Privacy Policy

1. Who We Are

SEREN MAISON LIMITED (Company No. 17137032) is a UK-based house of brands comprising SEREN Beauty, SEREN Home, trading as SEREN.

We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC115971.

If you have any questions about this policy, you can contact us at info@serenmaison.co.uk.

2. What Data We Collect

• Account information. Name, email address, password (encrypted)
• Skin profile. Skin type, concerns, and preferences you provide
• Scan history. Ingredient scan results, stored locally on your device
• Order information. Delivery address, order history, payment confirmation
• Device information. Device type, operating system, browser version
• Usage data. Pages visited, features used, time spent in app

3. How We Use Your Data

• Personalise your skin analysis. Tailor recommendations to your skin profile
• Recommend products. Suggest products suited to your skin type and concerns
• Process orders. Fulfil purchases, arrange delivery, handle returns
• Send confirmations. Order receipts, dispatch notifications, account updates
• Marketing. Promotional emails and offers, only with your explicit consent
• Improve our app. Analyse usage patterns to enhance features and performance

4. Legal Basis

We process your data under the following legal bases as defined by UK GDPR:

• Contract. Processing necessary to fulfil your orders and provide our services
• Consent. Marketing communications, optional data collection (you can withdraw at any time)
• Legitimate interest. Improving our products, preventing fraud, ensuring security

5. Data Sharing

We do NOT sell your personal data. Ever.

We only share data with the following trusted partners, strictly for operational purposes:

• Stripe / PayPal. To process payments securely
• Fulfilment partners. Name and delivery address only, to ship your orders
• Gmail SMTP. To send transactional and marketing emails
• Anthropic PBC. To run the AI vision model that powers Skin Intelligence. Your image is processed in transit and not retained by them or by us. See section 9 for the full account.
• Google LLC (Gemini). Used by some legacy app-based skin scans on the same terms as above. The in-app screen states which model is in use.

6. Data Storage & Security

• Skin profile data. Stored locally on your device, not on our servers
• Order data. Stored on secure EU-based servers
• Payment data. Handled entirely by Stripe and PayPal; we never see or store your card details
• All connections. Protected with HTTPS/TLS encryption

7. Data Retention

• Account data. Retained until you delete your account
• Order records. Retained for 6 years as required by UK tax law
• Scan history. Stored locally on your device; deleted when you clear app data
• Marketing preferences. Retained until you unsubscribe

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Access. Request a copy of all data we hold about you
• Rectification. Correct any inaccurate or incomplete data
• Erasure. Request deletion of your personal data
• Restriction. Limit how we process your data
• Portability. Receive your data in a portable format
• Object. Object to processing based on legitimate interest
• Withdraw consent. Revoke any consent you have previously given

To exercise any of these rights, email us at info@serenmaison.co.uk. We will respond within 30 days.

9. Automated Decision-Making (AI Skin Analysis)

Our Skin Intelligence feature (available on our website at /skin and inside the SEREN MAISON app) uses artificial intelligence to analyse photos of your skin and recommend products. This involves automated decision-making under UK GDPR Article 22, and the image itself is special-category biometric data under Article 9.

What we do: When you submit an image, it is transmitted in transit to our AI analysis processor and examined to return a written analysis (per-parameter scores, narrative, recommended routine and products). The photograph itself is not stored on our servers. We retain only the structured results.

Our processor: The vision model is operated by Anthropic PBC under a data processing agreement. Anthropic processes the image solely to return the analysis and does not use it to train their models. Some app-based scans may instead be routed to Google (Gemini) under equivalent terms — the in-app screen will tell you which.

What we retain: Per scan we keep the analysis results, your declared age, the AI's detected Fitzpatrick value, the overall score, the list of recommended SKUs, your browser user-agent, and a pseudonymised one-way hash of your IP address (SHA-256 with a private salt — we cannot reverse it to your IP). We do not retain the photograph, your name, or your email address unless you separately submit them.

Lawful basis: Article 6(1)(a) consent for processing the image (you confirm consent on the introductory screen each time), and Article 9(2)(a) explicit consent for the biometric category. You may withdraw at any time by closing the page or deleting the app.

Your rights:

• Request human review of any AI-generated analysis by emailing info@serenmaison.co.uk
• Object to automated decision-making at any time
• Contest the analysis and provide additional information
• Delete your scan history at any time from your account page (app-based scans) or by emailing us (web-based scans, referencing the approximate date and time)

Data retention: The photograph is processed in memory only and deleted immediately after analysis. Structured results and the pseudonymous IP hash are retained for up to 24 months for aggregate quality monitoring and abuse prevention, then deleted.

Rate limiting: Anonymous web users are limited to five scans per IP per 24 hours to keep the service available and to prevent automated abuse. Account holders are not subject to this limit.

Limitations: AI skin analysis is for cosmetic guidance only and is not a substitute for professional dermatological advice.

10. Cookies

We use essential cookies only. Those required for the website and app to function correctly (e.g. session management, authentication).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Children's Privacy

SEREN MAISON is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or a prominent notice on our website. We encourage you to review this page periodically.

13. Complaints

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO). Our ICO registration number is ZC115971 (valid until 4 April 2027).

• Website. ico.org.uk
• Telephone. 0303 123 1113

SEREN MAISON LIMITED · Company No. 17137032 ·