dx-token. It holds your sign-in token so that as you move between pages we know your session is still valid and don't make you log in again on every click. It's marked SameSite=Strict, which means your browser never sends it anywhere but this site.

That is the only cookie we use. No advertising cookies, no analytics cookies, no third-party trackers — nothing that follows you around the web. Because that single cookie is strictly necessary to keep you signed in, there is no consent banner to click through: there is nothing to consent to.

Sign out and it is erased immediately. (Firebase Authentication also stores session data in your browser's local storage to remember you between visits — same purpose, same story: it exists to log you in, not to watch you.)

Your rights

Delete everything, any time.

You can request full account deletion at any time. This removes your S.O.A.P. history and your account credentials. Your images are already gone by the time you read this.

There is no retention period to wait out. Deletion is immediate and irreversible.

Contact

Questions about your data?

If something here is unclear, or if you want to exercise a right — deletion, access, correction — open an issue or reach out directly. We will respond.